ERC-20: The Standard Behind Every Token (And Scam)
USDC, SHIB, PEPE, and that rugpull you bought - all ERC-20s. Here's how a simple standard created a trillion-dollar token economy.
Dive Deeper with AI
Click → prompt copied → paste in AI chat
There are over 400,000 tokens on Ethereum.
Stablecoins. Governance tokens. Meme coins. Utility tokens. Scam tokens.
They all follow the same standard: ERC-20.
It's 6 functions and 2 events. That's it. And it changed finance forever.
What is ERC-20?
ERC stands for "Ethereum Request for Comment." It's a proposal process for Ethereum standards.
ERC-20 was proposed in 2015 by Fabian Vogelsteller. It defines a common interface for fungible tokens.
"Fungible" means interchangeable. One USDC equals another USDC. One of your DAI is identical to one of my DAI.
Before ERC-20, every token had different code. Wallets and exchanges had to build custom integrations for each token.
After ERC-20? Any wallet that supports the standard supports ALL ERC-20 tokens automatically.
This is why there are 400,000+ tokens. Because creating one is trivial.
The 6 functions
That's all an ERC-20 needs:
totalSupply() - How many tokens exist?
balanceOf(address) - How many tokens does this address have?
transfer(to, amount) - Send tokens to someone.
approve(spender, amount) - Allow someone else to spend your tokens.
allowance(owner, spender) - How much can this spender use?
transferFrom(from, to, amount) - Move tokens using an allowance.
Plus two events to log transfers and approvals.
That's it. Everything else is optional. Every token from USDT to that random shitcoin your friend shilled follows this.
Why approvals are dangerous
Here's where it gets interesting.
When you use a DEX, you don't just transfer tokens. You first "approve" the DEX to spend your tokens.
"Allow Uniswap to spend unlimited USDC" - you've probably clicked this.
What you did: gave Uniswap's contract permission to move your USDC. Forever. In unlimited amounts.
This is necessary for the DEX to work. But it's also a massive attack vector.
If that contract gets hacked? They can drain your tokens. If you approved a scam contract? They can drain your tokens. If the protocol rug pulls? They can drain your tokens.
Check your token approvals. Revoke ones you don't need. Seriously.
Creating a token takes 10 minutes
This is simultaneously beautiful and terrifying.
The barrier to creating a token is near zero. Open Remix. Copy-paste ERC-20 template. Deploy. Done.
Cost? A few dollars in gas.
Technical skill needed? Minimal.
This democratizes token creation. Anyone can launch a token for any purpose.
It also means anyone can launch a scam. And they do. Constantly.
99% of tokens go to zero. Many were designed to go to zero after extracting value from buyers.
Low barrier to entry is a feature AND a bug.
Common token red flags
Mint function without limits. The owner can create unlimited tokens, diluting yours to zero.
Pause function. Owner can freeze all transfers. Including yours.
Blacklist function. Owner can prevent specific addresses from transferring. Are you sure you won't be on that list?
Transfer fees. Some tokens take a cut of every transfer. Buy a token, lose 10%. Sell it, lose another 10%.
Honeypot code. You can buy. You can't sell. The code literally prevents it.
These aren't always evil. USDC has pause and blacklist (for regulatory compliance). But you should know what you're buying.
Always check the contract. Or use tools that check for you.
The infinite approval problem
By default, DeFi apps ask for unlimited approval.
"Approve USDC: Maximum"
Why? It's cheaper for users. One approval, unlimited future transactions.
But it means every approved contract has permanent access to that token in your wallet.
Better practice:
- Approve only what you need for that transaction
- Use tools like Revoke.cash to see and revoke approvals
- Use a separate "DeFi wallet" with only what you're actively using
Most people won't do this. Most people have dozens of unlimited approvals sitting around.
Beyond ERC-20
ERC-20 is for fungible tokens. But there are other standards:
ERC-721 - Non-fungible tokens (NFTs). Each token is unique.
ERC-1155 - Multi-token standard. Can do both fungible and non-fungible in one contract.
ERC-4626 - Tokenized vaults. Standardizes yield-bearing tokens.
And many more. But ERC-20 remains the foundation. Everything builds on it.
The token taxonomy
Not all tokens are the same. Roughly:
Stablecoins (USDC, DAI, USDT) - Pegged to $1, used for trading and payments.
Governance tokens (UNI, AAVE) - Voting rights in protocols.
Utility tokens (LINK, GRT) - Used to pay for services in their ecosystems.
Wrapped tokens (WETH, WBTC) - Other assets wrapped as ERC-20s.
Meme tokens (DOGE, SHIB, PEPE) - Pure speculation and community.
Scam tokens - 99% of launches.
Understanding what category you're buying helps set expectations.
The bottom line
ERC-20 is just a technical standard. It doesn't make a token valuable, safe, or legitimate.
The standard enables:
- Trillion-dollar stablecoins
- Innovative DeFi protocols
- Meme coins that make millionaires
- Scams that steal billions
Same code. Different outcomes.
Before buying any ERC-20:
- What does the token actually do?
- Who controls the contract?
- What functions exist? (mint, pause, blacklist)
- What approvals will you need to give?
- Is there any actual demand for this token?
The standard is simple. The evaluation is not.
But hey, at least your wallet can display them all.
Next: ERC-721 and NFTs - when every token is a special snowflake.