A group of researchers from Stanford has proposed a concept for new Ethereum token standards—ERC-20R and ERC-721R. They are designed to enable reversibility of a transaction in the event of asset theft.
Billions in crypto stolen. If we can’t stop the thefts, can we reduce the harmful effects?
Over recent months, a couple other @Stanford researchers and I drew out and prototyped ERC-20R/721R to support reversible transactions on #Ethereum.
See post & 🧵:https://t.co/38Hs0F9goU
— kaili.eth (@kaili_jenner) September 24, 2022
Under the proposal, governance of a smart contract would be carried out by a ‘decentralized structure’ via voting. The victim can provide evidence and request a freeze of stolen assets, after which a quorum will render a decision.
4/ Step 2: The decentralized court of judges quickly vote to either accept or reject the freeze, based on preliminary evidence.
— kaili.eth (@kaili_jenner) September 24, 2022
“If the reversal of [the transaction] is agreed, the frozen funds are sent back to the victim. Justice is restored,” wrote one of the researchers, Kaili Wan.
7/ Step 5 (last step): If reversal was agreed upon, the frozen funds are sent back to the victim. Justice is restored.
(See green in example transaction graph below) pic.twitter.com/spwI4kff6g— kaili.eth (@kaili_jenner) September 24, 2022
The idea, she noted, is merely a proposal for discussion. In her words, this is not an initiative to turn irreversible transactions reversible.
“This is a discussion about a new potential type of token, first proposed four years ago,” she added, revisiting Vitalik Buterin’s 2018 post.
Gonna mass-address other comments:
— If you think this is an incomplete solution, you’re entirely correct. Our paper provides some pieces of the puzzle (focuses on the mechanics), but we mention many open questions surrounding decentralized gov. That space needs work.— kaili.eth (@kaili_jenner) September 25, 2022
The idea was not well received by the community, who noted that it contradicts the essence of cryptocurrency. CEO of Streams, Kieran Daniels, called it ‘incredibly bad’.
This is an incredibly bad idea that won’t work and against the entire point of cryptocurrency.
— kierandaniels.eth (@kieran_eth) September 24, 2022
Representatives of the mobile Ethereum wallet Argent noted that the problem could be addressed by other solutions that keep crypto truly permissionless: native account abstraction and the mass adoption of smart contract wallets
it’s an interesting idea but can be solved through other means that keep crypto truly permissionless: native account abstraction and the mass adoption of smart contract wallets
we can do things like:
— fraud monitoring
— multisig for everyone
— social recovery— Argent (@argentHQ) September 25, 2022
Co-founder Tornado Cash Roman Semenov expressed concerns about reversibility of transactions and compatibility with decentralized applications.
So how does this work when an attacker steals ERC-20R and cashes out to ETH via a DEX in the same transaction? Or ERC-20R will be incompatible with the current DeFi ecosystem? https://t.co/n5pN82ZBBe
— Roman Semenov 🌪️ (@semenov_roman_) September 25, 2022
“So, how does this work when an attacker steals ERC-20R and cashes out ETH through a decentralized exchange (DEX) in the same transaction? Or will ERC-20R be incompatible with the current DeFi ecosystem?”, he asked.
In September, attackers stole about $3.3 million in cryptocurrency from Ethereum users who generated addresses via the Profanity tool.
The issue was first spotted on GitHub as early as January, but it became widely known thanks to the 1inch Network team.
Later the exploit was used to steal $160 million from market maker Wintermute.
On September 26, PeckShield analysts recorded the theft of ~732 ETH ($950,000) from an Ethereum address created using the Profanity generator.
Read ForkLog’s Bitcoin news in our Telegram — cryptocurrency news, prices and analysis.