Simple code to Build the XRC223 token Secure.
This article will lead you to build the basic XRC223 token smart contract that focuses on security.
XRC223 is a token standard that allows token transfers to behave precisely as XDC transactions. XRC223 utilizes event handling (considers a transaction an event) to prevent tokens from being lost in unhandled transactions. This improved standard resolves the XRC20 critical bug by making the transfer function throw an error on invalid transfers and canceling the transaction, so no funds are lost. In short, XRC223 focuses on security.
Why do we need XRC223?
The XRC223 avoids sending the token to the wrong smart contract address that was sent accidentally.
Have you had any experience sending a message to the wrong guy before?
I believe most of the people’s answer is “yes”. In XinFin, we don’t send messages, but send tokens.
In case, you send a token to any random wrong wallet address, in the XDC Network you may still have the chance to find that person, and beg him/her to return. But there are not only wallet addresses but also many smart contract addresses in XDC Network which can not be requested to return. And sadly thing is: It is hard to recognize between wallet address and smart contract address.
What will happen if you send the token to the smart contract address, and that smart contract doesn’t have any process to handle it?
Many token smart contracts were made by XRC20. If you send your token to a smartcontract address, your tokens are lost permanently and no one will have access to that token is the problem of XRC20.
To avoid sending the token to the wrong address or to the smart contract address, we need the XRC223 standard.
What does XRC223 do exactly?
Every XRC223 smart contract needs to implement one function, tokenFallback. A smart contract needs to call the tokenFallback function while it receives the token. It will make a transaction or deployment fail if the XRC223 smart contract doesn’t implement the tokenFallback function.
We can customize the content of tokenFallback.
Basically, we can design it in two patterns.
1) Not allowed to receive a token in the smart contract. The transaction will fail while the smart contract receives the token.
2) Do something while the smart contract receives the token. like, counting the total amount of tokens while the smart contract receives tokens.
How to build the XRC223?
Here is the basic XRC223 type smart contract, CanReclaimToken.sol in version 1.9.X. It is still worth reference although this version is out of date.
According to the different patterns as above, here is the source code.
# contracts/mocks/XRC223ContractHasRevert.solcontract XRC223ContractHasRevert is CanReclaimToken {/*** @dev Reject all XRC223 compatible tokens* @param from_ address The address that is transferring the tokens* @param value_ uint256 the amount of the specified token* @param data_ Bytes The data passed from the caller.*/function tokenFallback(address from_, uint256 value_, bytes data_) external {from_;value_;data_;revert(); // this line will make transaction fail}}
The last line code is
revert();This code will make the transaction fail. Be careful, we still need to pay the gas although the transaction fails even though the gas fee on XDC Network is near zero.
Will count the total amount of tokens that the smart contract received
# contracts/mocks/XRC223ContractHasTokenFallback.solcontract XRC223ContractHasTokenFallback is CanReclaimToken {using SafeMath for uint256;uint256 public total_amount = 0;/*** @dev accept all ERC223 compatible tokens* @param from_ address The address that is transferring the tokens* @param value_ uint256 the amount of the specified token* @param data_ Bytes The data passed from the caller.*/function tokenFallback(address from_, uint256 value_, bytes data_) external {total_amount = total_amount.add(value_);}/*** @dev count total amount of token*/function getTotal() public view returns(uint256){return total_amount;}}
The smart contract will count the total amount of tokens that it receives. We can get the total amount of tokens while we call the getTotal function
For any support, connect via XDC Network’s Social media communities on Slack, Twitter, and Discord.
