What is the main focus of this skill?

It focuses on rounding issues and exploit vectors in ERC20 tokens and when to apply a dedicated checklist during reviews.

How is this different from ERC721 security reviews?

It adds ERC20-specific patterns (rounding, allowances) and contrasts them with ERC721 differences to reveal cross-token security implications.

Should this be used in production audits?

Yes, as part of a broader security review of ERC20 interactions in DeFi and token integrations.

erc20-differences-checklist

npx machina-cli add skill mnedelchev-vn/solidity-defi-claude-skills/erc20-differences-checklist --openclaw

Files (1)

SKILL.md

428 B

Rounding issues and exploits analysis

TODO

When to Use

TODO

When NOT to Use

TODO

Examples of differences and issues with ERC721 tokens

Case 1: TODO

Additional Analysis

Beyond the patterns above, apply your full security knowledge to identify any related issues not covered here for the topic of this particular skill.

Source

git clone https://github.com/mnedelchev-vn/solidity-defi-claude-skills/blob/master/skills/erc20-differences-checklist/SKILL.md

View on GitHub

Overview

Based on the skill’s focus on rounding issues and exploits analysis, this guide highlights common ERC20 rounding risks and potential exploits. It also points out when to apply the checklist and how ERC20 patterns can differ from ERC721 in security reviews.

How This Skill Works

Reviewers inspect ERC20 token implementations for rounding behavior in transfers, allowances, and fees, then map findings to known vulnerability vectors. It emphasizes comparing ERC20 patterns to ERC721 differences to reveal cross-token security issues.

When to Use It

Auditing ERC20 token contracts for rounding errors in transfers and fees
Reviewing approve/transferFrom flows to guard against allowance risks
Integrating ERC20 tokens into DeFi protocols where precision matters
Assessing token forks or upgrades that may alter decimals or rounding behavior
Comparing ERC20 behavior with ERC721 differences to spot security gaps

Quick Start

Step 1: Identify the ERC20 token, its decimals, and any rounding-sensitive transfer logic
Step 2: Audit transfer, transferFrom, and approve flows for rounding and race conditions
Step 3: Compare ERC20 patterns with ERC721 differences to surface cross-token risks

Best Practices

Document token decimals early and establish a consistent rounding policy
Audit all math operations for edge cases involving small amounts or dust
Prefer explicit rounding semantics and avoid implicit truncation
Be mindful of the ERC20 approve race condition; apply zeroing-before-set when possible
Cross-check ERC20 patterns with ERC721 differences to surface cross-token risks

Example Use Cases

Rounding artifacts in transfers causing dust balances due to insufficient precision
Allowance race condition where changing approvals enables double-spend vectors
Fractional fee calculation leading to slight imbalances over repeated transfers
Non-standard decimals implementation causing mismatches in integrated protocols
Security gaps identified when comparing ERC20 patterns to ERC721 operator approvals

Frequently Asked Questions

Add this skill to your agents