SC-001 - Pausable ERC20 Tokens - Thoughts and Ideas

*Published: 2023-06-27* *Simple pre-minted ERC20 with a supply cap and admin functions to pause transfers.* ## Overview Supremacy's token generation event (TGE) required the team to allow users to receive airdropped tokens (SUPS), but not be able to trade them through decentralised exchanges (DEXes) until the pools were setup first by the administrators. The simplest way to do this is to have a "paused" flag that blocks transfers, until switched on by the admin. ## Approach A standard ERC20 token was deployed by extending OpenZeppelin's ERC20 library. An additional function was added, only callable by the contract's owner. ```solidity // setTransferable when platform is ready to allow users to transfer function setTransferable(bool _transferrable) public onlyOwner { transferrable = _transferrable; emit SetTransferrable(_transferrable); } ``` Before transferrable is set to true, only the contract owner can transfer tokens. After transferrable is set to true, anyone can transfer. This is done via overriding the `_beforeTokenTransfer` hook. ```solidity // _beforeTokenTransfer allows owner to transfer if the flag isn't set yet function _beforeTokenTransfer( address from, address to, uint256 amount ) internal virtual override { super._beforeTokenTransfer(from, to, amount); if (msg.sender != owner()) { require(transferrable, "transfers are locked"); } } ``` ## Benefits ERC20 tokens are very common and is a battle-tested standard for several years. People trust and are familiar with interacting with ERC20 tokens and the majority of DeFi projects support them. Introducing pausable functionality in the token gives us some breathing room when deploying a new contract, not to mention prevent bots attacks. A common attack are bots that watch the mempool for token creation events, and front-run the admin's attempt to create the liquidity pools themselves. The first person who creates a liquidity pool (which is usually the first person that gets the ability to transfer the ERC20) gets to set the price of the token. ## Challenges Introducing pausable tokens creates centralisation risk, increasing the risk profile of the token as one that is less trustless than a "pure" ERC20. Funds can not be stolen, however, and tokens can only be paused, not confiscated. Also pausing happens contract wide, meaning there is not specific "blacklist" causing individuals to be at risk. ## References - [ERC20 fungible token standard](https://eips.ethereum.org/EIPS/eip-20) - [Deployed contract (BSC)](https://bscscan.com/address/0xc99cfaa8f5d9bd9050182f29b83cc9888c5846c4) - [Supremacy](https://supremacy.game/) - [OpenZeppelin's ERC20 library](https://docs.openzeppelin.com/contracts/4.x/erc20)