{"id":5004,"date":"2025-06-28T08:33:46","date_gmt":"2025-06-28T16:33:46","guid":{"rendered":"https:\/\/test.crowetic.com\/?p=5004"},"modified":"2025-06-28T08:33:48","modified_gmt":"2025-06-28T16:33:48","slug":"what-is-a-token-and-what-is-an-evm-token-the-answer-may-surprise-you-it-certainly-did-me","status":"publish","type":"post","link":"https:\/\/test.crowetic.com\/index.php\/2025\/06\/28\/what-is-a-token-and-what-is-an-evm-token-the-answer-may-surprise-you-it-certainly-did-me\/","title":{"rendered":"What is a &#8216;token&#8217; and what is an EVM &#8216;token&#8217;? The Answer May Surprise You! (It Certainly Did Me!)"},"content":{"rendered":"\n<p>(Honestly&#8230; it was only fairly recently that I realized what I always called &#8216;nonsense tokens&#8217;, are MUCH MORE NONSENSE than I ever could have imagined! The &#8216;crypto space&#8217; needs legitimacy SO BADLY. The <strong><u>Time for Qortal is past due<\/u><\/strong>.)<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">ERC-20 \u201cTokens\u201d Are Contracts, Not Assets<\/h3>\n\n\n\n<p>That&#8217;s right, you heard me&#8230; in <strong><u>Ethereum<\/u><\/strong> <em>(and ALL &#8216;EVM&#8217; nonse&#8230;ermm&#8230; clones&#8230;)<\/em>:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A <strong><u>token<\/u><\/strong> is NOT a \u201cthing\u201d \u2014 it\u2019s just a contract that <em><u>claims<\/u><\/em> to track balances.<\/li>\n\n\n\n<li>There\u2019s <strong>no native concept of an asset<\/strong> beyond ETH itself.<\/li>\n\n\n\n<li>If a dev screws up <code>transfer()<\/code> logic, or adds a backdoor in <code>approve()<\/code>, you get a <strong><u>malicious &#8220;token&#8221;<\/u><\/strong> that can:\n<ul class=\"wp-block-list\">\n<li><strong>Freeze funds<\/strong>. (<em>Yup, literally!<\/em>)<\/li>\n\n\n\n<li><strong>Change your balance.<\/strong> (As in&#8230; <em>all of a sudden the balance<\/em><strong><em> IN YOUR WALLET<\/em><\/strong><em> is <\/em><strong><em>no longer what it <u>was legitimately<\/u> before<\/em><\/strong><em>!<\/em>)<\/li>\n\n\n\n<li><strong>Drain your wallet<\/strong> with clever allowances. (<em>I thought this was <u>a blockchain<\/u>!? O_o?)<\/em><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">This is exactly why:<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Reentrancy attacks<\/strong> exist.<\/li>\n\n\n\n<li>You need <strong>formal audits<\/strong> before using a basic swap.<\/li>\n\n\n\n<li><strong>Flash loan exploits<\/strong> can wipe entire protocols in a single atomic call.<\/li>\n<\/ul>\n\n\n\n<p>It&#8217;s programmable finance, but with <strong>zero standard enforcement beyond conventions<\/strong>, and no native guarantee of anything.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\">Research Links<\/h5>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Eploiting &#8216;approval&#8217; <\/strong>(nonsense that shouldn&#8217;t be needed, but is because it isn&#8217;t a native asset) &#8211; <a href=\"https:\/\/medium.com\/mycrypto\/bad-actors-abusing-erc20-approval-to-steal-your-tokens-c0407b7f7c7c\">https:\/\/medium.com\/mycrypto\/bad-actors-abusing-erc20-approval-to-steal-your-tokens-c0407b7f7c7c<\/a><\/li>\n\n\n\n<li>Breakdown of how <strong>a business-logic flaw in &#8216;token + factory&#8217; interaction drained 450k<\/strong> &#8211; <a href=\"https:\/\/www.quillaudits.com\/blog\/hack-analysis\/veth-token-450k-exploit-analysis\">https:\/\/www.quillaudits.com\/blog\/hack-analysis\/veth-token-450k-exploit-analysis<\/a><\/li>\n\n\n\n<li><strong>Token Exploit that allowed infinite token mint <\/strong>&#8211; <a href=\"https:\/\/sdlccorp.com\/post\/security-challenges-in-erc-20-tokens-identifying-and-addressing-vulnerabilities\/\">https:\/\/sdlccorp.com\/post\/security-challenges-in-erc-20-tokens-identifying-and-addressing-vulnerabilities\/<\/a><\/li>\n\n\n\n<li>Post Explaining <strong>many security issues with the ERC-20 Standard<\/strong> &#8211; <a href=\"https:\/\/dexaran820.medium.com\/security-problems-of-erc-20-standard-cc2a1e300441\">https:\/\/dexaran820.medium.com\/security-problems-of-erc-20-standard-cc2a1e300441<\/a><\/li>\n<\/ul>\n\n\n\n<p>There are MANY more examples like these&#8230; All of which can be wholly avoided, by not using fake tokens written into &#8216;contracts&#8217; that pretend to be coins. (Who would have thought!?)<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img decoding=\"async\" width=\"512\" height=\"512\" data-src=\"https:\/\/test.crowetic.com\/wp-content\/uploads\/2025\/06\/NewCloudTest-512x512-1.png\" alt=\"\" class=\"wp-image-5005 lazyload\" style=\"--smush-placeholder-width: 512px; --smush-placeholder-aspect-ratio: 512\/512;width:520px;height:auto\" data-srcset=\"https:\/\/test.crowetic.com\/wp-content\/uploads\/2025\/06\/NewCloudTest-512x512-1.png 512w, https:\/\/test.crowetic.com\/wp-content\/uploads\/2025\/06\/NewCloudTest-512x512-1-300x300.png 300w, https:\/\/test.crowetic.com\/wp-content\/uploads\/2025\/06\/NewCloudTest-512x512-1-150x150.png 150w, https:\/\/test.crowetic.com\/wp-content\/uploads\/2025\/06\/NewCloudTest-512x512-1-100x100.png 100w\" data-sizes=\"(max-width: 512px) 100vw, 512px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">\u2705 Qortal: Native Assets(<em>&#8216;tokens&#8217;<\/em>), Native(<em>ly<\/em>) Trust(<em>less<\/em>)<\/h3>\n\n\n\n<p>(<em>Transactions created the same way as QORT, <\/em><strong><em>signed by the account&#8217;s private key<\/em><\/strong><em> &#8211; If the account didn&#8217;t deliberately make the transaction, the balance isn&#8217;t changing!<\/em>)<\/p>\n\n\n\n<p>In contrast, Qortal\u2019s design is <strong><u>sane<\/u><\/strong>:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Assets are part of the protocol layer<\/strong>, not &#8220;applications pretending to be tokens&#8221;.<\/li>\n\n\n\n<li>You <strong>don\u2019t need a smart contract<\/strong> to define or manage a token.<\/li>\n\n\n\n<li>You <strong>don\u2019t need to trust any dev<\/strong> \u2014 it&#8217;s validated by consensus.<\/li>\n\n\n\n<li>Asset ownership and transfers are <strong>natively enforced by the core<\/strong> \u2014 not by arbitrary bytecode.<\/li>\n<\/ul>\n\n\n\n<p>It\u2019s like the difference between:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u2705 An actual <strong>decentralized OS with built-in syscalls<\/strong> (Qortal)<\/li>\n\n\n\n<li>\u274c A <strong>BYO-OS<\/strong> environment where every app implements its own fake version of <code>sys.exit()<\/code> and <code>malloc()<\/code> (Ethereum)<\/li>\n<\/ul>\n\n\n\n<p>(See initial wiki post regarding Qortal Assets ((<em>nicknamed &#8216;Q-Assets&#8217;<\/em>)) HERE &#8211; <a href=\"https:\/\/wiki.qortal.org\/doku.php?id=q-assets\">https:\/\/wiki.qortal.org\/doku.php?id=q-assets<\/a>)<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">So&#8230; Why Do People Use EVM Contract-NoTokens Anyway?<\/h3>\n\n\n\n<p>Apparently there are reasons, such as&#8230; (<em>reasons on the left, my comments on the right<\/em>):<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Composability<\/strong>: it&#8217;s easy to mix-and-match. (<em>This has no basis IMO, &#8216;mix and match&#8217;? What does that even mean and is that really worth legitimacy? Not in my mind.<\/em>)<\/li>\n\n\n\n<li><strong>Flexibility<\/strong>: you can write any logic you want. (<em>Right, leading to a MASSIVE number of scams&#8230; When you can just as easily create a Q-App that is actually decentralized, and leverage a native, real token on Qortal.<\/em>)<\/li>\n\n\n\n<li><strong>VC-bait<\/strong>: endless room to \u201cinnovate\u201d (read: obfuscate, extract fees, and relaunch forks). (<em>BINGO! This, IMO, is the REAL reason. Fake &#8216;innovation&#8217;, in reality just newly created ICO scams to fill bags with FIAT debt notes. The EXACT THING that Bitcoin was built to REPLACE. The &#8216;crypto space&#8217; is seriously a massive shit show.<\/em>)<\/li>\n\n\n\n<li><strong>Hype-first dev culture<\/strong>: 10x engineers deploying $1B TVL with <code>require(false)<\/code> bugs.<\/li>\n<\/ul>\n\n\n\n<p>But at the end of the day, EVM tokens are just &#8216;contracts&#8217; with a social contract.<\/p>\n\n\n\n<p>(<strong><em>Basically, they are nothing, and there isn&#8217;t even really any reason for them to be &#8216;on-chain&#8217; other than hype, as they may as well be on a centralized server for all the &#8216;blockchain-like&#8217; functionality they have&#8230; which is essentially none.<\/em><\/strong>)<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">Is it time to WAKE UP Yet?!<\/h3>\n\n\n\n<p><strong>Qortal has the TRUE ALTERNATIVE<\/strong>, that doesn&#8217;t require that people memorize:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>That \u201cwrapped\u201d ETH<strong> isn\u2019t actually ETH.<\/strong><em> (Neither is wrapped BTC, or wrapped anything else&#8230; and when the primary chain they are wrapped on dies, bye bye not-coins!)<\/em><\/li>\n\n\n\n<li><strong>That EVM tokens aren\u2019t tokens<\/strong>. (<em>Code-based contracts with no immutability or any other native blockchain features&#8230; I always wondered why &#8216;audits&#8217; were such a thing on EVM chains, now I know!<\/em>)<\/li>\n\n\n\n<li>That infinite approval could <strong>drain your EVM wallet<\/strong>. (<em>Along with any number of coder errors, scams, or manipulative tactics in the EVM oh-so &#8216;Smart&#8217; Contracts&#8230;<\/em>)<\/li>\n\n\n\n<li>That <code>selfdestruct()<\/code> or <code>delegatecall()<\/code> might nuke your funds from orbit. (<em>&#8216;Wow&#8217; is all you can say here&#8230;<\/em>)<\/li>\n<\/ul>\n\n\n\n<p>Qortal <strong>brings sanity<\/strong>, with native-level control, verifiable logic, and no shell game required. That\u2019s the future decentralized tech needs \u2014 not just the illusion of it.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">This is all from someone who doesn&#8217;t like the idea of &#8216;assets&#8217; (tokens) in 99% of cases&#8230;<\/h3>\n\n\n\n<p>Look, I have many times said that I do not like the idea of &#8216;assets&#8217; at all, at least, not in the way they are currently able to be created. I have also said that I would like to design a new method of asset issuance on Qortal that provides a much more solid foundation.<\/p>\n\n\n\n<p>However, it was only recently that, upon a deeper dive into the EVM nonsense, I discovered that EVM &#8216;tokens&#8217; are not even REAL, not even TOKENS, and able to be PROGRAMMED TO STEAL. Which made me re-think my overall stance on the subject&#8230; a little.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Tokens &#8211; Love Em or Hate Em&#8230;<\/h4>\n\n\n\n<p>It is clear that tokens aren&#8217;t going anywhere&#8230; and honestly, the vast majority of uses of today they are treated like &#8216;company stock&#8217; anyway&#8230; which in all reality is what the asset issuance system of Qortal was designed to allow.<\/p>\n\n\n\n<p>As long as the assets issued in this fashion (by a single entity) are done so in a way that is honest, and doesn&#8217;t trick people into believing they are actually coins issued by consensus, or pretend to be such&#8230; Then I suppose I don&#8217;t have an issue with them. In 99% of cases I would still likely not hold any, but if I did, and they were &#8216;company stock&#8217; in a company I actually thought would go somewhere, then sure, why not.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\">Don&#8217;t treat tokens as coins (and sure as hell don&#8217;t treat EVM NoTokens as coins), realize they are stocks in the company that launched them.<\/h5>\n\n\n\n<h3 class=\"wp-block-heading\">Real Tokens, Real Decentralized Features, Real Everything &#8211; Qortal<\/h3>\n\n\n\n<p>IF they&#8217;re going to exist, they should at least be REAL tokens, controlled the same way as QORT, by CONSENSUS. They should be only spendable by way of a SIGNATURE, and shouldn&#8217;t be so complex that they require individualized audits on each one prior to being deemed &#8216;legit&#8217;. Get real, get Qortal.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>(Honestly&#8230; it was only fairly recently that I realized what I always called &#8216;nonsense tokens&#8217;, are MUCH MORE NONSENSE than I ever could have imagined! The &#8216;crypto space&#8217; needs legitimacy SO BADLY. The Time for Qortal is past due.) ERC-20 \u201cTokens\u201d Are Contracts, Not Assets That&#8217;s right, you heard me&#8230; in Ethereum (and ALL &#8216;EVM&#8217; [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":5006,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-5004","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/test.crowetic.com\/index.php\/wp-json\/wp\/v2\/posts\/5004","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/test.crowetic.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/test.crowetic.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/test.crowetic.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/test.crowetic.com\/index.php\/wp-json\/wp\/v2\/comments?post=5004"}],"version-history":[{"count":1,"href":"https:\/\/test.crowetic.com\/index.php\/wp-json\/wp\/v2\/posts\/5004\/revisions"}],"predecessor-version":[{"id":5007,"href":"https:\/\/test.crowetic.com\/index.php\/wp-json\/wp\/v2\/posts\/5004\/revisions\/5007"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/test.crowetic.com\/index.php\/wp-json\/wp\/v2\/media\/5006"}],"wp:attachment":[{"href":"https:\/\/test.crowetic.com\/index.php\/wp-json\/wp\/v2\/media?parent=5004"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/test.crowetic.com\/index.php\/wp-json\/wp\/v2\/categories?post=5004"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/test.crowetic.com\/index.php\/wp-json\/wp\/v2\/tags?post=5004"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}