How does ERC20 transfer work?

I am real beginner so apologize for the dumb question, I have an hard time understanding the account transfer system.

I created a contract from openzeppelin ERC20 template, and deployed it to ganache.
I use the addresses from my ganache's accounts and everything works fine and I can transfer from my javascript client like this :

web3 = new Web3('ws://127.0.0.1:7545')
contract = new web3.eth.Contract(ABI, contractAddress)
contract.methods.transfer(to, amount).send({from:from})
  1. Now my problem is that from my client, I can transfer from any account to any account, simply by entering their addresses ? The function do not require me to sign the call or prove i know the private key for the sender address. How come I can process a transfer from a account just by knowing their public address ?

  2. If I generate a new account with acc = web3.eth.accounts.create(), I can transfer token to acc.address, and the balance for this new address is set fine. but when i want to transfer out of acc.address I get the error "sender account not recognized" which i also do not understand.

Thank you for your advice

1 Like

Not really, the prerequisite is that the account should have enough tokens to transfer, if not, it will fail when transfer tokens.

The function do not require me to sign the call or prove i know the private key for the sender address. How come I can process a transfer from a account just by knowing their public address ?

I think you use the local environment, so it can access to the private key easily, when you use another env, such as a testnet, it will need your private key to sign data to send transaction, for more details, you can have a look at this function web3.eth.sendSignedTransaction

If I generate a new account with acc = web3.eth.accounts.create(), I can transfer token to acc.address, and the balance for this new address is set fine. but when i want to transfer out of acc.address I get the error “sender account not recognized” which i also do not understand.

I am not sure, it seems like your node can not access to this new account, maybe you can use another way: web3.eth.personal.newAccount(password, [callback])

2 Likes

Thank you for your answer, this helped me see that it was linked to my local environement. Here is what I understood if any beginner come accross this question : There is 2 kind of accounts locked and unlocked. unlocked means that the private key is known and stored on the node you are connecting too. If you are performing transaction on unlocked account the node will sign it for you (this is the case of all ganache accounts), therefore can call directly the ERC20 methods from js client. If you are dealing with locked account, it is not possible to use the ERC20 native methods, you need to sign the transaction locally and send it signed. At least this is my understanding.

2 Likes