Security and copyright risks of verifying ERC20 contract code

Hi, I have a question about ERC20 token contracts in general:

Apparently after verifying on Etherscan, all token contracts become visible to the public.

  • Isn’t that a security risk ?
  • What if we do not verify our contract ?
  • Can some of these contracts (that are verified and visible) on the Etherscan be used again for new coins,
    or are they copyright protected ?

Thank you in advance!

Hello, welcome to the forums!

Apparently after verifying on Etherscan, all token contracts become visible to the public.

Yes, that is true.

  • Isn’t that a security risk ?

If your code has a vulnerability in it, then yes, someone can read the code, then abuse it. So in a way, by validating your code, you have allowed exploiters to view the code.

But, a better question is, why does your code have a vulnerability in it? Your code should not pose any security risk to you or your users. Smart Contracts should be safe to use.

  • What if we do not verify our contract ?

It would cause people to be highly suspicious of your contract. If you don’t want to let users see your code, what are you hiding? Are you hiding an exploit that would allow you to rugpull? Without the ability to see your code, then I don’t know what I am investing in. I could buy your token, but you could have code to stop me from selling it.

Can some of these contracts (that are verified and visible) on the Etherscan be used again for new coins,

Anyone can copy and paste the code, then upload as a new token with exactly the same code. There is nothing stopping them from doing that because it is decentralized.

Are you asking if it’s “okay” to do this? It depends on what your views on software are. This is a philosophical question. I am anti-proprietary software. I believe that software has value because of the teams behind it. Software can have value because of its functionality, but because this functionality can be replicated it is ultimately up to the team to make sure their products continue to have value.

Personally I don’t think it’s acceptable to copy and paste a product. I think it’s okay to borrow code functionality, as long as you are using it in your own product that expands functionality or does something in a unique way.

or are they copyright protected ?

You can assign a license to your code. https://spdx.org/licenses/
But let’s be realistic. If multi-billion corporations can’t successfully stop piracy what hope does anyone have?

I think if you want to build a good token, you should have innovative code, a clear use case, a team that can support the token, and a way to expand on the token’s functionality. Your token doesn’t necessarily have to solve a “problem”, but it needs to have a clear reason why it exists.

Yes imitators will appear and copy your product, which is why you need a good team behind it. Make investors buy your product instead of buying the knockoff.

2 Likes

Thank you for your reply! It definitely helped me.
Kind Regards

1 Like