Why is it safe for ERC20.sol transferFrom() to be public?

abcoathup · July 1, 2019, 3:19am

Tokens can only be transferred from the senders account, please note, it is the sender who sets the allowance (the withdrawer calls transferFrom not the sender). transferFrom needs to be public to be called by other contracts and external accounts.
There is meant to be no way for an account to withdraw tokens that they do not have an allowance for.

I have provided more detail to clarify my answer below:

https://github.com/ethereum/EIPs/blob/master/EIPS/eip-20.md#transferfrom
The transferFrom method is used for a withdraw workflow, allowing contracts to transfer tokens on your behalf. This can be used for example to allow a contract to transfer tokens on your behalf and/or to charge fees in sub-currencies.

The withdraw workflow:

An account (token holder) sets an allowance for an account
The account with an allowance (a contract or an external account) can then transfer (withdraw) an amount of tokens within the set allowance.

The allowance is set by an account (token holder) calling the approve function (token holder is the msg.sender).

    function approve(address spender, uint256 value) public returns (bool) {
        _approve(msg.sender, spender, value);
        return true;
    }

An account can only transfer an amount of tokens within the set allowance by calling transferFrom (withdrawer is the msg.sender)

    function transferFrom(address sender, address recipient, uint256 amount) public returns (bool) {
        _transfer(sender, recipient, amount);
        _approve(sender, msg.sender, _allowances[sender][msg.sender].sub(amount));
        return true;
    }

The withdraw is deemed safe because tokens can only be transferred within the amount of tokens that the sender holds (checked when _balances is decreased) and within the set allowance for the account (checked when _allowances is decreased). (Otherwise either transaction would revert with reason "SafeMath: subtraction overflow").

transferFrom needs to be public to allow the function to be called by other contracts and external accounts.

Please note, the sender (the token holder) doesn't call transferFrom, the sender (the token holder) sets the allowance by calling approve.

Let me know if you need more information.

Topic		Replies	Views
Question about the design of ERC20 transferFrom function Contracts erc20 , design , solidity , openzeppelin-contracts	5	702	June 8, 2022
How does transferFrom(), in ERC20.sol, enforce that the caller must have allowance for `sender`'s tokens of at least `amount`? Contracts erc20	5	5444	June 29, 2019
transferFrom, approve, safeTransferFrom function are payable function in the ERC721 Standard，but openzeppelin inplements those function are public Contracts	1	178	March 18, 2024
Why is this a critical issue? Security erc20 , solidity	2	171	August 24, 2024
How transferFrom can be used with addresses other than the contract? Smart Contracts erc20	2	2041	February 20, 2022

Why is it safe for ERC20.sol transferFrom() to be public?

Related topics