ERC20 Return Value

ERC20 Return Value Explained in Detail

ERC20 transfer, transferFrom, and approve return bool. A normal implementation returns true on success. Some real tokens return false, revert, or return no data.

Integration code must handle these cases before updating protocol accounting.

Smart contract example

bool ok = token.transfer(to, amount);
require(ok, "transfer failed");

For broader token compatibility, protocols often use SafeERC20.

ERC20 Return Value in Auditing

Unchecked ERC20 return values can make a protocol believe tokens moved when they did not. That can break deposits, withdrawals, repayments, swaps, and rewards.

Auditors test token integrations with non-standard behavior.

Red flags in code

• Return value from transfer or transferFrom is ignored.

• Low-level call checks only success and ignores decoded return data.

• Accounting updates before token movement is confirmed.

• The protocol assumes every token reverts on failure.

• Fee-on-transfer or rebasing behavior is ignored when exact received amount matters.

How to test or review it

• Use mock tokens that return false, return no data, revert, and charge transfer fees.

• Compare pre-transfer and post-transfer balances when needed.

• Confirm protocol state changes only after confirmed token movement.

• Review approve flows and allowance race behavior.

• Prefer SafeERC20 wrappers for external token calls.