ERC-20 Token Creation and Transfering

Create ERC-20 token with 10,000 total supply and send 5000 tokens to other address.

Contract

// SPDX-License-Identifier: MIT
// Compatible with OpenZeppelin Contracts ^5.0.0
pragma solidity ^0.8.22;

import {ERC20} from "@openzeppelin/contracts/token/ERC20/ERC20.sol";
import {ERC20Permit} from "@openzeppelin/contracts/token/ERC20/extensions/ERC20Permit.sol";

contract MyToken is ERC20, ERC20Permit {
    constructor() ERC20("MyToken", "MTK") ERC20Permit("MyToken") {
        _mint(msg.sender, 10000 * 10 ** decimals());
    }
}

In this project ERC-20 is imported from openZeppelin. So you have to folder where you want to start your contract and install this:

• forge install OpenZeppelin/openzeppelin-contracts
• Open foundry.toml and add there:
  1. remappings= [“@openzeppelin/contracts/=lib/openzeppelin-contracts-upgradeable/lib/openzeppelin-contracts/contracts/”]

Now For the deployment

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.22;

import "forge-std/Script.sol";
import "../src/MyToken.sol";

contract DeployScript is Script {
    function run() external {

        // Start broadcasting using the private key
        vm.startBroadcast();

        // Deploy MyToken contract
        MyToken token = new MyToken();

        // Transfer 5000 tokens to the senior's address
        address seniorAddress = replace with actual address;
        token.transfer(seniorAddress, 5000 * 10 ** token.decimals());

        // Log addresses
        console.log("Token deployed to:", address(token));
        console.log("Tokens transferred to:", seniorAddress);

        vm.stopBroadcast();
    }
}

Here in the senior address you have to write the address where you want to send tokens.

i deployed this in Sepolia testnet. So to deploy this in Sepolia, this is the method i follow:

• Make a app in alchemy and choose Sepolia to get RPC_URL.
• Create a Metamask account to get a PRIVATE_KEY.
• Make a .env file in folder where my contract is.
• Then type source .env in terminal
• Then deploy using forge script/deploy.s.sol(yoyr deploy file name) —rpc-url $RPC_URL —private-key $PRIVATE_KEY —broadcast

ERC-20 tokens, while widely used, have several known vulnerabilities that developers need to be aware of to ensure the security of their smart contracts. Here are some of the most common vulnerabilities:

1. Integer Overflow and Underflow

Description: This occurs when a mathematical operation results in a number that is outside the range of the variable type, causing unexpected behavior. Example: Adding two large numbers together might wrap around and produce a very small number.

2. Reentrancy Attacks

Description: This happens when a malicious contract calls back into the calling contract before the first execution is finished, potentially draining funds. Example: The infamous DAO attack exploited this vulnerability to siphon off millions of dollars worth of Ether.

3. Batch Overflow

Description: This vulnerability allows attackers to create an excessive amount of tokens by exploiting the batchTransfer function. Example: The BeautyChain (BEC) and MeshBox (MESH) tokens were exploited using this vulnerability.

4. Unprotected Functions

Description: Functions that do not have proper access control can be called by anyone, potentially leading to unauthorized actions. Example: A token contract with an unprotected mint function can be exploited to create an unlimited number of tokens.

5. Incorrect Implementation of transfer and transferFrom

Description: Incorrectly implementing these functions can lead to vulnerabilities such as allowing unauthorized transfers or failing to emit events. Example: A token contract that does not properly check the sender’s allowance before executing a transferFrom can be exploited.

6. Front-Running

Description: This occurs when a transaction is observed by miners and included in a block before a pending transaction, potentially leading to unfair advantages. Example: An attacker might observe a pending token sale and place a buy order before the sale, driving up the price.

7. Denial of Service (DoS)

Description: Certain functions or conditions can be exploited to make the contract unresponsive or unusable. Example: A contract with a function that causes an infinite loop can be used to block legitimate transactions.

8. Logic Errors

Description: Mistakes in the contract logic can lead to unintended behavior. Example: A token contract that incorrectly calculates balances can result in incorrect token distributions.

Mitigation Strategies

To mitigate these vulnerabilities, developers should:

• Use Established Libraries: Utilize well-tested libraries like OpenZeppelin for ERC-20 token implementation.
• Conduct Thorough Audits: Have the contract code audited by security experts.
• Implement Access Control: Ensure that sensitive functions are protected by access control mechanisms.
• Test Extensively: Perform comprehensive testing, including unit tests and integration tests, to catch potential issues.