Token Integration Analyzer
Token Integration Analyzer automation and integration
Token Integration Analyzer is a community skill for reviewing smart contract token integrations, covering ERC-20 compatibility checks, token behavior analysis, fee-on-transfer detection, rebasing token handling, and integration risk assessment for secure DeFi protocol development.
What Is This?
Overview
Token Integration Analyzer provides guidance on reviewing how smart contracts interact with external token contracts. It covers ERC-20 compatibility checks that verify standard interface compliance and detect non-standard return value behavior, token behavior analysis that identifies fee-on-transfer tokens where received amounts differ from sent amounts, rebasing token detection that flags tokens with dynamic supply adjustments affecting stored balances, approval pattern review that examines allowance handling for front-running vulnerabilities and race conditions, and integration risk scoring that evaluates overall safety of token interactions within protocol contracts by examining transfer mechanics, approval workflows, and balance tracking patterns. The skill helps developers build robust protocols that handle diverse token implementations safely across the DeFi ecosystem.
Who Should Use This
This skill serves DeFi protocol developers integrating external tokens, smart contract auditors reviewing token interaction patterns, and security researchers analyzing token-related vulnerability classes.
Why Use It?
Problems It Solves
Many ERC-20 tokens deviate from the standard with missing return values, fee deductions, or supply rebasing. Protocols that assume standard behavior break when encountering these tokens. Approval patterns can introduce front-running attacks if not handled properly. Detecting these edge cases manually requires reviewing every integrated token contract individually, which is error-prone and does not scale across many token pairs.
Core Highlights
Compatibility checker verifies ERC-20 interface adherence and return values. Fee detector identifies tokens that deduct on transfer. Rebase scanner flags dynamic supply tokens affecting balances. Approval auditor reviews allowance patterns for race conditions.
How to Use It?
Basic Usage
// Safe token integration
// pattern
import {IERC20} from
"@openzeppelin/contracts"
"/token/ERC20"
"/IERC20.sol";
import {SafeERC20} from
"@openzeppelin/contracts"
"/token/ERC20/utils"
"/SafeERC20.sol";
contract Vault {
using SafeERC20
for IERC20;
mapping(
address => uint256)
public balances;
function deposit(
IERC20 token,
uint256 amount
) external {
uint256 before =
token.balanceOf(
address(this));
token.safeTransferFrom(
msg.sender,
address(this),
amount);
uint256 received =
token.balanceOf(
address(this))
- before;
balances[msg.sender]
+= received;
}
}Real-World Examples
// Approval race condition
// mitigation
contract SafeApproval {
using SafeERC20
for IERC20;
function resetAndApprove(
IERC20 token,
address spender,
uint256 amount
) internal {
token.safeApprove(
spender, 0);
token.safeApprove(
spender, amount);
}
function checkRebase(
IERC20 token,
uint256 stored
) internal view
returns (bool) {
uint256 actual =
token.balanceOf(
address(this));
return actual != stored;
}
}Advanced Tips
Use balance-before-and-after patterns for every deposit to handle fee-on-transfer tokens correctly. Wrap all token calls with SafeERC20 to handle non-standard return values. Maintain allowlists for supported tokens and document known behaviors of each accepted token.
When to Use It?
Use Cases
Audit a lending protocol before adding a new collateral token type. Review a DEX aggregator for correct handling of deflationary tokens. Evaluate a yield vault for rebasing token compatibility issues.
Related Topics
ERC-20, Solidity, DeFi security, smart contract auditing, SafeERC20, token standards, and approval patterns.
Important Notes
Requirements
Solidity development environment with OpenZeppelin contracts for SafeERC20 utilities and standard interfaces. Understanding of ERC-20 token standard and common deviations including missing return values, fee mechanics, and supply adjustment patterns. Access to token contract source code or verified bytecode on block explorers for thorough behavior analysis and deviation classification.
Usage Recommendations
Do: use balance-before-and-after checks on every token transfer to account for fees. Wrap all external token calls with SafeERC20 to handle missing return values. Test integrations against known non-standard tokens like USDT and rebasing tokens like stETH.
Don't: assume all ERC-20 tokens return boolean values from transfer calls. Trust that transferred amounts equal the parameter value without verifying actual received balance. Skip approval reset to zero before setting new allowance values on tokens that require it.
Limitations
Static analysis cannot detect all token behavior deviations since some are triggered by runtime state changes, governance actions, or time-based conditions embedded in the token logic. New token standards and exotic mechanisms emerge regularly and may not be covered by existing check patterns. Upgradeable token proxy contracts can change their transfer and approval behavior after initial analysis through implementation contract swaps.
More Skills You Might Like
Explore similar skills to enhance your workflow
Browser Use
Automate web browser interactions and data extraction for streamlined programming and development tasks
Flash Attention
Automate and integrate Flash Attention for faster and more efficient transformer model training
Playwright Automation Fill In Form
playwright-automation-fill-in-form skill for entertainment & gaming
Tidy
Triggered by "tidy up", "clean up transactions", "categorize uncategorized", "organize my transactions
Bigcode Evaluation Harness
Bigcode Evaluation Harness automation and integration
Asc Build Lifecycle
Automate ASC build lifecycle management and integrate continuous integration into your software pipeline