Slow Fog Cosine: ERC404 is not yet a mature standard, and attention should be paid to the new risks brought by the new mechanism
ChainCatcher message, Slow Mist founder Yu Xian expressed his views on the ERC404 code on social media.
Yu Xian stated: "Assuming this is a coin, with FT on one side and NFT on the other, when you trade FT, the rarity of the other side (NFT) is indiscriminately given away _owned[from].pop(). Alternatively, if the number of FT is slightly less than an integer, it will also burn an NFT. For example, if your FT is 3, corresponding to 3 NFTs, due to FT… so ERC404 also introduced a whitelist mechanism to allow some pairs/routers to not have to frequently deal with NFTs, just handle FT transactions, as the accounts are all in the contract and cannot disappear. Finally, there is the possibility of a disappearing owner; if revokeOwnership is executed, the subsequent whitelist mechanism will no longer be updated. The new mechanism will definitely bring new security risks. If a protocol does not handle the dual-sided mechanism of ERC404 properly, it could lead to unexpected consequences.
It is also important to note that ERC404 is not yet a mature standard. I casually looked at the contract codes of several projects, and there are some modifications, so this is also a possible risk, with security risks arising from differences."