What is ERC-20? The token standard that runs Ethereum`s economy
I hold USDT in my MetaMask wallet. Also some LINK, a bit of UNI from a swap last week, and a dog token somebody airdropped me that I keep forgetting to sell. These tokens do completely different things. Tether is a stablecoin backed by cash and treasuries. Chainlink runs oracle networks that feed real world data to smart contracts. Uniswap governs the biggest DEX on Ethereum. The dog token does nothing useful. But my wallet displays all of them in the same list, lets me send them with the same button, and every DeFi protocol I use accepts them without any special setup.
That only works because all four follow the same rules. They are ERC-20 tokens. Same interface, same functions, same playbook. And understanding what ERC-20 actually means is the first step to understanding how Ethereum works as an economy.
Fabian Vogelsteller wrote the proposal in November 2015. He gave it a boring name: Ethereum Request for Comment number 20. Vitalik Buterin co-authored the final version. By 2017 it was formally adopted, and then the ICO boom hit like a truck. Thousands of projects launched tokens overnight because ERC-20 made it almost free. Half a million token contracts later, the standard still runs the show. This is what it does and why you should care about it even if you never plan to write a line of Solidity.
How the ERC-20 standard works
The name is nerdier than it needs to be. ERC = Ethereum Request for Comment. 20 = the proposal number. That is it. A developer named Fabian said "here are the rules every token should follow" and gave his proposal the number 20 because that was the next available slot. Not twenty rules. Not twenty tokens. Just proposal #20 in the Ethereum improvement queue.
What those rules say: if you want to make a fungible token on Ethereum, your smart contract has to include these specific functions. "Fungible" means each token unit is identical. One USDC is the same as every other USDC. You do not care which specific UNI token you hold because they are all interchangeable. NFTs are the opposite. Each one is unique. Different standard. Different article.
The ERC-20 standard nails down six functions and two events. Every compliant token contract, from USDT with its $140 billion market cap down to the memecoin someone launched thirty seconds ago, implements these same calls:
| Function | Plain English version |
|---|---|
| totalSupply() | "How many of these tokens exist in the world?" |
| balanceOf(address) | "How many does this specific wallet have?" |
| transfer(to, amount) | "Send X tokens from my wallet to this other person" |
| approve(spender, amount) | "Let this DeFi protocol spend up to X of my tokens" |
| transferFrom(from, to, amount) | "I have permission to move tokens from wallet A to wallet B" |
| allowance(owner, spender) | "How much can this spender still use from the allowance?" |
Two events get logged on chain whenever something happens. Transfer fires every time tokens move between wallets. Approval fires when someone gives spending permission. Blockchain explorers like Etherscan use these events to build the transaction history you see when you look up a token.
Three optional fields add personality: name gives the token a human readable label ("Chainlink"), symbol is the ticker ("LINK"), and decimals sets how granular the token can be divided (almost everyone uses 18 to match ETH, though USDT uses 6 and that has caused more bugs than anyone wants to admit).
Six functions. Two events. Three optional fields. That is literally the entire specification. I could print it on a napkin with room left over for coffee stains. And yet this napkin-sized spec runs a token economy worth hundreds of billions of dollars. MetaMask reads these functions to show your balance. Uniswap calls them to execute swaps. Aave uses them to manage lending. Every DeFi protocol you have ever used talks to tokens through this same interface. The simplicity is the point.
Why ERC-20 changed everything about Ethereum
I worked in crypto in 2016, before this standard existed. It was chaos. Every token was a custom job. Somebody would build a token contract with their own function names, their own transfer logic, their own way of checking balances. MetaMask had no idea what half these tokens were. Exchanges would take months to add support for a new token because each one required custom integration code. Building a DEX? Forget it. You would need to write handlers for every individual token implementation.
ERC-20 ended that madness. After the standard got adopted, a new token showed up in MetaMask the moment you pasted the contract address. Uniswap could list it without anyone's permission. Aave could accept it as collateral without writing a single line of custom code. One standard, universal compatibility.
The 2017 ICO wave was the proof. Some kid in a dorm room could deploy an ERC-20 token after lunch, put up a website with a whitepaper, and be accepting ETH from investors by midnight. I watched it happen in real time. Projects raised billions. Some were legitimate and built real products. Most were garbage. A few were outright fraud. But the technology underneath? It worked flawlessly. The standard did exactly what it was designed to do: make token creation and interaction trivially easy.
The scale now is staggering. Over 500,000 ERC-20 token contracts sitting on the Ethereum network. The total market cap of ERC-20 tokens runs into the hundreds of billions. USDT alone crossed $140 billion. Add USDC, LINK, UNI, DAI, SHIB, MKR, and the rest and you are looking at the majority of Ethereum's entire economic value living inside ERC-20 contracts.
| Top ERC-20 tokens | Category | Market cap (approx.) |
|---|---|---|
| USDT (Tether) | Stablecoin | $140B+ |
| USDC (Circle) | Stablecoin | $60B+ |
| LINK (Chainlink) | Oracle network | $8B+ |
| UNI (Uniswap) | DEX governance | $4B+ |
| DAI (Maker) | Decentralized stablecoin | $5B+ |
| AAVE | Lending protocol | $2B+ |
| SHIB (Shiba Inu) | Memecoin | $6B+ |
| MKR (Maker) | Governance | $1.5B+ |
Creating an ERC-20 token: easier than you think
I once watched someone deploy an ERC-20 token live on a YouTube stream. It took 14 minutes. Including the time he spent explaining what he was doing to chat.
That is not a flex about how smart the streamer was. It is a statement about how easy OpenZeppelin made this. OpenZeppelin is a library of audited, battle-hardened Solidity code that does all the heavy lifting. You pick your token name ("MyToken"), your symbol ("MTK"), your decimals (18, same as ETH), and your initial supply. The library handles the six ERC-20 functions, the events, the security checks. You copy the template, change four variables, deploy to Ethereum, and you have a real token.
Gas costs for deployment fluctuate. Quiet network? Maybe $20-50. Peak congestion like an NFT mint day? $200-500. Deploy on Arbitrum or Base instead of Ethereum mainnet and it drops to a few dollars. The financial barrier is close to zero.
Here is the dark side of that accessibility. The Ethereum blockchain does not check whether a token contract is legitimate. It does not verify teams, audit code, or evaluate business models. If you can pay the gas fee, you can deploy a token. This is why Etherscan lists hundreds of thousands of token contracts and most of them are either abandoned experiments or active scams. The ERC-20 standard guarantees compatibility. It guarantees absolutely nothing about whether the token is worth holding.
ERC-20 vs other Ethereum token standards
People ask me: "is ERC-20 the only token standard?" No. Not even close. But it was the first one that worked, and the others that came after it solved problems ERC-20 left on the table.
ERC-721 arrived and gave us NFTs. Where every ERC-20 token is interchangeable (your USDC is the same as my USDC), each ERC-721 token carries a unique ID. Bored Ape #4293 is a completely different asset than Bored Ape #7810. Similar function names under the hood, but the logic operates on individual items instead of generic amounts. You cannot send half a Bored Ape. It is all or nothing.
ERC-1155 came from game developers who got tired of deploying separate contracts for every item type. One contract handles gold coins (fungible, like ERC-20), iron swords (semi-fungible, 50 identical copies), and a unique legendary helmet (non-fungible, one of one). Batch transfers save gas. One transaction moves 100 different items instead of 100 separate transactions.
BEP-20 is what Binance Smart Chain calls their version. Same functions, same events, different blockchain. Copy-paste ERC-20 on a cheaper network. Solana's SPL standard does the same job with completely different architecture because Solana was not designed to be Ethereum compatible.
| Standard | Token type | Fungible? | Use cases | Network |
|---|---|---|---|---|
| ERC-20 | Fungible token | Yes | Currencies, governance, utility | Ethereum |
| ERC-721 | Non-fungible token | No (unique IDs) | NFTs, digital art, collectibles | Ethereum |
| ERC-1155 | Multi-token | Both | Gaming, mixed asset types | Ethereum |
| BEP-20 | Fungible token | Yes | Same as ERC-20 | BNB Chain |
| SPL | Fungible + NFT | Both | Solana ecosystem | Solana |
ERC-20 tokens in DeFi: why the standard powers decentralized finance
Take away ERC-20 and DeFi collapses overnight. Not "struggles." Collapses. Every piece of the system assumes tokens speak the same language.
Uniswap pairs two ERC-20 tokens in a pool and lets you swap between them. Works for USDC. Works for SHIB. Works for that memecoin your friend launched at 2 AM. The DEX does not care what the token does. It only cares that the contract implements transfer() and approve(). Add a liquidity pool, and trading goes live. No listing application. No exchange review. No waiting period.
Aave and Compound lend ERC-20 tokens. The protocol calls balanceOf() to see what you deposited. Calls transfer() to move tokens around. Uses approve() and transferFrom() when you repay loans. A lending market for a brand new token can spin up the day that token deploys, because the interface is already known.
Then there is the weird ETH problem. ETH existed before ERC-20 did, so it does not follow the standard. That breaks composability. The solution: WETH. Wrapped Ether is an ERC-20 wrapper around native ETH. Deposit 1 ETH, receive 1 WETH that DeFi protocols can handle normally. WBTC does the same thing for Bitcoin, bringing BTC's value into Ethereum's ecosystem as an ERC-20 token backed 1:1 by real Bitcoin in custody.
The practical result: I can build a DeFi protocol today that works with every ERC-20 token ever created, including tokens that do not exist yet. My code does not need to know about USDT specifically. It does not need an update when someone launches a new stablecoin tomorrow. The interface handles everything. That composability is the reason Ethereum has more DeFi activity, more TVL, and more developer tooling than any other blockchain. The ERC-20 standard is the foundation that everything else sits on.
Security risks and common ERC-20 problems
Let me tell you about the approval bug that has cost DeFi users millions and that almost nobody understands until it bites them.
When you swap tokens on Uniswap or deposit into Aave, the dApp asks you to "approve" it to spend your tokens. Most dApps default to unlimited approval. Sounds harmless until you realize what it means: that smart contract can spend every token of that type in your wallet, at any time, forever, until you explicitly revoke the permission. If the contract gets hacked six months from now, the attacker uses your old approval to drain tokens you forgot you ever gave access to.
This has happened. More than once. The fix is simple but annoying: approve only the exact amount you need for each transaction. Or use Revoke.cash to clean up old approvals you forgot about. I check mine every few months. It is always worse than I expect. ERC-2612 is a newer standard that replaces on-chain approvals with signed permits, which reduces this risk. But most dApps still use the old pattern.
Fake tokens catch people every week. A scammer deploys an ERC-20 contract called "Uniswap" or "Chainlink" with a slightly different contract address. You search for it on a DEX, see the familiar name, and buy the fake. Your money goes straight to the scammer's wallet. The real LINK contract address is 0x514910771AF9Ca656af840dff83E8264EcF986CA. The fake might be 0x514910...something-else. Always copy the address from CoinGecko or the official project site. Never search by name alone.
Then there are the tokens with hidden tricks. On the surface, the contract looks like a standard ERC-20. Underneath, the deployer added a function that lets them mint unlimited new tokens. Or a sell tax that takes 99% of your tokens when you try to swap. Or a blacklist that prevents anyone except the deployer from selling. The ERC-20 standard says nothing about what a contract cannot do. It only specifies the minimum functions. Everything else is up to the developer. Token audits, DextScore, and verified contracts on Etherscan exist because of this gap between the standard's simplicity and the creativity of scammers.
