Coinbase explains how it evaluates ERC-20 tokens for listing

Crypto exchange Coinbase has explained what technical factors it looks into before deciding to list an ERC-20 token on its trading platforms. 

In a blog post published Monday, Nadir Akhtar, a blockchain security engineer at Coinbase, listed four qualities that each ERC-20 token should possess: Verified source code, industry-standard library use, limited scope for privileged roles, and simple and modular design.

Firstly, the token's source code should be verified, said Akhtar. "This is the most important step to getting a token listed."

Akhtar has suggested that developers should upload the source code for all smart contracts to a "reliable" platform, such as Etherscan. If the code is not yet deployed, it should be added to an easily shareable repository, such as GitHub, he said.

Secondly, developers should use open-source smart contract standards to develop ERC-20 tokens, according to Akhtar. It means developers should avoid writing smart contract code from scratch because they can miss a crucial detail, "compromising the integrity of the token."

Akhtar recommended using popular and "well-vetted" standards, such as OpenZeppelin's repository of smart contracts.

Thirdly, ERC-20 tokens' smart contracts should have limited privileged or "admin" roles, said Akhtar. "These roles can wield significant power, such as pausing transactions, modifying balances, or completely changing the token's logic," which reduces the likelihood of listing the token on Coinbase.

Lastly, tokens' protocols should have "simple" and "modular" design to avoid complexities, said the security engineer. 

Besides the above listed four factors, Coinbase also looks into factors such as external audits, thorough documentation, up-to-date Solidity language versions, and comprehensive test suites of ERC-20 tokens to catch bugs early.

External audits of smart contracts are especially important, said Akhtar, since their failures can cost "millions of dollars."

"By developing tokens with these security best practices in mind, the path towards building an open financial system becomes much safer," Akhtar concluded.