# Tutorial 44: Weird ERC20 Tokens {% hint style="info" %} [**Book an audit with Zokyo**](https://www.zokyo.io/) {% endhint %} In this section, we explore various minimal examples of ERC20 tokens with behaviors that can be surprising or non-standard. These examples are inspired by real-world tokens, many of which have been used to exploit vulnerabilities in smart contract systems. By studying these cases, developers and auditors can better understand the potential risks and challenges when interacting with ERC20 tokens. The ERC20 standard itself is loosely defined and, in practice, functions more as an interface declaration. Even the few requirements it imposes are frequently disregarded by token developers, leading to inconsistent implementations. As a result, creating smart contracts that directly interact with ERC20 tokens can be quite challenging. To mitigate these risks, developers should adopt the following strategies when dealing with external tokens: 1. **Implement an allowlist at the contract level** to restrict interactions to trusted tokens. 2. **Use dedicated wrapper contracts for token interactions** at the boundaries of your system. This approach ensures that the core logic assumes consistent and reliable behavior from external tokens. However, in some situations, such as in decentralized AMMs, it may not be practical to use an on-chain allowlist due to the need for centralization or complex governance mechanisms. In such cases, developers must proceed with extra caution and adopt defensive strategies. Although an on-chain allowlist might not be feasible, an off-chain allowlist within the official user interface can help safeguard users from unexpected token behavior, while preserving the permissionless nature of the system. If you are designing a new token, it's strongly advised to avoid the problematic behaviors highlighted in this section to ensure smooth interactions with other smart contracts and prevent vulnerabilities. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://zokyo-auditing-tutorials.gitbook.io/zokyo-tutorials/tutorial-44-weird-erc20-tokens.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.