Have you ever taken a moment to wonder why we have wrapped ETH (wETH) on the Ethereum network, when we already have ETH? Do you really know how tokens actually work on Ethereum?
Are your tokens in…
A) Your wallet; or
B) A developer’s smart contract?
If you answered B, well done! Because contrary to popular belief, your tokens are never in your wallet.
Outside of native tokens such as ETH or SOL, all ERC20, SPL (or equivalent) tokens are actually inside a developer’s smart contract that looks like a big long list of accounts (addresses) and balances.
All your wallet does is prove that you own one of the accounts and its associated balances in that smart contract.
Each token has its own smart contract. So if you have 10 USDC and 500 SHIB, what your wallet is really doing is pointing to each of the smart contracts for USDC and SHIB and proving that it has an account with those balances in it.
Here’s what it looks like if a user has four tokens – A, B, C & D.
This is why wallets like Metamask don’t actually know what tokens you hold. You have to manually tell it which smart contracts to look in.
The smart contracts that hold your tokens are built entirely by smart contract developers.
You can think of them as similar to an excel spreadsheet. They contain a list of accounts and balances, but they also contain rules (like formulae) on how those accounts and balances can be updated, as well as checks and validations that update the balances as part of a transaction. This is smart contract logic.
But if the developer makes a single mistake in this smart contract logic, or if they’re malicious and create a deliberate backdoor, your tokens could be drained, even if you control your own keys.
This is one of the key reasons why there have been billions of dollars of hacks in DeFi over the last two years.
We need to move away from tokens being just lines inside a developer’s smart contract.
Given how integral tokens are to Web3, DeFi, NFTs (the clue is in the name on that one), tokens should be controlled by the platform itself, with the platform handling security and accounting. Just like Bitcoin.
Radix ($XRD), a layer 1 smart contract platform built for mainstream Web3 and DeFi, calls this approach “asset-oriented”.
On an asset-oriented platform, your tokens are physical objects stored in your own smart contract. Every user will have their own smart contract containing vaults of tokens inside it.
The private key in your wallet then controls your entire smart contract. No one can take your tokens away from you as your tokens are inside a smart contract you actually control – they’re no longer an account balance in a developer’s smart contract.
In the asset-oriented world, sending your tokens takes tokens from your own vault in your smart contract, and physically passes them to someone else’s vault (via what are called buckets). This makes the whole process far more intuitive, as this is how we actually think about sending money to someone in real life.
With native guardrails and accounting built in, this massively improves both user experience and developer experience, negating most hacks and exploits that plague Web3 and DeFi today.
Now, controlling your keys means you actually control your coins.