Quick question: can a function send multiple tokens?

And by the question I mean if I can send a couple of few different ERC20’s or let’s say even 1 ERC20 + some amount of ether in one function?

All topic

What is a secure way to use PHP tokens in a C# application

I have a C# app that is sending post requests to and from a php script. I have token based authentication setup on the php, and I have my C# app sending the tokens, however, even with obfuscation, if someone gets my token string, having it there in the first place is useless. Is there a better way to do this kind of security? Is it impossible considering someone can just deobfuscate my source?

All topic

How are ERC20 tokens sold in an ICO before being listed on exchanges?

In many places you see talk about tokens being listed on exchanges AFTER being sold in a successful ICO.

How was the token sold during the ICO? Did the buyers transfer ETH / BTC to some addresses and hoped to get tokens in return? Perhaps buying a little bit to test it and ramping up?

It seems ERC20 is just a protocol for ETH smart contracts that allow transfer of tokens. That doesn’t seem to require any guarantee that the buyer will even get the token.

So in practice for successful ICOs, how dis the process of buying the token work without an exchange? Have any smart contracts been developed that can guarantee that if someone sends ETH to an address then they are guaranteed to get this new token sent to an address they control?

And finally, how do they get control of the address in the first place? If the issuer assigns them an address, then doesn’t the issuer have the power to access it themselves later? If it’s an ETH token, maybe they can use their own private key or something?

Basically I am looking for a complete technical explanation of what happened in successful ICOs on the level of the actual sale and issuance of the new token into some account.

All topic

If someone found a private key to 0x0, would they be able to access all the tokens (over one billion dollars worth) stored there?

The 0x0 address in Ethereum has a lot of token stored in it that have been burnt in the past. However, it appears they burning is the same as sending to 0x0. In that case, could all of those burnt tokens be recovered if someone had access to the private key for 0x0?

All topic

Is this a secure implementation of JWT refresh tokens?

I am implementing a JWT refresh token and have developed the following way of refreshing tokens. The following is the program flow:

  • When server retrieves login information, it checks against password
    database and creates JWT token with a refresh token as one of its
    claims in the payload. (random characters). It will store the refresh
    token in a database.
  • Upon login, server returned login:true and the JWT access token
  • Since the refresh token is inside the JWT, two tokens do not need to
    be sent
  • If the client sends an access token that has expired, the server will
    check the refresh token in the claims and see if it is inside the db.
    If it is, it will generate a new token with a new refresh token, and
    replace the old refresh token in the db with the new one.
  • If client wants to log out of all devices, they can simply revoke all
    of their refresh tokens and they will be logged out when all their
    tokens expire (15 minute JWT tokens).

The advantages I see to this implementation are:

  • No need to send two tokens. The refresh is embedded inside the JWT
    and cannot be modified because that would invalidate the signature.
  • No need to encrypt the refresh token in the database because if an
    attacker got a hold of the refresh token, they cannot do anything
    with it because it is inside the JWT and cannot be modified. (In
    other implementations with separate tokens we should assume an
    attacker gets a hold of both anyways)

The problems I see with this are:

  • JWTs always contain the refresh token, so the attacker will ALWAYS be
    able to perform a refresh and use the refresh token until it expires,
    unless the client revokes it by logging out (of all devices).
  • The client can run the login call in a loop and fill up the database
    because every time they log in, a new access token is created and a
    new refresh token is stored into the database.

Is this method secure? If so, I’m primarily concerned with someone filling up the database with new refresh tokens and filling up the disk. How do I avoid that from happening?

All topic

How does NetDecoder for Tokens work?

I’m trying to understand why I can decode encoded word tokens?

s = "Why isn't this decoding?";
e = NetEncoder[{"Tokens", "English", "IgnoreCase" -> True}];
d = NetDecoder@e;
encoded = e@s;

enter image description here

All topic

My code is creating whitespace tokens and cannot figure out what is causing it

public static void main(String[] args) {

    String str = program;

    String s = "";

    //java reserved words
    String[] keywords = {"abstract", "assert", "boolean", "break", "byte", "case", "catch", "char", "class", "const", "continue", "default", "do",
                         "double", "else", "enum", "extends", "final", "finally", "float", "for", "goto", "if", "implements", "import", "instanceof",
                         "int", "interface", "long", "native", "new", "package", "private", "protected", "public", "return", "short", "static",
                          "strictfp", "super", "switch", "synchronized", "this", "throw", "throws", "transient", "try", "void", "volatile", "while"};

    for (int i = 0; i < str.length(); i++) {

        //finds the end of the token either by a whitespace, newline or tab space
        if (str.charAt(i) == ' ' || str.charAt(i) == 't' || str.charAt(i) == 'n') {

            //assigns the the token to a string to be checked if it is part of the reserved words
            String currentWord = s;     

            boolean isKeyword = false;       

            for (String keyword : keywords) {

                if (currentWord.equalsIgnoreCase(keyword)) { 
                    isKeyword = true;

            if(isKeyword) {

                System.out.println("Reserved word is: ["  + currentWord + "]");

            else {

                System.out.println("Current word is: [" + currentWord + "]");

            s = "";//Clear the string before next token creation


        else {

            // continue on with token
            s += str.charAt(i) + "";



I do not know what is causing these whitespace tokens to be created. Am I missing something that I am supposed to have my code ignore besides whitespace, newline and tab space. Below is a picture of the part of the output. Thanks in advance.

A image of my output

All topic

Can the numbers on RSA SecurID tokens be predicted?

enter image description here

My workplace uses these SecurID tokens which provide you with a temporary password, the code will expire after a short time. I have always been fascinated by the things, because it seems as though all the logic to calculate the next number must be physically located inside the device.

Given physical access to the token, is it possible to predict the numbers? How?
Without physical access, is it theoretically possible to predict future numbers from previous numbers, with or without knowledge of the seed?

*I’m not attempting to crack it, just interested out of mathematical curiousity!

All topic

How can i transfer erc 20 tokens manually in bulk?

Can anyone help me with how to transfer tokens manually in bulk?as i have to transfer tokens to multiple ETH addresses but cannot waste time transferring it one by one.

All topic

Send all Tokens and Eth to a Address automatically

I have few child wallets and a parent wallet.
Whenever these child wallets get incoming ERC20 tokens or ETH. I want to send them automatically to the parent wallet.

I know I can do below to send the entire eth balance.


How can I do it for erc20 tokens.

Thanks in advance.

All topic