Does Coinbase have a serious unresolved bug?

Does Coinbase have a serious unresolved bug?

We have been notified of a possible bug on Coinbase.

This is a small problem, but for users it can have big consequences, so it cannot be ignored.

What we are about to tell you is in fact a true story that happened to one of our readers who wanted to tell it to inform other users of the platform of the existence of this problem.

Everything comes from an attempt to deposit USDC with QR code.

USDCs are ERC-20 tokens by The News Spy on the Ethereum blockchain, which can be sent to a public Ethereum address.

These public addresses can receive not only ETH tokens, but also any other ERC-20 token.

However, for internal reasons, many exchanges do not allow any ERC-20 token to be received on the ETH address of the user’s wallet on their platform, but require users to use a different Ethereum address for each ERC-20 token they wish to deposit on the exchange wallet.

Since many exchanges work this way, although it often creates problems, there would be nothing wrong with it. That is, this would not be a bug, but just a choice of exchange that can cause some problems anyway.

In fact, if you send an ERC-20 token to the ETH address of your wallet on an exchange, the transaction is successful and cannot be reversed in any way, but the exchange may not recognise it, precisely because many exchanges require that a different address be used for each token.

So for example, you should not send USDC to your Coinbase ETH address, but use the USDC address, which is different.

However, if you choose to scan the QR code of your USDC address there is a problem.
Here is what happened to our reader.

The reader wanted to deposit USDC on his Coinbase wallet

He clicked on „receive“, and selected USDC. Coinbase showed the following screen:

This is an Ethereum address to which you can theoretically also send ETH or other ERC-20 tokens, but if you send tokens that are not USDCs to this address, Coinbase will not recognise them, and they would be lost forever.

The problem is, when scanning the QR code, what the scanner reads is:

That is, the text string encoded in the QR code not only contains the public address to which the USDCs should be sent, but also another one.

Unfortunately, when scanning with some wallets, they take as their sending address not the correct one, i.e. the second one, but the first one, 0xa0b86991c6218b36c1d19d4a2and9eb0ce3606eb48.

As is easy to understand by comparing them, the two addresses are different, so if the wallet sends the USDCs to the first public address in the QR code it will not send them to Coinbase’s USDC wallet, but to another address.

Unfortunately, the USDC tokens sent in this way have been lost.