Practically speaking it is not a problem. Here is the attack vector that they are describing (hypothetically, I don’t think it actually works):
- the dev creates a specially crafted smart contract with 0 length (and I am not even sure that it is possible, if somebody wants to test this and reply to this thread I’d greatly appreciate). The blockchain returns the address of the deployed smart contract
- Then the dev needs to convince people to send ERC223 tokens to this address. Since the smart contract of 0 length is pretty much guaranteed to not do anything useful, these tokens shall be burned forever.
The owner of the token has to manually send the tokens to that address, there is no way a “hacker” can steal the tokens from you unless you give them away. Compare this to ERC20 where you may lose tokens by accidentally sending them to ANY smart contract address, not just the specially crafted one. Furthermore, the “hacker” would not extract any benefit from this attack, and thus it is unlikely they will spend $$$ marketing their specially made contract address. The “hacker” would simply lose money without any gain.
Sounds like creating an ICO contract and asking people to send ETH to that address is a much more dangerous attack on the blockchain, and yet Ethereum is consistently in top-3 coinmarketcap with market cap of over 10 billion USD. And in the ICO case the money goes to a single person, instead of being burned and improving the token’s scarcity. What an attack vector!
Hope this explanation makes sense. It is hard to explain nitty-gritty details of how EVM works to an audience not familiar with coding, but definitely not impossible! We are doing our best, please keep asking those questions and provide us feedback on our answers