New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ability to rescue tokens and ETH sent to contract address #94
Comments
thanks for flagging @marsrobertson and including reference implementation 🙂. I guess I would wonder, "who would be the Token 'rescue' programs like those in USDC contemplate an admin owner of the contract ( |
Is there a possibility of doing this without the admin? For ERC20 I don't think so, but maybe there is a way? I'm embodying a mindset of finding a solution, rather than focusing on why something cannot be done. A workaround would be to use 4-of-7 multisig of maintainers with $1000 recovery fee. |
Actually, we could add a mechanism where you provide the proof of the existence of the ERC20 Transfer events that caused the ERC20 to end up in the WETH contract To verify this the WETH contract will need to be able to get the hash of the block where the event took place, this means your retrieval transaction need to happen in less than 256 block after the erroneous transfer. We could also allow user to simply record a previous block hash, to give time to later provide the proof. But assuming we have tooling, this recording is not necessary. Wallets could have the tooling embedded so if you realize quick enough you send to the wrong destination you can submit the retrieval tx But really Wallets should prevent you from sending the token to WETH in the first place :) So in practise this might NOT be a good solution |
That tooling can be a standard EIP. As simple as: Is there a single example in the history of Ethereum where you actually want to send tokens to the token contract address? |
In the deployed implementation, if you send WETH10 tokens to the WETH10 contract it becomes a withdrawal.
I took this functionality from USMFUM. It means that you can wrap and unwrap between Ether and WETH10 using only metamask transfers. Preventing users sending other tokens to WETH10 I think will cost more (in complexity or gas) than is worth. |
WETH10 implements IWETH10 that's implement IERC20, so it's a ERC20 contract. What if admin pass same WETH10 contract as One better solution: function rescueERC20(
IERC20 tokenContract,
address to,
uint256 amount
) external onlyRescuer {
require( tokenContract != address(this), "Can't transfer WETH10." );
tokenContract.safeTransfer(to, amount);
} |
Eth sent to the contract address becomes WETH, WETH sent to the contract address becomes Eth. |
@wighawag |
https://www.reddit.com/r/ethereum/comments/sfz4kw/did_i_just_lose_half_a_million_dollars_by_sending/ https://news.ycombinator.com/item?id=30134500 It causes sentiment like thishttps://news.ycombinator.com/item?id=30120437 My reply:
That's why UI / UX etc... |
@marsrobertson MetaMask/metamask-extension#12642 bug discovered last year, fix development near completion, PR not passed & merged = huge user loss. Not blaming the metamask team tho, they were doing software engineering things, QAs and code reviews, it took time. |
USDCv2 has option to recover funds
USDC proxy: https://etherscan.io/token/0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48#readProxyContract
Implementation: https://etherscan.io/address/0xb7277a6e95992041568d9391d09d0122023778a2#code
Starts at line 1313:
The text was updated successfully, but these errors were encountered: