Adding withdraw capability to ERC20 token contract(for stuck tokens)

justAsking · May 1, 2022, 10:21pm

Basically i want to add a capability to withdraw stuck tokens from the ERC20 token contract(so i can recover tokens that are accidentally sent to the contract address).

My question is. Are there any risks?
The treasuryWallet is a safe address, but anyone can enter a fake address for the ERC20 that could execute any code.

However, i am not really seeing any potential vulnerabilities. The token contract address would be the msg.sender in such case(if the _token address was a 'malicious' contract address), but so what? I don't see any potential harm being done?
Am i mistaken?

address treasuryWallet = "0x...012323"; //some "safe address"
         function transferStuckTokens(address _token) external {
		require(msg.sender == tx.origin);
		uint256 tokenAmount = IERC20(_token).balanceOf(address(this));
		
		IERC20(_token).transfer(treasuryWallet, tokenAmount);
	}

FreezyEx · May 2, 2022, 12:13pm

Hey @justAsking
you don't need require(msg.sender == tx.origin) due to msg.sender is never used

Also, I can't see any issue even if someone put a malicious token address as input. Even if you receive those tokens (that must be in contract first) you can ignore them. It is the same if someone send a malicious token to you. Just ignore it or send to burn.

CrocArms · June 19, 2022, 6:13pm

Did this work for you? Looking for a token template that includes it.

Topic		Replies	Views
Request example of how to withdraw ERC20 token Contracts	9	5269	March 12, 2021
Releasable Contract - Withdraw Stuck or Incompatible Tokens From Your Contract Showcase erc20 , erc721 , token , gas-tokens , erc1155	1	1910	July 29, 2022
Requiring msg.sender to be an ERC20 contract Support	0	448	July 10, 2021
SafeERC20: low-level call failed Contracts	1	1193	August 22, 2021
Protecting users from wrong transfer Smart Contracts	4	567	December 21, 2022

Adding withdraw capability to ERC20 token contract(for stuck tokens)

Related topics