What are the methods these days to prevent assets from getting stuck in contracts?
I was disappointed to see that it still happens: 62 BNB got stuck in contract. Any solution?
Would it be a good idea for every contract to have some kind of withdraw function?
No, because such function will need to be of privileged access (e.g., owner-only, admin-only, etc), which means that the system will not be fully decentralized (and not trust-less in general).
For contracts that use
AccessControl usually the account that deployed the contract becomes the owner or default admin. It'd make sense for that account to be the one who, as a last resort, could execute such a withdraw function if it existed. That would still be better than having assets stuck forever that nobody can use.
Yeah, it’s better for funds to be lost
A recover & recover tokens function is definitely a good idea for any contract to prevent permanent loss of funds as should a pause option to halt any transfers when a issue is discovered in the contract.
Most smart contracts are managed/controlled by an owner. Any upgradable contract is 100% controllable and I personally believe that any complex contract should be upgradable.
Just look at any of the bigger smart contracts on audit competitions, they contain a lot of unintended errors and bugs, even though they are written by some of the most experienced teams.
Not adding upgradable or recover functions in smart contract feels like gross negligence to me.
Rug pulls and scams will happen whatever you do. So better have the ability to fix mistakes and don’t trust any contracts unless the team is fully “doxxed” to make sure they can be held responsible.
And no I don’t believe in “privacy” when you are asking people to “invest” in your smart contract, I believe in responsibility and accountability.
Lawless is not a positive thing for crypto. DAO governance with votes is not a positive in crypto. DOA governance using votes depending on balances is what keeps rich people rich and gives them the right to do whatever they want without repercussions.
Sorry rant over
It appears that
_recover(address account) in extension
ERC20Wrapper was designed to get stuck tokens out. Is this the solution?
I was about to say yes, however looking at the function it can only recover the underlying token, which is rather strange as they say it’s for accidental tokens send, so I would have expected it also to recover other tokens accidentally sent.
Also it’s internal, so you still need to add an external version and a native variant for eth/bnb