There is now a Twitter bot that tweets every time somebody fumbled ERC-20 transfer and lost their tokens:
https://twitter.com/TokenOops
Some few million USD has been lost since Ethereum launch this way.
Best practices of having your user security in mind
User ERC-777 instead of ERC-20, as in ERC-777 smart contracts can reject the send
Add an admin recovery function to your ERC-20 token contracts:
* https://twitter.com/moo9000/status/1238514802189795331
*/
contract Recoverable is Ownable {
function initialize(address sender) public initializer {
super.initialize(sender);
}
/// @dev This will be invoked by the owner, when owner wants to rescue tokens
/// @param token Token which will we rescue to the owner from the contract
function recoverTokens(IERC20 token) public onlyOwner {
require(token.transfer(owner(), tokensToBeReturned(token)), "Transfer failed");
}
/// @dev Interface function, can be overwritten by the superclass
/// @param token Token which balance we will check and return
/// @return The amount of tokens (in smallest denominator) the contract owns
function tokensToBeReturned(IERC20 token) public view returns (uint) {
return token.balanceOf(address(this));
}
2 Likes
Hi @miohtama ,
Thanks for sharing.
For the Recoverable contract, people may want to use SafeERC20 safeTransfer
for those tokens which don’t return true.
Do you know which wallets support SafeERC20 yet?
1 Like
Hi @miohtama ,
SafeERC20 is just a wrapper for interacting with ERC20 tokens, including those which are not compliant. It is useful in situations such as retrieving tokens sent by accident to a contract.