Following up on the idea of returning accidental funds sent to cTokens when possible, I wrote a quick code change which enables us to do this. The new function sweepToken(address) is a very simple addition which allows anyone to sweep the entire balance of any ERC20 (except for the underlying) to the admin (timelock).
The new function is as follows for CErc20:
/**
* @notice A public function to sweep accidental ERC-20 transfers to this contract. Tokens are sent to admin (timelock)
* @param token The address of the ERC-20 token to sweep
*/
function sweepToken(EIP20Interface token) external {
require(address(token) != underlying, "CErc20::sweepToken: can not sweep underlying token");
uint256 balance = token.balanceOf(address(this));
token.transfer(admin, balance);
}
And as follows for CEther:
/**
* @notice A public function to sweep accidental ERC-20 transfers to this contract. Tokens are sent to admin (timelock)
* @param token The address of the ERC-20 token to sweep
*/
function sweepToken(EIP20Interface token) external {
uint256 balance = token.balanceOf(address(this));
token.transfer(admin, balance);
}
I wrote scenario tests for the new function and a forking simulation ensuring that the new code performs as expected. Please take a review the pull request and leave feedback.
This function will allow for ERC-20 tokens which were accidentally sent to cToken contracts to be recoverable by governance. For example, in this transaction, cUNI was accidentally sent to the cUNI address. Adopting this new code will allow for governance to return these currently bricked funds.
That was my transaction! My good sir, if there is any portion of those coins returned to me I will certainly be sending you your fair share. Words can not describe the appreciation and gratitude that has come over me. There are still good people in this world :'D
@arr00 this is a great feature to add to the ābaseā cToken; it will help return accidentally trapped / incorrectly transferred funds, by routing them to the Timelock contract for redistribution (through governance proposals) to users.
Given that the admin and underlying are defined on each token, these functions should be generally safe and low risk. It would be great for the community to verify (and test-case), but this looks logically correct & simple.
Note: this will not apply to cETH, cBAT, cZRX, cUSDC, and cWBTC, which are not upgradableābut can apply to all newer cTokens, including cDAI, cUSDT, cUNI, and cCOMP.
After deploying a new cToken implementation (and upgrading DAI, USDT, UNI, and COMP) the community should develop some heuristics or policy for how funds are returned to users ā governance proposals are time-consuming and onerous, and the distribution process shouldnāt be taken lightly.
I will be glad to tribute my transaction of cDAI that has become trapped in a contract in limbo as a guinea pig for the initial test. If something goes wrong and they become erased or burned and leave them unrecoverable, then so be it, it would be worth the effort put forth by the community.
Correct me if Iām wrong, seems idea would be for the missent tokens to be swept to the timelock and decided on what to do with it via a governance proposal (returning to respective owners would be the most altruist option).
I am sorry, but this is not something that would be recoverable by this effort. You sent cDAI to an address unassociated with the compound protocol. That is a permeate, irreversible transaction, and the compound community can not help you recover it. We can help recover tokens sent to upgradeable contracts managed by the Compound community.
Oof, I was so excited. It is no worries and I still genuinely appreciate how much time and effort you put into this proposal, regardless of the outcome. I wish you a good day, sir.
I have completed development on this patch. Please review the PR linked below. The changes are quite minimal and have full testing and simulation coverage. In addition to adding the sweep function, I removed the unused verify hooks which will result in gas savings on most interactions. I donāt plan on having a formal audit, so please take a look!
I have deployed the new implementation here. Please match the contract to ensure the code is as expected. I plan to make a proposal post soon and get this to a proposal.
