Two months ago, a significant amount of cUNI was accidentally sent to the cUNI contract in this transaction. While it is quite common for accidents to occur within DeFi, I believe that as a community, we should try to return accidentally sent funds when possible and establish a policy regarding it. This proposal acts to do so.
I propose a process as follows:
- Create a proposal at most once every 6 months to return accidentally sent funds.
- Impose a 10% penalty on the sent funds.
- Only return funds to the address they were sent from.
- Require the sender to reply below this post requesting their funds back along with a signed signature or on-chain transaction with call data verifying their identity.
- A minimum value of $1,000 at the time of the post.
- Post by the sender must be made within 6 months of the accidental send. After this timeframe, the funds will be considered community assets.
Technical
I have added a function sweepToken(address token)
to the CErc20
smart contract. This will send the entire balance of any token other than the underlying to the admin (Timelock). It is callable by anyone allowing for future proposals returning user funds to be a simple as possible (the funds will already be in the Timelock).
I have also commented out unused verify hooks for gas savings.
The changes implemented here are very straightforward and limited in scope so I don’t believe a formal audit is required. The new feature is extensively tested through scenario testing and the proposal has been simulated through fork simulations. The code has already been reviewed by many community members, and hopefully more will review it in the coming days. View the changes in the PR.
Proposal
The proposal will contain the following calls:
- Update the cUNI implementation to the implementation here
- sweep cUNI out of the cUNI contract into the Timelock
- Transfer 90% of the cUNI to the sender:
0xf22c2e3475e4a066f4e9f44567c950dd36112d05
- Grant 30 comp to Arr00
I have been in touch with the sender of cUNI to the cUNI contract and they have sent me a signature confirming their identity and requested for their cUNI to be returned. The signature is posted below. The message is signed by the wallet that executed the transaction and is one of the owners of the multisig which sent the cUNI. The cUNI will be sent back to the multisig.
{
"address": "0x3f9a39602853f6fa8a6f134dd1d63e8a48a7a0ba",
"msg": "“We sent cUNI to cUNI contract. We would like it returned to the original wallet.”",
"sig": "0x2c0ab1890fe2df7d1793d36e213b1d70620c232f1e566de4f5ebcdb92f136d90320b9a1a825d92662ddbea9f95de2fdd010fd9aa39707649335ac541572557711b",
"version": "3",
"signer": "MEW"
}
Discussion throughout development: CToken sweepToken function