- A user sent 4,005 LINK tokens, worth over $50,000, to a smart contract that doesn't support them.
- This resulted in the funds getting irreversibly stuck on DeFi game Aavegotchi's address.
- The problem with the ERC-20 standard is that it doesn't provide a way to check if a contract can accept certain tokens, an Aavegotchi developer noted.
A user erroneously sent 4,005 Chainlink (LINK) tokens (worth around $52,800 currently) to a smart contract that belongs to decentralized finance (DeFi) game Aavegotchi, he wrote on Github yesterday.
Unfortunately for the user, the contract doesn’t support them—and his funds got lost forever.
“Dawid (@D13Kabani) a father of two and Aavegotchi enthusiast staking GHST, made the type of mistake that every crypto user fears the most,” Aavegotchi developer Pixelcraft Studios confirmed today.
Per the post, Dawid mistakenly sent the majority of his crypto savings to the GHST staking contract he’d previously interacted with—instead of depositing them to Binance.
The developers added that since there are (almost) no “undo” buttons in the world of crypto, the user’s LINK tokens are now stuck in a non-upgradeable—and thus immutable—GHST staking contract forever.
@VitalikButerin be my Santa Please. I have already done hundreds of transactions on the ETH chain and by one oversight, rush and my son's lessons (f * COVID) I Lost my life savings sending all my funds to a non upgradeable smartcontract.
— D13 (@D13Kabani) December 16, 2020
However, Aavegotchi decided to help the user by setting up a special “SantaGotchi” wallet so that other crypto enthusiasts can donate to him. On Christmas day, Aavegotchi will transfer all the funds deposited by that time to Dawid.
So far, users have donated roughly $1,170 in Ethereum.
Speaking to Decrypt, Nick Mudge, creator of Ethereum’s diamond solution (that Aavegotchi’s smart contract is using) who is also a lead Solidity developer at Pixelcraft Studios, explained that Ethereum’s ERC-20 standard is prone to user mistakes such as this.
“This is a problem with the ERC20 standard. It doesn't provide a way to check that a contract can accept ERC-20 tokens. Some other token standards provide some protection against this,” Mudge told Decrypt.
As an example, he cited two Ethereum improvement proposals called ERC-777 and ERC-223. The former prevents receiving funds it doesn't support while the latter is compatible with ERC-20 standard and was specifically created to prevent users from losing funds due to mistakes.
“Also, I think that [Ethereum Name Service] names help. I think a person is less likely to make a mistake if they use an address like SantaGotchi.eth rather than an address like [this],” Mudge noted, adding, “I think that user interfaces can help prevent errors and mistakes like this from occurring.”
Still, user mistakes keep occurring with unenviable regularity. In late October, someone sent 28,050 AAVE tokens—worth around $1.1 million at the time—to the wrong address, which resulted in the irreversible loss of their funds. It’s a scary world out there.