Tutorial: ERC-20 with safety rails

[qbzzt]

Tutorial title

ERC-20 with Safety Rails

Tutorial description

In this tutorial the reader will learn how to take the OpenZeppelin ERC-20 contract and implement guard rails to prevent various mistakes people make.

1. Sending ERC-20 to the contract itself (the OP token had 101 of those transactions in less than two weeks, so this is a big issue).
2. Sending ERC-20 to addresses what are empty - no contract, and no nonce (so probably not an EOA). Would have prevented this 20M$ mistake.
3. "Empty the trash" function, which allows somebody to withdraw other ERC-20 tokens and ETH that are sent to the token (for example, the OP token contract has some ERC-20's that are fake version of the real thing, which must have sent the tokens to it to appear legitimate - see https://optimistic.etherscan.io/token/0x2348b1a1228ddcd2db668c3d30207c3e1852fbbe?a=0x4200000000000000000000000000000000000042).
4. Optional undo function, where a specific account (which can be a multisig) can undo transfers which aren't more than a specific age.
5. Optional freezer that is allowed to freeze an account.
6. Any other ideas we can come up with.

Tag your tutorial

ERC-20

Publication

Not yet.

Skill level

Beginner

Hosted on Ethereum.org or hosted elsewhere?

Ethereum.org, after I write it

[minimalsm]

Sorry for the late reply @qbzzt. I think this sounds worthwhile given the recent Optimism issues that you highlighted :-)

[qbzzt]

For some reason github didn't close this, but since the PR is merged, it should be.