Accumulated Assets - Revamp

Can the Contract Owner or Anyone Else Access User Funds or Burned Assets?

1. Accumulated Native Currency (e.g., POL)

Who can access it?

  • Only users themselves can withdraw their own contributed funds or earned rewards.

  • Fees collected (listing, delisting, claim fees, etc.) are immediately transferred to designated recipient addresses (e.g., feeRecipient, shareholdingFeeRecipient), not held in the contract.

  • The only way anyone can move the native currency from the contract is by using the public withdrawal functions (withdraw, claim) that follow the contract’s fixed rules.

What about the owner?

  • Before ownership is renounced: The owner can only update fee parameters (like changing the listing fee amount or recipient addresses). The owner CANNOT withdraw or move user funds—the contract has no owner-only withdrawal or emergency functions.

  • After ownership is renounced: No one (including the original owner) can change any parameters or access user funds except through the standard, public functions that anyone can call for themselves.

Simple analogy: It’s like a safe deposit box where only the person with the correct key (the user) can open their box. The bank manager (owner) can change the sign outside or who receives the fees, but can never touch your valuables.

2. “Burned” or Removed Assets (Illiquid Tokens)

Who can access them?

  • Tokens that are removed from circulation are sent to a special collector address (tokenCollector).

  • This collector address is set once, and after ownership is renounced, it can never be changed.

What about the owner?

  • Before ownership is renounced: The owner can change the collector address (if needed). If the owner sets the collector address to a “dead” address (e.g., 0x000…dEaD), tokens sent there are gone forever. If the owner sets the collector to their own address, they could receive tokens sent for burning until ownership is renounced.

  • After ownership is renounced: No one can ever change the collector address again. If the collector is a burn address, all tokens sent there are permanently inaccessible to anyone, including the owner.

Simple analogy: It’s like recycling old coins by throwing them into a volcano (burn address). Before the volcano is sealed, someone could redirect coins to another location; but once sealed (ownership renounced), there’s no way for anyone—ever—to get them back.

Summary Table

Action
Before Ownership Renounced
After Ownership Renounced

Withdraw user funds

Only by the user

Only by the user

Access protocol fees

Only to the designated recipient

Only to the recipient

Change protocol fee settings

Yes (owner only)

No (never again)

Withdraw burned tokens

If collector is owner address

Not possible (sealed)

Change collector address

Yes (owner only)

No (never again)

In Simple Words:

  • No one—including the owner—can ever steal or withdraw users’ native currency or assets.

  • After ownership is renounced, everything is fully trustless, locked, and immutable.

  • The only way for funds or assets to move is by users calling the contract’s public methods themselves, according to the rules written in the code.

PreviousRevamp ProtocolNextShareHolding Protocol

Last updated