Avoiding Token Loss
Careful! Losing tokens means losing money!
Token loss is possible under multiple scenarios. These scenarios can be grouped into a few related classes:
- Improper key management
- Refunding deleted accounts
- Failed function calls in batches
Improper key management​
Improper key management may lead to token loss. Mitigating such scenarios may be done by issuing backup keys allowing for recovery of accounts whose keys have been lost or deleted.
Loss of FullAccess key​
A user may lose their private key of a FullAccess key pair for an account with no other keys.
No one will be able to recover the funds. Funds will remain locked in the account forever.
Loss of FunctionCall access key​
An account may have its one and only FunctionCall access key deleted.
No one will be able to recover the funds. Funds will remain locked in the account forever.
Refunding deleted accounts​
When a refund receipt is issued for an account, if that account no longer exists, the funds will be dispersed among validators proportional to their stake in the current epoch.
Deleting account with non-existent beneficiary​
When you delete an account, you must assign a beneficiary. Once deleted, a transfer receipt is generated and sent to the beneficiary account. If the beneficiary account does not exist, a refund receipt will be generated and sent back to the original account. Since the original account has already been deleted, the funds will be dispersed among validators.
Account with zero balance is garbage-collected, just before it receives refund​
If an account A transfers all of its funds to another account B and account B does not exist,
a refund receipt will be generated for account A. During the period of this round trip,
account A is vulnerable to deletion by garbage collection activities on the network.
If account A is deleted before the refund receipt arrives, the funds will be dispersed among validators.
Failed function calls in batches​
When designing a smart contract, you should always consider the asynchronous nature of NEAR Protocol.
If a contract function f1 calls two (or more) other functions f2 and f3, and at least one of these functions, f2 and f3 fails, then tokens will be refunded from the function that failed, but tokens will be appropriately credited to the function(s) which succeed.
The successful call's tokens may be considered lost depending on your use case if a single failure in the batch means the whole batch failed.
