Function: recoverErc20(address token, address to)

This function sweeps excess ERC-20 balances — only callable by ADMIN_ROLE holders.

Inputs

• token

  • Control: N/A.

  • Constraints: Must be nonzero.

  • Impact: Transfer to to to rescue the funds from the contract.

• to

  • Control: N/A.

  • Constraints: Must be nonzero.

  • Impact: Receives the recoverable ERC-20 amount.

Branches and code coverage

Intended branches

• If FRXUSD, only the surplus (balance minus protected amount) is eligible for transfer.

  Test coverage

• Revert if the balance is less than the protected amount.

  Test coverage

Negative behavior

• Non-admin callers revert.

  Negative test

Function call analysis

• IERC20(token).balanceOf(address(this))

  • What is controllable? The token contract is chosen by the admin.

  • If the return value is controllable, how is it used and how can it go wrong? N/A.

  • What happens if it reverts, reenters or does other unusual control flow? N/A.

• IERC20(token).safeTransfer(to, recoverable)

  • What is controllable? Admin controls to and the specific token address — recoverable is derived from on-chain balances and protected thresholds.

  • If the return value is controllable, how is it used and how can it go wrong? N/A.

  • What happens if it reverts, reenters or does other unusual control flow? N/A.