feat: support arbitary calls to support recovery of non erc20 tokens

Author: philbow61

.env.example

@@ -5,7 +5,7 @@ CELO_RPC_URL=https://forno.celo.org
 # Deployer address (Celo: Deployer 1)
 DEPLOYER=0xE23a4c6615669526Ab58E9c37088bee4eD2b2dEE
 
-# Address authorized to call recover functions (so deployer doesn't burn nonces)
+# Owner of deployed recovery contracts (must differ from DEPLOYER to avoid burning nonces)
 RECOVERER=0x0000000000000000000000000000000000000000
 
 # Deploy recovery contracts up to (and including) this nonce

README.md

@@ -6,7 +6,7 @@
    - **No contract on Celo** → burns the nonce with a cheap self-transfer (21k gas)
 3. The `RecoveryContract` at the target nonce lands at the exact same address, allowing fund recovery
 
-The `RecoveryContract` supports recovering both native ETH and any ERC20 token. It uses OpenZeppelin's `Ownable` and adds an immutable `recoverer` role — a separate address authorized to call recovery functions so the deployer doesn't burn future nonces.
+The `RecoveryContract` supports recovering ETH, ERC20, ERC721, ERC1155, and arbitrary calls. It uses OpenZeppelin's `Ownable` with the owner set to a `RECOVERER` address (must differ from the deployer, so the deployer doesn't burn future nonces by interacting with the contracts).
 
 ## Setup
 
@@ -24,7 +24,7 @@ Edit `.env`:
 ETH_RPC_URL=https://ethereum-rpc.publicnode.com
 CELO_RPC_URL=https://forno.celo.org
 DEPLOYER=0xE23a4c6615669526Ab58E9c37088bee4eD2b2dEE
-RECOVERER=0x...   # set this to the address that will call recover functions
+RECOVERER=0x...   # owner of deployed recovery contracts (must differ from DEPLOYER)
 MAX_NONCE=68
 ```
 
@@ -80,7 +80,7 @@ After deployment, verify the source code so the recovery functions are callable
 ```bash
 forge verify-contract <CONTRACT_ADDRESS> \
   src/RecoveryContract.sol:RecoveryContract \
-  --constructor-args $(cast abi-encode "constructor(address,address)" $DEPLOYER $RECOVERER) \
+  --constructor-args $(cast abi-encode "constructor(address)" $RECOVERER) \
   --etherscan-api-key $ETHERSCAN_API_KEY \
   --chain 1
 ```

script/DeployRecovery.s.sol

@@ -77,6 +77,10 @@ contract DeployRecovery is Script {
 
         require(startNonce <= maxNonce, "Deployer nonce already past max nonce");
         require(recoverer != address(0), "Set RECOVERER in .env before deployment");
+        require(
+            recoverer != deployer,
+            "RECOVERER must differ from DEPLOYER - calling recovery functions from the deployer burns future nonces"
+        );
 
         // Query Celo to find which nonces have contracts
         bool[] memory isContractNonce = _discoverContractNonces(celoRpc, deployer, maxNonce);
@@ -95,7 +99,7 @@ contract DeployRecovery is Script {
             address expectedAddr = vm.computeCreateAddress(deployer, nonce);
 
             if (isContractNonce[nonce]) {
-                RecoveryContract rc = new RecoveryContract(deployer, recoverer);
+                RecoveryContract rc = new RecoveryContract(recoverer);
                 console.log("DEPLOYED nonce", nonce, "->", address(rc));
                 require(address(rc) == expectedAddr, "Address mismatch!");
                 deployed++;

src/RecoveryContract.sol

@@ -8,41 +8,37 @@ import {SafeERC20} from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol
 /// @title RecoveryContract
 /// @notice Minimal contract deployed to recover funds accidentally sent to
 ///         CREATE-derived addresses on the wrong chain.
+///         Owner is set to the recoverer address so the deployer doesn't
+///         burn future nonces by interacting with the contract.
 contract RecoveryContract is Ownable {
     using SafeERC20 for IERC20;
 
-    address public immutable recoverer;
-
-    error NotAuthorized();
     error TransferFailed();
+    error ExecutionFailed(bytes returnData);
 
-    modifier onlyAuthorized() {
-        if (msg.sender != owner() && msg.sender != recoverer) revert NotAuthorized();
-        _;
-    }
-
-    /// @param _owner The deployer / primary owner.
-    /// @param _recoverer A separate address authorized to recover funds,
-    ///        so the deployer doesn't need to send txs (burning future nonces).
-    constructor(address _owner, address _recoverer) Ownable(_owner) {
-        recoverer = _recoverer;
-    }
+    /// @param _recoverer The address that owns this contract and can recover funds.
+    constructor(address _recoverer) Ownable(_recoverer) {}
 
     /// @notice Recover native ETH held by this contract.
-    /// @param to Destination address.
-    /// @param amount Amount of ETH to transfer (use address(this).balance for all).
-    function recoverETH(address payable to, uint256 amount) external onlyAuthorized {
+    function recoverETH(address payable to, uint256 amount) external onlyOwner {
         (bool success,) = to.call{value: amount}("");
         if (!success) revert TransferFailed();
     }
 
     /// @notice Recover any ERC20 token held by this contract.
-    /// @param token The ERC20 token address.
-    /// @param to Destination address.
-    /// @param amount Amount to transfer (use balanceOf for all).
-    function recoverERC20(address token, address to, uint256 amount) external onlyAuthorized {
+    function recoverERC20(address token, address to, uint256 amount) external onlyOwner {
         IERC20(token).safeTransfer(to, amount);
     }
 
+    /// @notice Execute an arbitrary call. Recovers ERC721, ERC1155, or anything else.
+    /// @param target The contract or address to call.
+    /// @param value ETH value to send with the call.
+    /// @param data Calldata to execute (e.g. ERC20.transfer, ERC721.transferFrom).
+    function execute(address target, uint256 value, bytes calldata data) external onlyOwner returns (bytes memory) {
+        (bool success, bytes memory result) = target.call{value: value}(data);
+        if (!success) revert ExecutionFailed(result);
+        return result;
+    }
+
     receive() external payable {}
 }

test/DeployRecovery.t.sol

@@ -85,7 +85,7 @@ contract DeployRecoveryTest is Test {
 
             if (isContract) {
                 vm.setNonce(deployer, uint64(nonce));
-                RecoveryContract rc = new RecoveryContract(deployer, recoverer);
+                RecoveryContract rc = new RecoveryContract(recoverer);
                 assertEq(address(rc), expected, string.concat("Address mismatch at nonce ", vm.toString(nonce)));
 
                 if (nonce == TARGET_NONCE) {

test/RecoveryContract.t.sol

@@ -7,28 +7,28 @@ import {RecoveryContract} from "../src/RecoveryContract.sol";
 
 contract RecoveryContractTest is Test {
     address constant OWNER = address(0x1);
-    address constant RECOVERER = address(0x2);
     address constant ATTACKER = address(0x3);
     address payable constant RECIPIENT = payable(address(0x4));
 
     RecoveryContract rc;
     MockERC20 token;
+    MockERC721 nft;
 
     function setUp() public {
-        rc = new RecoveryContract(OWNER, RECOVERER);
+        rc = new RecoveryContract(OWNER);
         token = new MockERC20();
+        nft = new MockERC721();
     }
 
     // ──────────────────── Construction ────────────────────
 
     function test_constructor() public view {
         assertEq(rc.owner(), OWNER);
-        assertEq(rc.recoverer(), RECOVERER);
     }
 
     // ──────────────────── ETH recovery ────────────────────
 
-    function test_recoverETH_owner() public {
+    function test_recoverETH() public {
         vm.deal(address(rc), 1 ether);
 
         vm.prank(OWNER);
@@ -38,19 +38,10 @@ contract RecoveryContractTest is Test {
         assertEq(address(rc).balance, 0);
     }
 
-    function test_recoverETH_recoverer() public {
-        vm.deal(address(rc), 1 ether);
-
-        vm.prank(RECOVERER);
-        rc.recoverETH(RECIPIENT, 1 ether);
-
-        assertEq(RECIPIENT.balance, 1 ether);
-    }
-
     function test_recoverETH_partial() public {
         vm.deal(address(rc), 2 ether);
 
-        vm.prank(RECOVERER);
+        vm.prank(OWNER);
         rc.recoverETH(RECIPIENT, 0.5 ether);
 
         assertEq(RECIPIENT.balance, 0.5 ether);
@@ -61,13 +52,13 @@ contract RecoveryContractTest is Test {
         vm.deal(address(rc), 1 ether);
 
         vm.prank(ATTACKER);
-        vm.expectRevert(RecoveryContract.NotAuthorized.selector);
+        vm.expectRevert(abi.encodeWithSelector(Ownable.OwnableUnauthorizedAccount.selector, ATTACKER));
         rc.recoverETH(payable(ATTACKER), 1 ether);
     }
 
     // ──────────────────── ERC20 recovery ────────────────────
 
-    function test_recoverERC20_owner() public {
+    function test_recoverERC20() public {
         token.mint(address(rc), 1000e18);
 
         vm.prank(OWNER);
@@ -77,21 +68,67 @@ contract RecoveryContractTest is Test {
         assertEq(token.balanceOf(address(rc)), 0);
     }
 
-    function test_recoverERC20_recoverer() public {
+    function test_recoverERC20_unauthorized() public {
         token.mint(address(rc), 1000e18);
 
-        vm.prank(RECOVERER);
+        vm.prank(ATTACKER);
+        vm.expectRevert(abi.encodeWithSelector(Ownable.OwnableUnauthorizedAccount.selector, ATTACKER));
         rc.recoverERC20(address(token), RECIPIENT, 1000e18);
+    }
 
-        assertEq(token.balanceOf(RECIPIENT), 1000e18);
+    // ──────────────────── Arbitrary execute ────────────────────
+
+    function test_execute_ETH() public {
+        vm.deal(address(rc), 1 ether);
+
+        vm.prank(OWNER);
+        rc.execute(RECIPIENT, 1 ether, "");
+
+        assertEq(RECIPIENT.balance, 1 ether);
     }
 
-    function test_recoverERC20_unauthorized() public {
-        token.mint(address(rc), 1000e18);
+    function test_execute_ERC721() public {
+        nft.mint(address(rc), 42);
+
+        vm.prank(OWNER);
+        rc.execute(address(nft), 0, abi.encodeCall(MockERC721.transferFrom, (address(rc), RECIPIENT, 42)));
+
+        assertEq(nft.ownerOf(42), RECIPIENT);
+    }
+
+    function test_execute_unauthorized() public {
+        vm.deal(address(rc), 1 ether);
 
         vm.prank(ATTACKER);
-        vm.expectRevert(RecoveryContract.NotAuthorized.selector);
-        rc.recoverERC20(address(token), RECIPIENT, 1000e18);
+        vm.expectRevert(abi.encodeWithSelector(Ownable.OwnableUnauthorizedAccount.selector, ATTACKER));
+        rc.execute(RECIPIENT, 1 ether, "");
+    }
+
+    function test_execute_revertsOnFailure() public {
+        vm.prank(OWNER);
+        vm.expectRevert();
+        rc.execute(address(token), 0, abi.encodeCall(MockERC20.transfer, (RECIPIENT, 1)));
+    }
+
+    // ──────────────────── Ownable ────────────────────
+
+    function test_transferOwnership() public {
+        address newOwner = makeAddr("newOwner");
+
+        vm.prank(OWNER);
+        rc.transferOwnership(newOwner);
+        assertEq(rc.owner(), newOwner);
+
+        vm.deal(address(rc), 1 ether);
+        vm.prank(newOwner);
+        rc.execute(RECIPIENT, 1 ether, "");
+        assertEq(RECIPIENT.balance, 1 ether);
+    }
+
+    function test_transferOwnership_unauthorized() public {
+        vm.prank(ATTACKER);
+        vm.expectRevert(abi.encodeWithSelector(Ownable.OwnableUnauthorizedAccount.selector, ATTACKER));
+        rc.transferOwnership(ATTACKER);
     }
 
     // ──────────────────── Receive ────────────────────
@@ -118,3 +155,17 @@ contract MockERC20 {
         return true;
     }
 }
+
+/// @dev Minimal ERC721 for testing
+contract MockERC721 {
+    mapping(uint256 => address) public ownerOf;
+
+    function mint(address to, uint256 tokenId) external {
+        ownerOf[tokenId] = to;
+    }
+
+    function transferFrom(address from, address to, uint256 tokenId) external {
+        require(ownerOf[tokenId] == from, "not owner");
+        ownerOf[tokenId] = to;
+    }
+}