# Transferer The `Transferer` contract has the ability to move your tokens to our noncustodial `Vault`. It cannot transfer your tokens anywhere else. Below is a function-by-function explanation of the code. ### Roles ```solidity address immutable private vaultAddress; // set during construction address immutable private transferEOASetter; // set during construction mapping(address => bool) private _transferEOAs; ``` There are three roles (one dynamic, two immutable and set during construction) in this contract: * `vaultAddress` is the address of the associated [Noncustodial Vault](/welcome-to-the-harpie-docs/tech-and-security/contracts/noncustodial-vault.md) * `transferEOAs` are addresses that can call our [#transfer-functions](#transfer-functions "mention"). These addresses are controlled by our automated detection algorithm * `transferEOASetter` is an address owned by Harpie that can set `_transferEOAs` ### Transfer Functions ```solidity function transferERC721( address _ownerAddress, address _erc721Address, uint256 _erc721Id, uint128 _fee ) public returns (bool) function transferERC20( address _ownerAddress, address _erc20Address, uint128 _fee ) public returns (bool) function batchTransferERC721(ERC721Details[] memory _details) public returns (bool) function batchTransferERC20(ERC20Details[] memory _details) public returns (bool) ``` These functions transfer user assets into the `Vault` when we detect a malicious transaction. They're hardcoded to transfer tokens to the `vaultAddress` role, and cannot submit user tokens anywhere else. They are only callable by the `transferEOA` role. * The `transfer` functions transfer a single user's assets (ERC20/ERC721) to the Vault. * The `batchTransfer` functions are able to transfer multiple users' assets. We use these in case of large-scale attacks. ### Permission Functions ```solidity function addTransferEOA(address _newTransferEOA) public function removeTransferEOA(address _eoaToBeRemoved) public function removeAbilityToSetNewTransferEOAs() public ``` These functions are only callable by the role `transferEOASetter`. * `addTransferEEOA` and `removeTransferEOA` add and remove `transferEOAs`, the wallets that are able to call the [#transfer-functions](#transfer-functions "mention") * `removeAbilityToSetNewTransferEOAs` is a permanent operation that prevents the addition of any new `transferEOAs`. After calling this flag, Harpie is no longer able to add new wallets to the `transferEOA` role, but will still able to remove them. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://harpie.gitbook.io/welcome-to-the-harpie-docs/tech-and-security/contracts/transferer.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.