diff --git a/contracts/terminus/TokenDrainerFacet.sol b/contracts/terminus/TokenDrainerFacet.sol
new file mode 100644
index 0000000..c05415f
--- /dev/null
+++ b/contracts/terminus/TokenDrainerFacet.sol
@@ -0,0 +1,63 @@
+// SPDX-License-Identifier: Apache-2.0
+
+/**
+ * Authors: Moonstream Engineering (engineering@moonstream.to)
+ * GitHub: https://github.com/bugout-dev/dao
+ *
+ */
+pragma solidity ^0.8.9;
+
+import "@openzeppelin-contracts/contracts/token/ERC1155/IERC1155Receiver.sol";
+import "@openzeppelin-contracts/contracts/token/ERC721/IERC721Receiver.sol";
+import "@openzeppelin-contracts/contracts/token/ERC20/IERC20.sol";
+import "@openzeppelin-contracts/contracts/token/ERC1155/IERC1155.sol";
+
+import "../diamond/libraries/LibDiamond.sol";
+
+contract TokenDrainerFacet {
+    function drainERC20(address tokenAddress, address receiverAddress)
+        external
+    {
+        uint256 balance = IERC20(tokenAddress).balanceOf(address(this));
+        withdrawERC20(tokenAddress, balance, receiverAddress);
+    }
+
+    function withdrawERC20(
+        address tokenAddress,
+        uint256 amount,
+        address receiverAddress
+    ) public {
+        LibDiamond.enforceIsContractOwner();
+        IERC20 token = IERC20(tokenAddress);
+        token.transfer(receiverAddress, amount);
+    }
+
+    function drainERC1155(
+        address tokenAddress,
+        uint256 tokenId,
+        address receiverAddress
+    ) external {
+        uint256 balance = IERC1155(tokenAddress).balanceOf(
+            address(this),
+            tokenId
+        );
+        withdrawERC1155(tokenAddress, tokenId, balance, receiverAddress);
+    }
+
+    function withdrawERC1155(
+        address tokenAddress,
+        uint256 tokenId,
+        uint256 amount,
+        address receiverAddress
+    ) public {
+        LibDiamond.enforceIsContractOwner();
+        IERC1155 token = IERC1155(tokenAddress);
+        token.safeTransferFrom(
+            address(this),
+            receiverAddress,
+            tokenId,
+            amount,
+            ""
+        );
+    }
+}
diff --git a/contracts/terminus/controller/TerminusControllerFacet.sol b/contracts/terminus/controller/TerminusControllerFacet.sol
index 96136b8..677673c 100644
--- a/contracts/terminus/controller/TerminusControllerFacet.sol
+++ b/contracts/terminus/controller/TerminusControllerFacet.sol
@@ -11,6 +11,7 @@ import "@openzeppelin-contracts/contracts/token/ERC20/IERC20.sol";
 import "../TerminusFacet.sol";
 import "../TerminusPermissions.sol";
 import "./LibTerminusController.sol";
+import "../TokenDrainerFacet.sol";
 
 pragma solidity ^0.8.9;
 
@@ -19,7 +20,7 @@ pragma solidity ^0.8.9;
 // - Holder of _TERMINUS_MAIN_ADMIN_POOL_ID can change poolControllerPoolID, create pool (+ pool operations?)
 // - PoolController can: mint/burn + setURI
 
-contract TerminusControllerFacet is TerminusPermissions {
+contract TerminusControllerFacet is TerminusPermissions, TokenDrainerFacet {
     /**
      * @dev Checks if the caller holds the Admin Pool token or PoolController of pool with poolID
      * @param poolId The poolID to check
@@ -106,7 +107,8 @@ contract TerminusControllerFacet is TerminusPermissions {
     }
 
     /**
-
+     * @dev Gives permission to the holder of the  (poolControllerPoolId,terminusAddress)
+     * to mint/burn/setURI for the pool with poolId
      */
     function setPoolControlPermissions(
         uint256 poolId,
@@ -120,8 +122,11 @@ contract TerminusControllerFacet is TerminusPermissions {
 
     // PROXY FUNCTIONS:
 
-    // onlyOwner?
+    /**
+     * @dev Sets the controller of the terminus contract
+     */
     function setController(address newController) external {
+        LibDiamond.enforceIsContractOwner();
         terminusContract().setController(newController);
     }
 
@@ -187,10 +192,14 @@ contract TerminusControllerFacet is TerminusPermissions {
         return terminusContract().terminusPoolSupply(poolID);
     }
 
-    function _getPoolCreationPayments() internal {
+    function _approvePoolCreationPayments() internal {
         IERC20 paymentToken = IERC20(terminusContract().paymentToken());
         uint256 fee = terminusContract().poolBasePrice();
-        paymentToken.transferFrom(msg.sender, address(this), fee);
+        uint256 contractBalance = paymentToken.balanceOf(address(this));
+        require(
+            contractBalance >= fee,
+            "TerminusControllerFacet._getPoolCreationPayments: Not enough funds, pls transfet payment tokens to terminusController contract"
+        );
         paymentToken.approve(getTerminusAddress(), fee);
     }
 
@@ -199,7 +208,7 @@ contract TerminusControllerFacet is TerminusPermissions {
         onlyMainAdmin
         returns (uint256)
     {
-        _getPoolCreationPayments();
+        _approvePoolCreationPayments();
         return terminusContract().createSimplePool(_capacity);
     }
 
@@ -208,7 +217,7 @@ contract TerminusControllerFacet is TerminusPermissions {
         bool _transferable,
         bool _burnable
     ) external onlyMainAdmin returns (uint256) {
-        _getPoolCreationPayments();
+        _approvePoolCreationPayments();
         return
             terminusContract().createPoolV1(
                 _capacity,
@@ -226,13 +235,12 @@ contract TerminusControllerFacet is TerminusPermissions {
         terminusContract().mint(to, poolID, amount, data);
     }
 
-    //check in loop? only main admin?
     function mintBatch(
         address to,
         uint256[] memory poolIDs,
         uint256[] memory amounts,
         bytes memory data
-    ) external {
+    ) external onlyMainAdmin {
         terminusContract().mintBatch(to, poolIDs, amounts, data);
     }