Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improper use of assert() in BasicToken and other places #435

Closed
3sGgpQ8H opened this issue Sep 11, 2017 · 6 comments
Closed

Improper use of assert() in BasicToken and other places #435

3sGgpQ8H opened this issue Sep 11, 2017 · 6 comments
Labels
good first issue Low hanging fruit for new contributors to get involved!

Comments

@3sGgpQ8H
Copy link

3sGgpQ8H commented Sep 11, 2017
edited
Loading

Method transfer of BasicToken smart contract uses method sub defined in SafeMath library to implicitly check that sender's balance is enough to transfer:

balances[msg.sender] = balances[msg.sender].sub(_value);

Method sub internally uses assert() function like this (a and b and method parameters):

assert(b <= a);

So, when sender's balance is insufficient, assert will fail and execution will be aborted. According to Solidity docs:

assert(bool condition): abort execution and revert state changes if condition is false (use for internal error)

but insufficient sender's balance is not internal error, so assert() should not be used here.

Note, that require() does not fit as well because:

require(bool condition): abort execution and revert state changes if condition is false (use for malformed input or error in external component)

and insufficient sender's balance is neither malformed input, not error in external component. So the best fit would be to use revert() here.
@frangio
Copy link
Contributor

frangio commented Sep 11, 2017

Thanks for reporting @mikhail-vladimirov! I agree with your assessment. Do you want to submit a PR changing to revert?

@3sGgpQ8H
Copy link
Author

3sGgpQ8H commented Sep 11, 2017
edited
Loading

@frangio I personally strongly prefer return false over revert(), my motivation is here: ethereum/EIPs#610 (comment). So I prefer somebody else to submit this PR.

@frangio frangio added the good first issue Low hanging fruit for new contributors to get involved! label Sep 18, 2017
@nedodn nedodn mentioned this issue Sep 27, 2017
Closed
@facuspagnuolo
Copy link
Contributor

facuspagnuolo commented Nov 21, 2017
edited
Loading

@mikhail-vladimirov sorry to disagree, require is meant to be used for validations, while assert should be used in order to prevent conditions which should never be possible, in this case, we are preventing an overflow.

I highly recommend this article, a detailed explanation about this subject.

@muellerberndt
Copy link

Sorry to re-vitalize this old issue but I agree @3sGgpQ8H and @frangio. assert is meant assert invariants, i.e. conditions that are impossible to occur. If there's a way to violate and invariant it always means that there's a bug in the code.

The asserts in SafeMath are implicitly performing input validation and IMO should be replaced by require.

@nventuro
Copy link
Contributor

Hey @b-mueller, this was discussed recently in #1120, where we decided to switch over to require (#1187).

@muellerberndt
Copy link

Ahh, I didn't notice! Awesome :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue Low hanging fruit for new contributors to get involved!
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@maraoz @frangio @nventuro @3sGgpQ8H @muellerberndt @facuspagnuolo