Reading Assignment: Security vs User Experience

Why shouldn’t you just send people their ether directly (push)?
Because it can generate a bug in the security of the smarcontract or if there are many participants running out of gas.

What is the writers’ argument against “pull” design?
Since the user must incur the expense of the gas or that an inexperienced user interacts more than he should with the smartcontract and gets to make an error.

What problem did the writer encounter with people who did not withdraw their money?
Users were upset that he left it to them, so he proposed donating it to charity.

1 Like

1 - Why shouldn’t you just send people their ether directly (push)?

If both caller and callee contracts are not developed by the same author, the receivng address of the caller contract may have implemented a fallback function that could potential throw an error.
The callee contract may send ether back to all the participants and could run out of gas.
The callee contract may send ether to unknown addresses which could lead to security vulnerabilities.

2 - What’s the writers argument against the “pull” design?

In order to limit possible caller mistakes, the author feels limiting caller interaction is best.

3 - What problem did the writer find with people not withdrawing their money?

Callers tend to vary the moment when they actually withdraw funds. The author is left with unspent funds and not knowing what to do with it.

1 Like

Why shouldn’t you just send people their ether directly (push)?
It’s possible to run out of gas and sending ether to unknown addresses could lead to security vulnerabilities.

What’s the writers argument against the “pull” design?
It increases the complexity of the UX.

What problem did the writer find with people not withdrawing their money?
They didn’t know what to do with the money.

1 Like
  1. Why shouldn’t you just send people their ether directly (push)?
    it may run out of gas or it may lead to security vulnerabilities for sending to unknown addresses.

  2. What’s the writers argument against the “pull” design?
    people new to smart contract tend to make mistakes.

  3. What problem did the writer find with people not withdrawing their money?
    the writer needs to find a right way to handle those money, to donate to a charity or send it back to pre-register address…

1 Like

1- Because the function call may run out of gas halfway through execution which could mess up the contract if not accounted for. To be clear there is also a mention of malicious code and callback functions but it seems the same is true using pull methods (read: DAO Hack).
2- People will sometimes not withdraw their money. In addition, they are required to pay fees which means it may sometimes be uneconomic for them to withdraw (See: every DeFi app in the summer of 2020)
3- Lazy people. People who are new and don’t know how these work. People for whom the fee is higher than the payout.

1 Like
  1. Sending people their ether directly could run out of gas, and sending ether to unkown addresses could lead to security vulnerabilities

  2. The pull design is a trade off between security and user experience - although more secure, the user is required to interact with the contract further to actually receive their funds. From the user’s perspective, the contract should just send them their funds rather than having to explicitly call the contract

  3. Some people were not withdrawing their money for a significant period of time, or even not at all

1 Like
  1. Why shouldn’t you just send people their ether directly (push)?
    2 reasons:
    1- Sending ether back to all the participants could run out of gas.
    2- Sending ether to unknown addresses could lead to security vulnerabilities.

  2. What’s the writers argument against the “pull” design?
    It makes people forget to withdraw their funds. New users have another barrier in the user experience.

  3. What problem did the writer find with people not withdrawing their money?
    There was a conflict in handling the left over funds.

1 Like

1.Could run out of gas and could be a malicious contract address.
2.New users tend to make a mistake.
3.What to do with the unclaimed money.

  1. Why shouldn’t you just send people their ether directly (push)?
    The function could run out of gas and the send function could trigger a fallback function on the receiver which could fail or act maliciously.

  2. What’s the writers argument against the “pull” design?
    That pull design requires people to interact contract more than they have to and new people may not be used to this.

  3. What problem did the writer find with people not withdrawing their money?
    They were lazy, forgetful, or didn’t care to withdraw small amount of money.

1. Why shouldn’t you just send people their ether directly (push)?
Because you may run out of gas and you expose your contract to potentially malicious consequences.

2. What’s the writers argument against the “pull” design?
The argument is that users should not really interact with the smart contract unless needed.

3. What problem did the writer find with people not withdrawing their money?
The problem is that the author didn’t know what to do with the left over, to take it himself, to donate or to send to a predesignated address(-gas).

Q). Why shouldn’t you just send people their ether directly (push)?
A). You might run out of Gas and Sending ether to unknown addresses could lead to security vulnerabilities.
Q). What’s the writers argument against the “pull” design?
a). some participants did not claim in a timely fashion, which means. in my opinion, the author got very confused, when designing the contract from the outset, a lot of potentially unclaimed tokens will be left. what do we do with the unclaimed balance? the obvious solution is to send it to my wallet. :stuck_out_tongue_winking_eye: or to be sent to a charity set up in a new proxy contract.
Q). What problem did the writer find with people not withdrawing their money?
See above answer.

  1. could run out of gas and Sending ether to unknown addresses could lead to security vulnerabilities
  2. Every Ether transfer implies potential code execution. The receiving address can implement a fallback function that can throw an error. Thus, we should never trust that a send call will execute without error. A solution: our contracts should favor pull over push for payments.
    3.donate it to charity
  1. Sending ether back to all the participants could run out of gas and sending ether to unknown addresses could lead to security vulnerabilities.
  2. Users should not really need to interact with smart contract more than they absolutely have to as people new to Smart contract tend to make mistakes
  3. What to do with the left over funds. claim it, send it to charity, divide it over all participants…
  1. Could run out of gas and could be a malicious contract address.
  2. User error (especially high among new users).
  3. What to do with it then (claim it, send it to charity, or send it to a predesignated address of the user) and depending on what is done what message would that send to participants in deciding how committed they would be in participating in the first place.
1 Like
  1. Why shouldn’t you just send people their ether directly (push)?
    Because you can have a gas issue (think of n send in a row) and also you don’t know if the receiving address is a contract function that can throw or return false or do reentrancy hack
  2. What’s the writers argument against the “pull” design?
    That user can forget to withdraw or delay it.
  3. What problem did the writer find with people not withdrawing their money?
    The problem is to decide what to do with that money. You could split the money between all the participants or give it in charity
1 Like
  1. Why shouldn’t you just send people their ether directly (push)?
    because the recipient address could be a smart contract that executes some callback function (that may or may not throw an error) and also because you could run out of gas in the middle of the Tx
  2. What’s the writers argument against the “pull” design?
    I quote from the writer: Users should not really need to interact with smart contract more than they absolutely have to as people new to Smart contract tend to make mistakes.
  3. What problem did the writer find with people not withdrawing their money?
    Than about 30% of the guys still wanted to take the money by themselves, and some users suugested that the leftover money should be distributed amongst the participants
1 Like

1. Why shouldn’t you just send people their ether directly (push)?
Because contract could ran out of gas. Also sending ether to unknown addresses could lead to security vulnerabilities.

2. What’s the writers argument against the “pull” design?
That people don’t want to immediately pull funds from contract so they sit there for a long time, also high rate of errors users create.

3. What problem did the writer find with people not withdrawing their money?
Funds will remain untouched in contract so what should he do, send it to charity, leave it there etc.

1 Like

1. Why shouldn’t you just send people their ether directly (push)?
The contract could run out of gas. Sending ether to unknown addresses could lead to security vulnerabilities.
2. What’s the writers argument against the “pull” design?
People are lazy lol. It’s an extra step that users have to take and some are not aware of this or just forget.
3. What problem did the writer find with people not withdrawing their money?
What to do with the leftover funds.

1 Like

1. Why shouldn’t you just send people their ether directly (push)?
The contract could run out of gas. Sending ether to unknown addresses could lead to security vulnerabilities and used maliciously depending on errors generated.

2. What’s the writers argument against the “pull” design?
Users are lazy and dont always remove funds, but also most people are not familiar with interacting with smart contracts and therefore more likely to make errors when doing so.

3. What problem did the writer find with people not withdrawing their money?
ethics/morals regarding what to do/how to handle the remaining funds.

1 Like
  1. Why shouldn’t you just send people their ether directly (push)?

The contract may run out of gas or the address you transfer money to may belong to a malicious contract.

  1. What’s the writers argument against the “pull” design?

It makes UX worse for some lazy people of people who don’t want to spend their own gas on transactions.

  1. What problem did the writer find with people not withdrawing their money?

Where all unclaimed money should go to.

1 Like