mirror of
https://github.com/nspcc-dev/neofs-contract.git
synced 2026-03-01 04:28:59 +00:00
Check return value of token transfer #69
Labels
No labels
I1
I2
I3
I4
S1
S2
S3
S4
U1
U2
U3
U4
alphabet
audit
balance
blocked
bug
config
container
discussion
documentation
enhancement
feature
go
good first issue
help wanted
neofs
neofsid
netmap
nns
nns
performance
proxy
question
reputation
security
task
test
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
nspcc-dev/neofs-contract#69
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @alexvanin on GitHub (Dec 1, 2021).
Originally assigned to: @alexvanin, @carpawell on GitHub.
I've noticed an issue:
alphabet_contract.go(and probably other contracts) hasneo.Transferandgas.Transfercalls. These calls return boolean value whether the transfer was OK. You don't handle this value, it's dangerous.Originally posted by @AnnaShaleva in https://github.com/nspcc-dev/neofs-contract/pull/185#pullrequestreview-818660980
@alexvanin commented on GitHub (Dec 1, 2021):
There are only 3 places where we ignore return value:
I think it makes sense to check return value only in (1) case. If Alphabet contract can't produce GAS to spend, then it is okay to abort and panic.
But for (2) and (3) I don't think it is worth to do it. If there are some transfer issues (which should never happen, because receivers are not contracts, they are regular wallets, I hope 😃 ) we should not abort but continue GAS emission for other nodes. We can log the failure, but I doubt anyone will see those logs. Maybe produce notification, but idk.
@AnnaShaleva commented on GitHub (Dec 1, 2021):
Transfer can return false not only because of bad receiver, but also when you don't have enough funds to transfer or in case of bad witness or even if token fails to persist storage item changes, so there are various errors that could happen.
I paid attention to this issue in order to ensure it was done intentionally and you're aware of the consequences. If so, then we can keep the old code and omit
Transferresult checking.@AnnaShaleva commented on GitHub (Dec 1, 2021):
I reviewed carefully usages of transfer, and I think that at least it's worth to add logs if something goes wrong with transfer. It will help to investigate issues.
For case (2) we have the following code:
So here you always assume that transfer succeded and this affects
gasBalancevariable. This GAS then should be transferred to the storage nodes, so in the bad case when transfer (2) fails, at leastproxyGasamount of GAS will still be available on the alphabet contract account, is it OK?I don't think it's worth to produce notifications on failure, these events are not meaningful to anyone except alphabet nodes.
@alexvanin commented on GitHub (Dec 1, 2021):
I am okay with logs, let's do that.
It is. We have a ratio of GAS emission between nodes and proxy contract. It will be more consistent to keep ratio even if some transfers have failed. In next emission, unspent GAS will be reused according to the ratio.