Replies: 3 comments 10 replies
-
Did we implement the opposite in #4027? |
Beta Was this translation helpful? Give feedback.
-
I think the main issue is that if someone mistakenly sends coins to a contract that has no way to withdraw it, the coins are lost forever, that would be a bit problematic as the default case if it can be prevented. |
Beta Was this translation helpful? Give feedback.
-
After all the valid points you guys made, I would like to reopen the idea of allowing transfers towards SCs instead of implementing this proposal. |
Beta Was this translation helpful? Give feedback.
-
Context
In Massa, an SC can't currently transferCoins towards another SC, but has to call a payable function (all exported functions are payable by default). The de-facto standard is for smart contracts to export a function named
receiveCoins
.Some smart contracts dynamically select the way they transfer depending on the nature of the target: https://github.com/massalabs/massa-name-service/blob/faf01258a094262ff162b656dc4b48d8209ff125/smart-contract/assembly/contracts/main.ts#L244-L250
Unfortunately that practice has not been implemented at large. In particular, it was not done for the WMAS contract which is now immutable. This means that a smart contract will never be able to unwrap a WMAS into MAS in order to pay fees for example.
This limitation strongly hampers autonomous applications and is currently blocking Dusa's autonomous DCA impementation.
Proposal
In this discussion I propose that we add a fix at the L1 level that does the following:
This would enable existing smart contracts that transfer coins to their caller to be operated not only by users but also by other smart contracts and would solve autonomy issues.
Comparison with Ethereum
In Ethereum,
transfer
is basically a sugar-coat for a CALL with a fixed gas limit and towards a pre-defined exported function name:See https://dev.to/110nard0/understanding-ethereums-sendtransfercall-functions-2f1m
The idea is that a
transfer
always costs a predictable amount of gas, but a pretty high value.I am personally not a big fan of the hardcoded gas limit idea because:
Overall, I propose we do the same as ETH but with dynamic gas, just document everything very clearly.
Limitations
Risk: unexpected gas usage
A smart contract using
transfer
might not expect that it possibly uses an arbtirary amount of gas.To mitigate this, resorting to doing a first estimate with a read-only call is a good practice for users.
Otherwise, proper documentation of the ABI should suffice.
Risk: re-entrancy
This risk is linked to an SC attempting to unexpectedly call the
receiveCoins
function of a target SC that itself calls back the original SC, possibly triggering a re-entrancy attack. This risk is mitigated by properly documenting and warning that any call totransferCoins
might trigger a call.Making the Transfer operation work toward SCs
Could we also make the Transfer operation transparent so that EOAs can transfer coins to smart contracts from their wallet ?
Unfortunately, no because it would require hardccoding the
max_gas
parameter which is absent in aTransfer
operation, and as explained above, it is something we want to avoid.However, this could be abstracted away by wallet software that would automatically detect that a user is trying to transfer towards a smart contract and propose to call the
receiveCoins
function of the target SC instead.Beta Was this translation helpful? Give feedback.
All reactions