Reading Assignment: Security vs User Experience

• Insufficient Gas problems might occur while sending ether directly.
• Funds could end up being sent to a malicious address which could potentially initiate a fallback function or error function which could hinder the rest of the transaction.

• User experience. (Prone to error/fear of error, Convenience of automated push due to laziness or other factors).

• Confusion regarding whether to send the money to charity, “push” to the user or send it to the owner himself.

1. Why shouldn’t you just send people their ether directly (push)?
   You can run out of gas, and it’s a security feature.

2. What’s the writers argument against the “pull” design?
   It minimizes the times a user has to interact with smart contracts, therefore minimizing user errors.

3. What problem did the writer find with people not withdrawing their money?
   He didn’t exactly know where the money should go, to the other participant, to himself or to a charity.

Reading Assignment: Security vs User Experience

1. Why shouldn’t you just send people their ether directly (push)?

• Sending ether back o all participants could run out of gas
• Sending ether to unknown addresses could lead to security vulnerabilities

2. What’s the writers argument against the “pull” design?

That users should not really need to interact with the smart contract more than they absolutely have to as people new to smart contracts tend to make mistakes.

3. What problem did the writer find with people not withdrawing their money?

Trying to find the best solution for returning the funds to them, or whether to send to a charity address or a different address (ie. the writer). Also, it showed that users were not fully committed to participating in the first place.

1. Using the push design has a couple of drawbacks, firstly it can lead to execution of a fallback function, having a lot of logic in a function can also lead to running out of gas to run said function.

2. Users new to smart contract tend to make mistakes when interacting with smart contract and as such, do dont have to interact with it more than they have to.

3. Its difficult getting the people to withdraw because some didnt know how to, or are lazy to.

1. Why shouldn’t you just send people their ether directly (push)?
   • whenever that use call function for send ETH, we expose our contract a potentials “fallback” functions damaging. in addition this operation can more expensive or go over gas limits for block
2. What’s the writers argument against the “pull” design?
   • because some user forgot of withdraw his tokens, and some user doing mistake or have fear of use smart contract
3. What problem did the writer find with people not withdrawing their money?
   -the writer don’t know if this money are lost ,forgot or not withdrawing for laziness. in the second case , this can donated in charity, but in first and last case he don’t know if send this ETH and expose his contract a possible fallback or take other solution.

1. Why shouldn’t you just send people their ether directly (push)?
Because you could run out of gas or sending eth to an unknown address could cause security problems such as fallback functions.

2. What’s the writers argument against the “pull” design?
User experience. Users should not have to interact with smart contracts more than necessary.

3. What problem did the writer find with people not withdrawing their money?
A bit over half are in favour of an implementation of a push but some are only in favour if it doesn´t cause too much of a cost. About 30% prefer pull.

1. Why shouldn’t you just send people their ether directly (push)?

Because it could run out of gas, and sending to unknown address could have security vulnerabilities.

2. What’s the writer’s argument against the “pull” design?

It’s a bad user experience.

3. What problem did the writer find with people not withdrawing their money?

I’m not sure I understand the question, but if people don’t withdraw their money, it then has to be decided where that unclaimed money goes.

• Why shouldn’t you just send people their ether directly (push)?
  You could run out of gas or open the contract to security vulnerabilities; it it better to let the users withdraw the funds.

• What’s the writers argument against the “pull” design?
  There is an extra cost for the recipient.

• What problem did the writer find with people not withdrawing their money?
  Every Ether transfer implies potential code execution. The receiving address can implement a fallback function that can throw an error. Thus, we should never trust that a send call will execute without error.

You could run out of gas and it could create a potential security threat

The user could make a mistake

People didn’t withdraw their own money themselves

1. Why shouldn’t you just send people their ether directly (push)?

Because it can be dangerous, smart contract can accidentally call malicious/vulnerable smart contract

2. What’s the writers argument against the “pull” design?

The UX issues. A lot of respondents didn’t withdraw their money at all.

3. What problem did the writer find with people not withdrawing their money?

• Some people doesn’t know how to work with smart contracts and feels uncomfortable with them
• Some people are forgetting about their funds on the smart contracts.

1. running out of gas, could throw error and call malicious smart contract
2. isolate each external call into its own transaction that can be initiated by the recipient of the call.
3. What to do with it (charity, it self, forever lost)

Hi, these are my answers:

1. Why shouldn’t you just send people their ether directly (push)?

• Run out of gas
• Securiy vulnerabilities

2. What’s the writers argument against the “pull” design?

• Bad UX

3. What problem did the writer find with people not withdrawing their money?

• Lazy
• People new to smart contract tend to make mistakes and not knowing how to interact with smart contract properly

1. Big potential gas use, sending back to all participants could run out of gas, sending ether to unknown addressess could lad to security vulnerablities
2. They complain about the UX as the users shouldn’t be interacting with the smart contract as they’re new to it
3. They don’t like the fact that the unclaimed money goes to waste

1. because the calls could fail accidently and leave your contract exposed to vulnerability

2. Users either did not know how exactly to retrieve funds or never did so.

3. He did not know what to do with the abandoned funds. it was either keep, donate, or hold forever.

1. Why shouldn’t you just send people their ether directly (push)?
You could run into a problem where you run out of gas or open yourself up to security issues.

2. What’s the writers argument against the “pull” design?
The writer suggests we should minimize user interaction with contracts, especially new users who may be more prone to make mistakes.

3. What problem did the writer find with people not withdrawing their money?
The writer was unsure how the unclaimed money should be spent - donated, sent to specific accounts, or kept for himself.

1. Could be a malicious contract or person that you are sending your money to. Additionally, in case the prize is small, it can be classified as dust attack and in case the person has committed any illegal activities and is caught, Finally, sending money to many different addresses can cost a lot of gas.

2. Not everyone claims their rewards - although most did and due to the technology and experience being new, people may be afraid to make a mistake

3. Where to send the leftover money

1. This could lead to security vulnerabilities when sending to unknown addresses and the function could ran out of gas.

2. Users should not interact with smart contracts more than they absolutely have. Beginners can make more mistakes, if they are interacting with smart contract many times.

3. They were lazy or they forgot to withdraw the money.

1. Why shouldn’t you just send people their ether directly (push)?
   Any transfer of funds is a potential vulnerability, as we don’t know who is receiving the funds. A receiving contract could potentially execute malicious code upon receiving the funds.

2. What’s the writers argument against the “pull” design?
   Forcing the users to make additional interactions with the contracts is risky as it creates more chances for errors.

3. What problem did the writer find with people not withdrawing their money?
   The writer was unsure of what to do with the unclaimed funds.

1. Why shouldn’t you just send people their ether directly (push)?
   Answer: You could run out of gas & you don’t know who you’re sending that money to (security vulnerability).
2. What’s the writers argument against the “pull” design?
   Answer: Users shouldn’t really interact with smart contracts unless it’s necessary (especially beginners).
3. What problem did the writer find with people not withdrawing their money?
   Answer: He didn’t know what to do with the remaining funds (give or take?).