Reading Assignment: Security vs User Experience

1. You should not push money because that operation costs gas, and because the address you send money to could be a malicious smart contract.
2. The writers say that the pull design is less user friendly.
3. The writer did not knew what to do with the money.

1. Why shouldn’t you just send people their ether directly (push)?

external calls can fail and can cost more gas.

2. What’s the writers argument against the “pull” design?

pull design is less user friendly.

3. What problem did the writer find with people not withdrawing their money?

high gas fee.

Mark As Complete

1. Why shouldn’t you just send people their ether directly (push)?

Keep also in mind that you might send ether to a smart contract, and therefore you could trigger a fallback function.

Cheers,
Dani

Answer

1. It’s better to modularize the code into specific functions. In this way you can control better the flow and avoid callback functions or unexpected huge amount of gas fee to pay.

2. New users were not so able to manage the withdraw() function. It would be request an effort for them, in fact the writer had the problem to have a lot of not withdraw payoffs.

3. How should him had used the not withdraw payouts? It was difficult to design the best functionality because there were a lot possibilities. Furthermore, people didn’t like to interact with smart contract. Why did they need to call the withdraw() when the smart contract could do it automatically?

1. The contract could run out of gas when trying to send out all payments, and there could be security risks.
2. Users who are likely not familiar with smart contracts could make a mistake.
3. Whether he should keep it, share it with the other participants, or donate it to charity.

1. You shouldn’t push ( send ) ETH directly to people because you could run out of gas or the recipient addresses could be malicious.

2. The argument against pull design is that people have to interact more with smart contracts than they might expect. And right now, where smart contracts are not ubiquitous among society, users may make mistakes when interacting with contracts leading to “feelsbad” moments.

3. There were a few problems that the writer found with regards to unclaimed deposits. One is that some people didn’t claim at all. No big deal, that was kind of the point of the smart contract. Another problem was that some people claimed months later. A third problem was what to do with unclaimed deposits. The writer thought to donate them to charity, but then he realised that that might actually demotivate people to turn up to events, which was the goal of the contract. If people thought they were doing good by donating to charity with their deposits, they might choose not to turn up! The point of the contract was that having unclaimed deposits split up among attendees/strangers would incentivize people who signed up for the events to actually attend.

1. Running a push function has security vulnerabilities because you don’t know about the contract you’re sending funds to. Also, you can potentially run out of gas.
2. The writer’s argument against pull design is that it ruins UX. To minimize the chance of user mistakes, you want users to interact with the contract as little as possible.
3. The writer had an issue in deciding what to do with the leftover funds: Send back to participants, send to admin, or donate to charity.

1. Security and gas reasons

2. Difficult for users

3. He didn’t know what to do with the funds

1. Why shouldn’t you just send people their ether directly (push)?

Pushing funds to users opens up the possibility of malicious fallback functions. Also, our own contract could run out of gas.

2. What’s the writers argument against the “pull” design?

Because interacting with smart contracts is still new to most of the users, the risk of people making mistakes while interacting with them is still high.

3. What problem did the writer find with people not withdrawing their money?

Some of them openly admitted that they are to lazy to get their deposit back, others didn’t seem to care about their money and others wanted him to do the job. So what to do with the money that has been “abandoned”? The result of the owner’s survey showed that the majority would like to see it, if the remaining funds would be donated to charity. The author of Blockparty though, sees the clear message of the Blockparty contract diluted, because it will lessen the effect incentive to really show up once a user signed up. I really like the idea though, that users can choose what will happen to their deposit, in case they don’t show up, in the registration process.

1. Why shouldn’t you just send people their ether directly (push)?
Sending back could result in gas running out.
2. What’s the writers argument against the “pull” design?
It’s not a great UX.
3. What problem did the writer find with people not withdrawing their money?
What to do with the money left in the contract.

1. Why shouldn’t you just send people their ether directly (push)?
2. What’s the writers argument against the “pull” design?
3. What problem did the writer find with people not withdrawing their money?

Answers:
1 - Can run out of gas and you can’t be sure that the address you send funds to is trustworthy.
2 - Users should not really need to interact with smart contract more than they absolutely have to as people new to Smart contract tend to make mistakes.
3 - the no show deposits to charity actually weaken people’s will to turn up because it goes to a good cause rather than random participants. Also, changing the payout distribution logic depending on events may dilute the unique and strong message BlockParty has.

1. Could run out of gas if you are sending multiple participants ETH
   Sending ETH to unknown addresses could lead to security vulnerabilities

2. It is compromising the user experience. Users shouldn’t interact with smart contracts more than they absolutely need to, in avoiding potential mistakes and problems.

3. The concern was that a donation of no show deposits to a charity would likely increase the number of people who don’t realise their funds. This would further lead to push design execution rather than pull.

1. A push can run out of gas.
2. Pull can have a cost in user experience as the user has to manually pull Ether.
3. What to do with the extra deposits.

1. Why shouldn’t you just send people their ether directly (push)?

The receiving address might be malicious, besides it costs ETH and the contract might run out of ETH.

2. What’s the writers argument against the “pull” design?

It’s bad UX, some users are not willed to make the effort of withdrawing. Besides, users can make mistakes.

3. What problem did the writer find with people not withdrawing their money?

He does not know what to do with the remaining money.

1. Why shouldn’t you just send people their ether directly (push)?
   It could run out of gas or sending ether to unknown addresses could lead to security vulnerabilities.

2. What’s the writers argument against the “pull” design?
   Users should not really need to interact with smart contract more. Users may make a mistake while interacting with contract.

3. What problem did the writer find with people not withdrawing their money?
   He doesn’t know what to do with the money left on the contract (money not taken by users)

1. Why shouldn’t you just send people their ether directly (push)?
Because they may not have enough balance to pay for the gas to complete the transaction, or sending ether to unknown addresses could lead to security vulnerabilities.

2. What’s the writers argument against the “pull” design?
The users aren’t always familiar with interactions with smart contracts and often mess it up or don’t understand what they are doing. Also, a user shouldn’t have to interact with a smart contract more than absolutely necessary.

3. What problem did the writer find with people not withdrawing their money?
He didn’t know what to do with the balance left inside, whether to give it to a charity which might not incentivise people to return or to randomly distribute it between the users or to just claim it himself.

1. Why shouldn’t you just send people their ether directly (push)?
2. What’s the writers argument against the “pull” design?
3. What problem did the writer find with people not withdrawing their money?

1.You can run out of gas and sending Ether to unknown addressess can cause security vulnerabilities

2.Bad for the UX, users should interact with the smart contracts as little as possible.

3.What to do with the unclaimed money.

1.- Contracts can have malicious fall back code when ether is sent.
2.- Is not the best user experience.
3.- People forget to claim their amount and were to lazy to make the claim.

1. Pushing ether to people directly can result in a calling function to run out of gas. The address where we push ether could be a smart contract that has callback function implemented that can throw an error. Thus, we can trust that our function will be executed without error.
2. The argument of the author against pull design is customer satisfaction. Many people are lazy to withdraw their funds and they expect to have funds send to them directly.
3. The problem the writer found with people not withdrawing their money is what should be done with the funds that were not withdrawn. Should they be returned to the owners with an additional fee or donated?

• Why shouldn’t you just send people their ether directly (push)?
  because the execution could run out of gas or throw an error, like that it is better isolate every external call in its own transaction to minimize the damage.
• What’s the writers argument against the “pull” design?
  Users should not really need to interact with smart contract more than they absolutely have to as people new to Smart contract tend to make mistakes.
• What problem did the writer find with people not withdrawing their money?
  he didn’t know how to handle the unclaimed money fairly, send it automatically (push) with fee? send to charity? claim to himself?