solc >= 0.5.0 incorrectly requires selfdestruct parameter is payable #7727
Comments
|
While this is true, Solidity employs many techniques to flatten out some of the weird edge cases of the EVM. I think we should strive to enforce Do you think the requirement of |
|
It may lead a developer to believe that selfdestruct would fail for a nonpayable contract. If payable has any meaning at all, it should not apply in this context. |
|
payable/nonpayable is also not enforced at other locations. For a plain address, for example. |
|
payable/nonpayable is enforced tyrannically in all locations. It is so bad that if you want to test this case you have to convert address to uint160 and back. |
|
Here is a case of improper enforcement |
|
You cannot transfer ether to an address if it is not payable. You cannot cast a nonpayable contract to a payable contract, or vice-versa. |
|
Here is the workaround I am using. It is annoying that the spec of the language does not line up with the EVM, and that the workaround is to abandon typing. |
|
Do you have a link to the full context of the error message and source snippet you provide here? Another solution would be to use I assume you did not go with that because then you would have to introduce conversions to payable higher up in the call stack. Still, it would be great to take a look! On another note: Starting with Solidity 0.6.0, you can write |
Right. The test case is necessary to verify that code that can extract ether from a nonpayable contract works. Line coverage is very important for us in testing.
That's a delightful improvement, though not as good as |
|
@wjmelements did I get it right that your suggestion is to relax the |
|
Right
…On Fri, Nov 29, 2019 at 2:13 AM Leonardo ***@***.***> wrote:
@wjmelements <https://github.com/wjmelements> did I get it right that
your suggestion is to relax the nonpayable check for selfdestruct?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#7727?email_source=notifications&email_token=AAGDGVKJQGHYHI2P2FM3YITQWDTK7A5CNFSM4JOBXES2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEFOOTSI#issuecomment-559737289>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAGDGVM252AQ7IZ2DTNTIULQWDTK7ANCNFSM4JOBXESQ>
.
|
|
@chriseth I agree with it and would like to discuss it |
|
@axic do you have an opinion on this? |
|
While indeed, the EVM does not require "payable" and that having "payable" might suggest that the receive function is called on the target, the fact that not requiring "payable" would help in this situation. In general, "selfdestruct" is a rather complicated process and the "payable" part is not the most complicated one. In a team discussion, we concluded that none of the two solutions is clearly better and it might be more consistent to require "payable" whenever there is ether transferred, even if the receive function is not called. |
|
@chriseth This is a clear inconsistency in the meaning of |
|
:( |
@wjmelements Just curiosity, what are the others? |
Of course there are things I like about it as well (uint256 constant-suffixes, inline asm, and fallback functions), and it's the best evm language at this time by far, but that means living with its flaws if you are a contract dev. |
|
I guess we all live with the flaws and things we dislike about the programming languages we use the most. The third point though, it's a security feature. If you use a single hash of all the keys for a multi-d mapping access you can easily get collisions. |
With a different scheme the field identifier would be enough to prevent collisions. For example, |
|
The main feature is actually "partial evaluation" - you can refer to |
|
... AND the type of this |
The EVM does not require that the recipient of selfdestruct ether can accept it. There is no way to reject it, so nonpayable addresses are just as valid as payable addresses.
The text was updated successfully, but these errors were encountered: