-
-
Save holiman/0b073d876fee2f040a01ee58992a4dd6 to your computer and use it in GitHub Desktop.
contract DropBox{ | |
/* | |
Central Bank of Ethereum | |
A very minimalistic bank/dropbox where Ether can be sent. | |
This makes it simple for a service to pay recipients without directly | |
invoking any unknown (potentially hostile) contracts. | |
Instead, the value transfer becomes a 2-step handover, where the service | |
deposits to the bank, and the recipient cashes out later. | |
Drawbacks to this approach: | |
- Recipient wallet is not invoked (well, that's the point) | |
- The recipient cannot (on-chain) verify who made a deposit | |
@author Martin Holst Swende | |
*/ | |
mapping (address => uint) accounts; | |
// Const functions | |
function balanceOf(address a) constant returns(uint){ | |
return accounts[a]; | |
} | |
function credit() constant returns(uint){ | |
return accounts[msg.sender]; | |
} | |
// Deposit and withdraw | |
function deposit(address a){ | |
accounts[a] = accounts[a] + msg.value; | |
} | |
/* | |
There may be a point to include something like this, | |
so that at least off-chain it is easire to keep track of | |
payments | |
*/ | |
/* | |
function depositAndLog(address a){ | |
DepositEvent(a,msg.sender); | |
deposit(a); | |
} | |
*/ | |
/* | |
Withdraw - this is the default method. | |
When this is inoked, the money comes back. | |
It uses the 'unsafe' call with all gas, to allow for | |
arbitrarily complex wallets (but does so in a safe way) | |
*/ | |
function (){ | |
uint amount = accounts[msg.sender] + msg.value; | |
accounts[msg.sender] = 0; | |
if(amount == 0) return; | |
if ( !msg.sender.call.value(amount)() ) | |
{ | |
throw; | |
} | |
} | |
} |
Good idea. I also had a look here ethereum/EIPs#20, and will should probably rename credit
into balanceof
also.
You should add functions to make it conform to token spec api, even if some of those functions just throw. That way users can monitor the mailbox with any token viewer.
Why have withdraw be the default method instead of having a named withdraw function?
In the default function you can move the if amount ==0
up a line to save a bit of gas and be more clear by having the guard close attached to the assignment.
The function name credit
is confusing as it is not a verb. Recommend renaming to getBalance
or getMyBalance
.
Actially, it is a verb but it's verb usage is not what the function does. The function won't credit someone something.
While I do like the pattern, I worry about users getting their money stuck because they use a dApp that uses this drop box via a wallet that can't make calls into this contract.
I recommend adding a function that can be called by anyone to trigger a withdraw into any address. This would allow a user to call into the mailbox with their account and trigger a withdraw of funds into their wallet. Also, the dApp owner could do the same on behalf of their users as a separate transaction so the user are shielded from even needing the know about the mailbox but the dApp owner doesn't put his app at risk.
that's looks good, I would just add
before
accounts[msg.sender] = 0;
to not consume gas for nothing