Reading Assignment: Security vs User Experience

#1

Are you ready for the next Reading Assignment?? I hope so, because here it is! This time about the compromise between user experience and contract security. Read through this blog post and answer the following questions in this forum thread.

  1. Why shouldn’t you just send people their ether directly (push)?
  2. What’s the writers argument against the “pull” design?
  3. What problem did the writer find with people not withdrawing their money?
1 Like
#2
  1. Could run out of gas and could be a malicious contract address.
  2. User error (especially high among new users).
  3. What to do with it then (claim it, send it to charity, or send it to a predesignated address of the user) and depending on what is done what message would that send to participants in deciding how committed they would be in participating in the first place.
1 Like
#3
  1. Why shouldn’t you just send people their ether directly (push)?
    could a malicious contract, contract might not be ready, the end user may not want it or nor wnat to take part in the place.

  2. What’s the writers argument against the “pull” design?
    new user error or user error. but 10% take greater than a week to claim only 10% actually claimed within that time period a week

  3. What problem did the writer find with people not withdrawing their money?
    claim process or designation could be different e.g. a charity and also dependant on winner whether they wanted to participate etc…

1 Like
#4
  1. Sending ether back could run out of gas. Sending ether to unknown addresses could lead to security vulnerabilities.

  2. Users new to smart contracts ten to make mistakes.

  3. Problem was what to do with the money.

1 Like
#5
  1. Why shouldn’t you just send people their ether directly (push)?

Due to possible malicious attempts of reentrancy attack.

  1. What’s the writers argument against the “pull” design?

Poor UX for end users. The users fear to make a mistake.

  1. What problem did the writer find with people not withdrawing their money?

Many of them did not bother to widthraw their deposited funds as they were “lazy”. Some of them are willing to pay for “automatic refund”.
The users had to interact too many times with the “BlockParty” service

  1. register
  2. deposit
  3. widthraw
1 Like