DappHub Multiply Function
up vote
1
down vote
favorite
Could someone explain the use of performing a multiplication such as this? I mean the logic is fine, but what is the importance from a security point of view?
function mul(uint x, uint y) internal pure returns (uint z) {
require(y == 0 || (z = x * y) / y == x, "ds-math-mul-overflow");
}
This is from the dapphub library.
I have included the link herewith:
https://github.com/dapphub/ds-math/blob/master/src/math.sol
ether erc-20 security
asked Nov 26 at 5:26
Rohan Dhar
25910
add a comment |
up vote
1
down vote
favorite
Could someone explain the use of performing a multiplication such as this? I mean the logic is fine, but what is the importance from a security point of view?
function mul(uint x, uint y) internal pure returns (uint z) {
require(y == 0 || (z = x * y) / y == x, "ds-math-mul-overflow");
}
This is from the dapphub library.
I have included the link herewith:
https://github.com/dapphub/ds-math/blob/master/src/math.sol
ether erc-20 security
asked Nov 26 at 5:26
Rohan Dhar
25910
add a comment |
up vote
1
down vote
favorite
up vote
1
down vote
favorite
Could someone explain the use of performing a multiplication such as this? I mean the logic is fine, but what is the importance from a security point of view?
function mul(uint x, uint y) internal pure returns (uint z) {
require(y == 0 || (z = x * y) / y == x, "ds-math-mul-overflow");
}
This is from the dapphub library.
I have included the link herewith:
https://github.com/dapphub/ds-math/blob/master/src/math.sol
ether erc-20 security
asked Nov 26 at 5:26
Rohan Dhar
25910
Could someone explain the use of performing a multiplication such as this? I mean the logic is fine, but what is the importance from a security point of view?
function mul(uint x, uint y) internal pure returns (uint z) {
require(y == 0 || (z = x * y) / y == x, "ds-math-mul-overflow");
}
This is from the dapphub library.
I have included the link herewith:
https://github.com/dapphub/ds-math/blob/master/src/math.sol
ether erc-20 security
ether erc-20 security
asked Nov 26 at 5:26
Rohan Dhar
25910
asked Nov 26 at 5:26
Rohan Dhar
25910
edited Nov 26 at 5:43
asked Nov 26 at 5:26
Rohan Dhar
25910
asked Nov 26 at 5:26
Rohan Dhar
25910
asked Nov 26 at 5:26
Rohan Dhar
25910
25910
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
up vote
1
down vote
accepted
From security point of view, it is ensuring that after multiplication, returned value is not getting overflowed.
Suppose we have a 8-bit unsigned integer which store value from 0 to 255. So the multiplication of 130*2 will return 260 and when it will be time to store it in variable it will be get overflowed and will store the value 5. So this require in question checks that if we perform the reverse operation, we should get the initial value which will not be possible in overflow bug.
y == 0 will be an exception in the detection of above case so code is considering it separately.
For more: https://consensys.github.io/smart-contract-best-practices/known_attacks/#integer-overflow-and-underflow
answered Nov 26 at 6:30
A.K.
1,532531
1
Got it, thanks!
– Rohan Dhar
Nov 26 at 6:42
add a comment |
up vote
0
down vote
function sub(uint x, uint y) internal pure returns (uint z) {
require((z = x - y) <= x, "ds-math-sub-underflow");
}
checks x-y <= x and if condition(x-y <= x) is true, return z(x-y)
in the case x-y > x , print log "ds-math-sub-underflow" and throws
edited Nov 26 at 8:08
Rohan Dhar
25910
answered Nov 26 at 5:31
TLHBM
967
I understand the logic. Logic is not a problem. I have mentioned it in my question. What I need to understand is why do we need to do this? Why not plain x*y? What are the implications from a security point of view?
– Rohan Dhar
Nov 26 at 5:42
some accident[medium.com/smartmesh/… happens
– TLHBM
Nov 27 at 5:41
Could not access the link. Says 404
– Rohan Dhar
Nov 27 at 6:10
1
link again
– TLHBM
Nov 27 at 7:13
add a comment |
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
accepted
From security point of view, it is ensuring that after multiplication, returned value is not getting overflowed.
Suppose we have a 8-bit unsigned integer which store value from 0 to 255. So the multiplication of 130*2 will return 260 and when it will be time to store it in variable it will be get overflowed and will store the value 5. So this require in question checks that if we perform the reverse operation, we should get the initial value which will not be possible in overflow bug.
y == 0 will be an exception in the detection of above case so code is considering it separately.
For more: https://consensys.github.io/smart-contract-best-practices/known_attacks/#integer-overflow-and-underflow
answered Nov 26 at 6:30
A.K.
1,532531
1
Got it, thanks!
– Rohan Dhar
Nov 26 at 6:42
add a comment |
up vote
1
down vote
accepted
From security point of view, it is ensuring that after multiplication, returned value is not getting overflowed.
Suppose we have a 8-bit unsigned integer which store value from 0 to 255. So the multiplication of 130*2 will return 260 and when it will be time to store it in variable it will be get overflowed and will store the value 5. So this require in question checks that if we perform the reverse operation, we should get the initial value which will not be possible in overflow bug.
y == 0 will be an exception in the detection of above case so code is considering it separately.
For more: https://consensys.github.io/smart-contract-best-practices/known_attacks/#integer-overflow-and-underflow
answered Nov 26 at 6:30
A.K.
1,532531
1
Got it, thanks!
– Rohan Dhar
Nov 26 at 6:42
add a comment |
up vote
1
down vote
accepted
up vote
1
down vote
accepted
From security point of view, it is ensuring that after multiplication, returned value is not getting overflowed.
Suppose we have a 8-bit unsigned integer which store value from 0 to 255. So the multiplication of 130*2 will return 260 and when it will be time to store it in variable it will be get overflowed and will store the value 5. So this require in question checks that if we perform the reverse operation, we should get the initial value which will not be possible in overflow bug.
y == 0 will be an exception in the detection of above case so code is considering it separately.
For more: https://consensys.github.io/smart-contract-best-practices/known_attacks/#integer-overflow-and-underflow
answered Nov 26 at 6:30
A.K.
1,532531
From security point of view, it is ensuring that after multiplication, returned value is not getting overflowed.
Suppose we have a 8-bit unsigned integer which store value from 0 to 255. So the multiplication of 130*2 will return 260 and when it will be time to store it in variable it will be get overflowed and will store the value 5. So this require in question checks that if we perform the reverse operation, we should get the initial value which will not be possible in overflow bug.
y == 0 will be an exception in the detection of above case so code is considering it separately.
For more: https://consensys.github.io/smart-contract-best-practices/known_attacks/#integer-overflow-and-underflow
answered Nov 26 at 6:30
A.K.
1,532531
answered Nov 26 at 6:30
A.K.
1,532531
answered Nov 26 at 6:30
A.K.
1,532531
answered Nov 26 at 6:30
A.K.
1,532531
1,532531
1
Got it, thanks!
– Rohan Dhar
Nov 26 at 6:42
add a comment |
1
Got it, thanks!
– Rohan Dhar
Nov 26 at 6:42
1
1
Got it, thanks!
– Rohan Dhar
Nov 26 at 6:42
Got it, thanks!
– Rohan Dhar
Nov 26 at 6:42
add a comment |
up vote
0
down vote
function sub(uint x, uint y) internal pure returns (uint z) {
require((z = x - y) <= x, "ds-math-sub-underflow");
}
checks x-y <= x and if condition(x-y <= x) is true, return z(x-y)
in the case x-y > x , print log "ds-math-sub-underflow" and throws
edited Nov 26 at 8:08
Rohan Dhar
25910
answered Nov 26 at 5:31
TLHBM
967
I understand the logic. Logic is not a problem. I have mentioned it in my question. What I need to understand is why do we need to do this? Why not plain x*y? What are the implications from a security point of view?
– Rohan Dhar
Nov 26 at 5:42
some accident[medium.com/smartmesh/… happens
– TLHBM
Nov 27 at 5:41
Could not access the link. Says 404
– Rohan Dhar
Nov 27 at 6:10
1
link again
– TLHBM
Nov 27 at 7:13
add a comment |
up vote
0
down vote
function sub(uint x, uint y) internal pure returns (uint z) {
require((z = x - y) <= x, "ds-math-sub-underflow");
}
checks x-y <= x and if condition(x-y <= x) is true, return z(x-y)
in the case x-y > x , print log "ds-math-sub-underflow" and throws
edited Nov 26 at 8:08
Rohan Dhar
25910
answered Nov 26 at 5:31
TLHBM
967
I understand the logic. Logic is not a problem. I have mentioned it in my question. What I need to understand is why do we need to do this? Why not plain x*y? What are the implications from a security point of view?
– Rohan Dhar
Nov 26 at 5:42
some accident[medium.com/smartmesh/… happens
– TLHBM
Nov 27 at 5:41
Could not access the link. Says 404
– Rohan Dhar
Nov 27 at 6:10
1
link again
– TLHBM
Nov 27 at 7:13
add a comment |
up vote
0
down vote
up vote
0
down vote
function sub(uint x, uint y) internal pure returns (uint z) {
require((z = x - y) <= x, "ds-math-sub-underflow");
}
checks x-y <= x and if condition(x-y <= x) is true, return z(x-y)
in the case x-y > x , print log "ds-math-sub-underflow" and throws
edited Nov 26 at 8:08
Rohan Dhar
25910
answered Nov 26 at 5:31
TLHBM
967
function sub(uint x, uint y) internal pure returns (uint z) {
require((z = x - y) <= x, "ds-math-sub-underflow");
}
checks x-y <= x and if condition(x-y <= x) is true, return z(x-y)
in the case x-y > x , print log "ds-math-sub-underflow" and throws
edited Nov 26 at 8:08
Rohan Dhar
25910
answered Nov 26 at 5:31
TLHBM
967
edited Nov 26 at 8:08
Rohan Dhar
25910
edited Nov 26 at 8:08
Rohan Dhar
25910
edited Nov 26 at 8:08
Rohan Dhar
25910
25910
answered Nov 26 at 5:31
TLHBM
967
answered Nov 26 at 5:31
TLHBM
967
answered Nov 26 at 5:31
TLHBM
967
967
I understand the logic. Logic is not a problem. I have mentioned it in my question. What I need to understand is why do we need to do this? Why not plain x*y? What are the implications from a security point of view?
– Rohan Dhar
Nov 26 at 5:42
some accident[medium.com/smartmesh/… happens
– TLHBM
Nov 27 at 5:41
Could not access the link. Says 404
– Rohan Dhar
Nov 27 at 6:10
1
link again
– TLHBM
Nov 27 at 7:13
add a comment |
I understand the logic. Logic is not a problem. I have mentioned it in my question. What I need to understand is why do we need to do this? Why not plain x*y? What are the implications from a security point of view?
– Rohan Dhar
Nov 26 at 5:42
some accident[medium.com/smartmesh/… happens
– TLHBM
Nov 27 at 5:41
Could not access the link. Says 404
– Rohan Dhar
Nov 27 at 6:10
1
link again
– TLHBM
Nov 27 at 7:13
I understand the logic. Logic is not a problem. I have mentioned it in my question. What I need to understand is why do we need to do this? Why not plain x*y? What are the implications from a security point of view?
– Rohan Dhar
Nov 26 at 5:42
I understand the logic. Logic is not a problem. I have mentioned it in my question. What I need to understand is why do we need to do this? Why not plain x*y? What are the implications from a security point of view?
– Rohan Dhar
Nov 26 at 5:42
some accident[medium.com/smartmesh/… happens
– TLHBM
Nov 27 at 5:41
some accident[medium.com/smartmesh/… happens
– TLHBM
Nov 27 at 5:41
Could not access the link. Says 404
– Rohan Dhar
Nov 27 at 6:10
Could not access the link. Says 404
– Rohan Dhar
Nov 27 at 6:10
1
1
link again
– TLHBM
Nov 27 at 7:13
link again
– TLHBM
Nov 27 at 7:13
add a comment |
Thanks for contributing an answer to Ethereum Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fethereum.stackexchange.com%2fquestions%2f63025%2fdapphub-multiply-function%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
