DappHub Multiply Function











up vote
1
down vote

favorite












Could someone explain the use of performing a multiplication such as this? I mean the logic is fine, but what is the importance from a security point of view?



function mul(uint x, uint y) internal pure returns (uint z) {
require(y == 0 || (z = x * y) / y == x, "ds-math-mul-overflow");
}


This is from the dapphub library.
I have included the link herewith:
https://github.com/dapphub/ds-math/blob/master/src/math.sol










share|improve this question




























    up vote
    1
    down vote

    favorite












    Could someone explain the use of performing a multiplication such as this? I mean the logic is fine, but what is the importance from a security point of view?



    function mul(uint x, uint y) internal pure returns (uint z) {
    require(y == 0 || (z = x * y) / y == x, "ds-math-mul-overflow");
    }


    This is from the dapphub library.
    I have included the link herewith:
    https://github.com/dapphub/ds-math/blob/master/src/math.sol










    share|improve this question


























      up vote
      1
      down vote

      favorite









      up vote
      1
      down vote

      favorite











      Could someone explain the use of performing a multiplication such as this? I mean the logic is fine, but what is the importance from a security point of view?



      function mul(uint x, uint y) internal pure returns (uint z) {
      require(y == 0 || (z = x * y) / y == x, "ds-math-mul-overflow");
      }


      This is from the dapphub library.
      I have included the link herewith:
      https://github.com/dapphub/ds-math/blob/master/src/math.sol










      share|improve this question















      Could someone explain the use of performing a multiplication such as this? I mean the logic is fine, but what is the importance from a security point of view?



      function mul(uint x, uint y) internal pure returns (uint z) {
      require(y == 0 || (z = x * y) / y == x, "ds-math-mul-overflow");
      }


      This is from the dapphub library.
      I have included the link herewith:
      https://github.com/dapphub/ds-math/blob/master/src/math.sol







      ether erc-20 security






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 26 at 5:43

























      asked Nov 26 at 5:26









      Rohan Dhar

      25910




      25910






















          2 Answers
          2






          active

          oldest

          votes

















          up vote
          1
          down vote



          accepted










          From security point of view, it is ensuring that after multiplication, returned value is not getting overflowed.



          Suppose we have a 8-bit unsigned integer which store value from 0 to 255. So the multiplication of 130*2 will return 260 and when it will be time to store it in variable it will be get overflowed and will store the value 5. So this require in question checks that if we perform the reverse operation, we should get the initial value which will not be possible in overflow bug.



          y == 0 will be an exception in the detection of above case so code is considering it separately.



          For more: https://consensys.github.io/smart-contract-best-practices/known_attacks/#integer-overflow-and-underflow






          share|improve this answer

















          • 1




            Got it, thanks!
            – Rohan Dhar
            Nov 26 at 6:42


















          up vote
          0
          down vote













          function sub(uint x, uint y) internal pure returns (uint z) {
          require((z = x - y) <= x, "ds-math-sub-underflow");
          }


          checks x-y <= x and if condition(x-y <= x) is true, return z(x-y)



          in the case x-y > x , print log "ds-math-sub-underflow" and throws






          share|improve this answer























          • I understand the logic. Logic is not a problem. I have mentioned it in my question. What I need to understand is why do we need to do this? Why not plain x*y? What are the implications from a security point of view?
            – Rohan Dhar
            Nov 26 at 5:42










          • some accident[medium.com/smartmesh/… happens
            – TLHBM
            Nov 27 at 5:41










          • Could not access the link. Says 404
            – Rohan Dhar
            Nov 27 at 6:10






          • 1




            link again
            – TLHBM
            Nov 27 at 7:13











          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "642"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fethereum.stackexchange.com%2fquestions%2f63025%2fdapphub-multiply-function%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          2 Answers
          2






          active

          oldest

          votes








          2 Answers
          2






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          1
          down vote



          accepted










          From security point of view, it is ensuring that after multiplication, returned value is not getting overflowed.



          Suppose we have a 8-bit unsigned integer which store value from 0 to 255. So the multiplication of 130*2 will return 260 and when it will be time to store it in variable it will be get overflowed and will store the value 5. So this require in question checks that if we perform the reverse operation, we should get the initial value which will not be possible in overflow bug.



          y == 0 will be an exception in the detection of above case so code is considering it separately.



          For more: https://consensys.github.io/smart-contract-best-practices/known_attacks/#integer-overflow-and-underflow






          share|improve this answer

















          • 1




            Got it, thanks!
            – Rohan Dhar
            Nov 26 at 6:42















          up vote
          1
          down vote



          accepted










          From security point of view, it is ensuring that after multiplication, returned value is not getting overflowed.



          Suppose we have a 8-bit unsigned integer which store value from 0 to 255. So the multiplication of 130*2 will return 260 and when it will be time to store it in variable it will be get overflowed and will store the value 5. So this require in question checks that if we perform the reverse operation, we should get the initial value which will not be possible in overflow bug.



          y == 0 will be an exception in the detection of above case so code is considering it separately.



          For more: https://consensys.github.io/smart-contract-best-practices/known_attacks/#integer-overflow-and-underflow






          share|improve this answer

















          • 1




            Got it, thanks!
            – Rohan Dhar
            Nov 26 at 6:42













          up vote
          1
          down vote



          accepted







          up vote
          1
          down vote



          accepted






          From security point of view, it is ensuring that after multiplication, returned value is not getting overflowed.



          Suppose we have a 8-bit unsigned integer which store value from 0 to 255. So the multiplication of 130*2 will return 260 and when it will be time to store it in variable it will be get overflowed and will store the value 5. So this require in question checks that if we perform the reverse operation, we should get the initial value which will not be possible in overflow bug.



          y == 0 will be an exception in the detection of above case so code is considering it separately.



          For more: https://consensys.github.io/smart-contract-best-practices/known_attacks/#integer-overflow-and-underflow






          share|improve this answer












          From security point of view, it is ensuring that after multiplication, returned value is not getting overflowed.



          Suppose we have a 8-bit unsigned integer which store value from 0 to 255. So the multiplication of 130*2 will return 260 and when it will be time to store it in variable it will be get overflowed and will store the value 5. So this require in question checks that if we perform the reverse operation, we should get the initial value which will not be possible in overflow bug.



          y == 0 will be an exception in the detection of above case so code is considering it separately.



          For more: https://consensys.github.io/smart-contract-best-practices/known_attacks/#integer-overflow-and-underflow







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 26 at 6:30









          A.K.

          1,532531




          1,532531








          • 1




            Got it, thanks!
            – Rohan Dhar
            Nov 26 at 6:42














          • 1




            Got it, thanks!
            – Rohan Dhar
            Nov 26 at 6:42








          1




          1




          Got it, thanks!
          – Rohan Dhar
          Nov 26 at 6:42




          Got it, thanks!
          – Rohan Dhar
          Nov 26 at 6:42










          up vote
          0
          down vote













          function sub(uint x, uint y) internal pure returns (uint z) {
          require((z = x - y) <= x, "ds-math-sub-underflow");
          }


          checks x-y <= x and if condition(x-y <= x) is true, return z(x-y)



          in the case x-y > x , print log "ds-math-sub-underflow" and throws






          share|improve this answer























          • I understand the logic. Logic is not a problem. I have mentioned it in my question. What I need to understand is why do we need to do this? Why not plain x*y? What are the implications from a security point of view?
            – Rohan Dhar
            Nov 26 at 5:42










          • some accident[medium.com/smartmesh/… happens
            – TLHBM
            Nov 27 at 5:41










          • Could not access the link. Says 404
            – Rohan Dhar
            Nov 27 at 6:10






          • 1




            link again
            – TLHBM
            Nov 27 at 7:13















          up vote
          0
          down vote













          function sub(uint x, uint y) internal pure returns (uint z) {
          require((z = x - y) <= x, "ds-math-sub-underflow");
          }


          checks x-y <= x and if condition(x-y <= x) is true, return z(x-y)



          in the case x-y > x , print log "ds-math-sub-underflow" and throws






          share|improve this answer























          • I understand the logic. Logic is not a problem. I have mentioned it in my question. What I need to understand is why do we need to do this? Why not plain x*y? What are the implications from a security point of view?
            – Rohan Dhar
            Nov 26 at 5:42










          • some accident[medium.com/smartmesh/… happens
            – TLHBM
            Nov 27 at 5:41










          • Could not access the link. Says 404
            – Rohan Dhar
            Nov 27 at 6:10






          • 1




            link again
            – TLHBM
            Nov 27 at 7:13













          up vote
          0
          down vote










          up vote
          0
          down vote









          function sub(uint x, uint y) internal pure returns (uint z) {
          require((z = x - y) <= x, "ds-math-sub-underflow");
          }


          checks x-y <= x and if condition(x-y <= x) is true, return z(x-y)



          in the case x-y > x , print log "ds-math-sub-underflow" and throws






          share|improve this answer














          function sub(uint x, uint y) internal pure returns (uint z) {
          require((z = x - y) <= x, "ds-math-sub-underflow");
          }


          checks x-y <= x and if condition(x-y <= x) is true, return z(x-y)



          in the case x-y > x , print log "ds-math-sub-underflow" and throws







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Nov 26 at 8:08









          Rohan Dhar

          25910




          25910










          answered Nov 26 at 5:31









          TLHBM

          967




          967












          • I understand the logic. Logic is not a problem. I have mentioned it in my question. What I need to understand is why do we need to do this? Why not plain x*y? What are the implications from a security point of view?
            – Rohan Dhar
            Nov 26 at 5:42










          • some accident[medium.com/smartmesh/… happens
            – TLHBM
            Nov 27 at 5:41










          • Could not access the link. Says 404
            – Rohan Dhar
            Nov 27 at 6:10






          • 1




            link again
            – TLHBM
            Nov 27 at 7:13


















          • I understand the logic. Logic is not a problem. I have mentioned it in my question. What I need to understand is why do we need to do this? Why not plain x*y? What are the implications from a security point of view?
            – Rohan Dhar
            Nov 26 at 5:42










          • some accident[medium.com/smartmesh/… happens
            – TLHBM
            Nov 27 at 5:41










          • Could not access the link. Says 404
            – Rohan Dhar
            Nov 27 at 6:10






          • 1




            link again
            – TLHBM
            Nov 27 at 7:13
















          I understand the logic. Logic is not a problem. I have mentioned it in my question. What I need to understand is why do we need to do this? Why not plain x*y? What are the implications from a security point of view?
          – Rohan Dhar
          Nov 26 at 5:42




          I understand the logic. Logic is not a problem. I have mentioned it in my question. What I need to understand is why do we need to do this? Why not plain x*y? What are the implications from a security point of view?
          – Rohan Dhar
          Nov 26 at 5:42












          some accident[medium.com/smartmesh/… happens
          – TLHBM
          Nov 27 at 5:41




          some accident[medium.com/smartmesh/… happens
          – TLHBM
          Nov 27 at 5:41












          Could not access the link. Says 404
          – Rohan Dhar
          Nov 27 at 6:10




          Could not access the link. Says 404
          – Rohan Dhar
          Nov 27 at 6:10




          1




          1




          link again
          – TLHBM
          Nov 27 at 7:13




          link again
          – TLHBM
          Nov 27 at 7:13


















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Ethereum Stack Exchange!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.





          Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


          Please pay close attention to the following guidance:


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fethereum.stackexchange.com%2fquestions%2f63025%2fdapphub-multiply-function%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Plaza Victoria

          Puebla de Zaragoza

          Musa