From my experience as auditor, the most dangerous function is "bucket.burn()".
For example, let's say we have the following function:
pub fn repay_loan(&mut self, loan_repayment: Bucket, loan_terms: Bucket) {
// Verify we are being sent at least the amount due
let terms: LoanDue = loan_terms.as_non_fungible().non_fungible().data();
assert!(
loan_repayment.amount() >= terms.amount_due,
"Insufficient repayment given for your loan!"
);
// We could also verify that the resource being repaid is of the correct kind, and give a friendly
// error message if not. For this example we'll just let the engine handle that when we try to deposit
self.loan_vault.put(loan_repayment);
// We have our payment; we can now burn the transient token
self.auth_vault
.as_fungible()
.authorize_with_amount(dec!(1), || loan_terms.burn());
}In this function, loan_terms resource address is nowhere checked so someone could create NFT compatible with LoanDue and it would work correctly because loan_terms.burn() is burning any kind of NFT.
Instead of this behavior I propose to use
self.transient_resource_manager.burn(loan_terms);
so we can always be sure that we are burning correct bucket and validation is not needed.
That's why I propose to entirely remove bucket.drop() or keep it unsafe because there are almost no use cases where it should be used without validation.
From my experience as auditor, the most dangerous function is "bucket.burn()".
For example, let's say we have the following function:
In this function, loan_terms resource address is nowhere checked so someone could create NFT compatible with LoanDue and it would work correctly because
loan_terms.burn()is burning any kind of NFT.Instead of this behavior I propose to use
so we can always be sure that we are burning correct bucket and validation is not needed.
That's why I propose to entirely remove bucket.drop() or keep it unsafe because there are almost no use cases where it should be used without validation.