inv*_*cat 4 ethereum solidity openzeppelin
在OpenZeppelin ERC20实现中,有一个_transfer方法:
function _transfer(
address sender,
address recipient,
uint256 amount
) internal virtual {
require(sender != address(0), "ERC20: transfer from the zero address");
require(recipient != address(0), "ERC20: transfer to the zero address");
_beforeTokenTransfer(sender, recipient, amount);
uint256 senderBalance = _balances[sender];
require(senderBalance >= amount, "ERC20: transfer amount exceeds balance");
unchecked {
_balances[sender] = senderBalance - amount;
}
_balances[recipient] += amount;
emit Transfer(sender, recipient, amount);
_afterTokenTransfer(sender, recipient, amount);
}
为什么他们使用未经检查的算术来减少余额?我知道,如果未经检查,2-3 将返回 2**256-1 并且不会出现异常。但为什么我们需要这个?
unchecked与常规算术运算相比,生成更小的字节码,因为它不包含下溢/溢出验证。
因此,如果您希望在发生溢出时有自定义错误消息,则此代码的运行成本较低
uint256 senderBalance = _balances[sender];
require(senderBalance >= amount, "ERC20: transfer amount exceeds balance");
unchecked {
// no validation here as it's already validated in the `require()` condition
_balances[sender] = senderBalance - amount;
}
与这个相比
uint256 senderBalance = _balances[sender];
require(senderBalance >= amount, "ERC20: transfer amount exceeds balance");
// redundant validation here
_balances[sender] = senderBalance - amount;
如果没有自定义消息,这将是最便宜但仍然安全的选项:
// contains the check and fails without custom message in case of underflow
_balances[sender] -= amount;
而且这比之前的还要便宜。但它是不安全的,因为它不检查下溢:
unchecked {
// UNSAFE, DO NOT USE
_balances[sender] -= amount;
}
| 归档时间: |
|
| 查看次数: |
1096 次 |
| 最近记录: |