Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove ERC20._burnFrom #1766

Closed
nventuro opened this issue May 22, 2019 · 4 comments · Fixed by #2119
Closed

Remove ERC20._burnFrom #1766

nventuro opened this issue May 22, 2019 · 4 comments · Fixed by #2119
Labels
breaking change Changes that break backwards compatibility of the public API. on hold Put on hold for some reason that must be specified in a comment.
Milestone
v3.0

Comments

@nventuro
Copy link
Contributor

ERC20._burnFrom doesn't really fit with the standard for other internal functions, both in that it uses msg.sender and in that it is not really a reasonable primitive. It should disappear, and ERC20Burnable should implement burnFrom in terms of _burn and _approve.
@nventuro nventuro added the breaking change Changes that break backwards compatibility of the public API. label May 22, 2019
@nventuro nventuro added this to the v3.0 milestone May 22, 2019
@frangio frangio added the on hold Put on hold for some reason that must be specified in a comment. label May 24, 2019
@frangio
Copy link
Contributor

frangio commented May 29, 2019
edited
Loading

I'm not sure this is as clear cut as you put it. If it's not a reasonable primitive, why is _transferFrom reasonable?

Tangentially to this specific issue, I'm starting to think perhaps having constraints on msg.sender in the internal functions would be the right thing. Should a contract be able to change completely the rules of the parent contracts?

@frangio frangio mentioned this issue May 29, 2019
Closed
@nventuro
Copy link
Contributor Author

nventuro commented May 29, 2019
edited
Loading

If it's not a reasonable primitive, why is _transferFrom reasonable?

It isn't, which is why it doesn't exist 😛

What do you mean by 'change the rules'? A contract writes their own rules, we simply provide ways for them to do so. I think having implicit arguments in these internal functions (msg.sender) makes it easy to misuse them, and this behavior can always be replicated by explicitly passing msg.sender, if needed.

@frangio
Copy link
Contributor

frangio commented May 29, 2019
edited
Loading

What do you mean by 'change the rules'?

For example, we could say that one of the rules of ERC20 is that an account's balance can only be modified (by moving tokens elsewhere) through a transaction signed by the account owner themselves (or someone with allowance). By providing _transfer(from, to, amount) we are allowing a child contract of ERC20 to change that rule, allowing token movements to happen outside of those contraints. I understand this may be desirable in some cases, but in general I feel it might be better to fully encapsulate those rules in the parent contract.

@nventuro
Copy link
Contributor Author

I believe that would land us on a design too stiff to be useful. IMO we should simply provide useful and correct primitives that can be used to build upon, as opposed to being too opinionated regarding what end user contracts should look like.

And even an invariant as basic as the transfer one would be broken by _mint and _burn, which are legitimate mechanisms used in multiple projects.

@nventuro nventuro mentioned this issue Mar 11, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
breaking change Changes that break backwards compatibility of the public API. on hold Put on hold for some reason that must be specified in a comment.
Projects
None yet
Milestone
v3.0
Development

Successfully merging a pull request may close this issue.

Remove ERC20._burnFrom nventuro/openzeppelin-contracts
2 participants
@frangio @nventuro