In Solidity, we generally use assert() and require() to write code with conditioning to make sure that the smart contract behaves as expected.
Both can be used for checking conditions during transactions but have a huge difference which we often ignore. Using assert() where you actually have to use require() and using require() where it is required to use assert() can cause a huge problem, compromise security and may also consume all gas. Basically knowing the differences and when to use them is very important before creating a smart contract. Here comes this article.
In this article, we will not only see the difference between assert() and require() functions but also learn some concepts and prerequisites that will help you understand them better. But let’s first start with a brief overview of Solidity.
Also Read: Smart Contracts and Why They Matter
Overview of the Solidity Programming Language
Solidity is an object-oriented programming language used to create smart contracts on the Ethereum network, also known as the Ethereum Virtual Machine (EVM). Solidity files are identified by the ‘.sol’ file suffix and it is statically typed.
When it comes to building Ethereum smart contracts, the applications of Solidity are the ones that steal the show. It is one of the first programming languages to write smart contracts.
Solidity is easier to understand if you are familiar with Python, C++, or JavaScript. This language, like most others, supports inheritance, libraries, tools, and complex user-defined types, making programming easier. It also uses curly braces {} for defining code blocks.
Are Assert and Require the Same in Solidity?
If you have used the assert() and the require() functions in Solidity, then some of you must have come across these really weird twin-like functions. Well, fret not, we are here to clear it all out for you.
Well to start off, both the functions were introduced even before the major Byzantium Hardfork of Ethereum back in October 2017. Although many developers argue both these functions are the same or are used alternatively, that is not the fact, like that is exactly why they exist separately, right?
What was the Byzantium Hard Fork of Ethereum (2017)?
The Byzantium hard fork is a blockchain upgrade that was deployed in October 2017 at block 4,370,000. It was made up of nine Ethereum Improvement Protocols (EIPs) that were designed to improve Ethereum’s privacy, efficiency, scalability, and security.
Before the upgrade, both these functions behaved identically. This was the reason the assert vs. require in Solidity topic sprouted.
However, they were compiled into different opcodes. The main difference the Byzantium upgrade gave birth to was that smart contracts that were deployed before the hard fork or upgrade behaved slightly differently.
Let us now dive deeper into the assert vs. require in the Solidity and learn what that difference was!
Difference Between Assert and Require in Solidity
Below are the differences between assert() and require() functions in Solidity.
1. Behavior of assert() and require() functions
The assert() and require() functions are a part of the handling error in Solidity. Solidity makes use of state-reverting error-handling exceptions. This means all changes made to the contract on that call or any sub-calls are undone if an error is thrown. It also flags an error.
They are quite similar in that as both check for conditions and if they are not met, would throw an error.
2. Gas Utility
The big difference between the two is that the assert() function when the boolean condition evaluates to false, uses up all the remaining gas and reverts all the changes made.
Meanwhile, a require() function when the condition is false, also reverts back all the changes made to the contract but does refund all the remaining gas fees we offered to pay. This is the most common function used by developers for debugging and error handling in Solidity.
3. Syntax
Before the two functions were introduced, smart contract developers wrote error handlers that looked something like this:
if (msg.sender != manager) { throw; }
Well, the throw keyword was then starting to deprecate and many switched to assert and require.
The same code above can now be written like this:
Using assert()
assert(msg.sender == manager);
Using require()
require(msg.sender == manager);
When to Use require() and assert()?
At the end of the day, it all falls down to just one thing, when should both these functions be used? This is apparently the most crucial discussion.
Well, fortunately, the Solidity documentation states it very clearly.
- The assert function should only be used to examine invariants and test for internal problems.
- The require function should be used to check return values from calls to external contracts or to guarantee that valid conditions, such as inputs or contract state variables, are satisfied.
Analysis tools, when used correctly, can assess your contract and discover the conditions and function calls that will result in a failed assert. A properly running program should never reach a failing assert statement, if this occurs, there is a flaw in your contract that has to be addressed.
Read More: Generate a Random Number in Solidity
Frequently Asked Questions (FAQs)
What is pragma Solidity?
Pragma Solidity is the first line in any Solidity smart contract which tells about the version of Solidity compiler to be used to compile this contract. This special line helps us to make sure that the compiler while testing the contract should only be used to compile, as the new compiler may cause compatibility issues with the old code since different compiler versions may treat code differently and may behave unexpectedly.
Is Solidity only for Ethereum blockchain?
Solidity is popularly used to create smart contact mainly on the Ethereum blockchain since Ethereum is one of the most popular among others. But Solidity can not limited to the Ethereum blockchain, it can also be used with others such as Polkadot and Substrate.
Which Solidity version to use?
Which version to choose highly depends on the guide or tutorial you are following. For instance, if you are doing a course and they use a different version than the one you are using then this makes it difficult for you to understand and also cause errors. But if you are starting from scratch it is best to use the latest version.
Is Solidity easier than Python?
Python is just like other programming languages. It is here for a long time so if you want to learn it you can find lots of resources, videos, docs, and communities to help, and even if you already know Java, C /C+, etc you find it easy to understand. While Solidity is quite different, it comes with many advanced blockchain concepts that are difficult for beginners to understand, plus it is relatively new, so it does not have a huge community, also not too many tutorials to guide you.
Does Solidity require gas fee?
Yes, each operation in Solidty required a fixed amount of gas fee. But if you just want to try it for learning or testing purposes, you can try it on test network with free gas such as Rinkeby Test Network.
What is require in Solidity?
The require is a function in Solidity that is used for condition checking. It takes a condition as an argument then evaluates to either true or false depending upon whether the condition is satisfied or not. If it is false, it will throw an error and revert the transaction.
Conclusion
In this article, we have seen the difference between assert() and require() functions, the main solidity error handling functions. We have also understood when to use require() and assert(). Solidity uses state-reverting exceptions to handle errors. You must keep in mind the above-mentioned points when choosing between them as the wrong decision can lead to different types of attacks, error messages, unexpected contract behaviour, consumption of gas, etc.
References
- https://ethereum.stackexchange.com/a/24185/80077
- https://docs.soliditylang.org/en/v0.4.24/control-structures.html