Understanding Solidity Withdrawal Pattern
By having a Solidity withdrawal pattern, it is ensured that direct transfers are not made, which would pose a security risk. An example of an insecure use of transfer calls to send ether can be seen in the following contract.
In this article, we will explore the various ways to withdraw funds from a Solidity smart contract and discuss best practices for implementing secure and efficient withdrawal mechanisms.
Solidity Withdrawal Patterns
According to the withdrawal pattern, the fund receiver has the responsibility of proof. If the fund recipient wants to withdraw funds and retrieve them, they need to send a transaction.
In this way, a smart contract that sends payments to recipients can be simplified.
Consequently, the contract is not affected by non-delivery of funds.
When money is sent to a smart contract, it has no way of knowing whether an error occurred or if the receiver is a malicious smart contract refusing to accept the payment for some reason.
The given example shows the working of the withdraw pattern:
Example: 
Example Explanation
In above example we have create a contract named SolidityTest and has a single state variable called buyer.
The address payable type indicates that this variable can receive ether (the cryptocurrency of the Ethereum blockchain).
The constructor sets the value of the buyer to the address of the person who deployed the contract.
The msg.sender variable is a special global variable in Solidity that represents the address of the person or contract that called the current function.
The allow_Access_To_withdraw function is a public function that allows the specified buyer to withdraw a certain amount of ether from the contract.
The required statements are used to ensure that the conditions for withdrawing funds are met.
- The first require statement checks that the person calling the function is indeed the buyer specified in the contract.
- The second required statement checks that there are enough funds in the contract to withdraw the requested amount.
Finally, the buyer.transfer(amount) line transfers the requested amount of ether from the contract to the buyer address.
Instead of just checking the address of the buyer we can also check the remaining balance in the contract to see if the corresponding amount even exists in the contract to get transferred or not.
The code below provides better understanding of the solidity withdraw pattern:
Example: 
Example Explanation
This is a simple Solidity contract that allows the contract owner (the buyer) to deposit and withdraw a specific cryptocurrency token called “MRX“.
The contract has two state variables: buyer and contract_balance. buyer is an address that is specified in the constructor, and contract_balance is a mapping that stores the MRX balance for each address that has deposited funds into the contract.
The constructor sets the value of the buyer to the address of the person who deployed the contract.
The msg.sender variable is a special global variable in Solidity that represents the address of the person or contract that called the current function.
The deposit_mrx_amount function is a public function that allows anyone to deposit MRX into the contract.
The payable modifier indicates that this function can receive MRX along with ether.
The contract_balance[msg.sender] += msg.value; line adds the deposited MRX to the balance of the address that called the function.
The withdraw function is a public function that allows the buyer to withdraw a specified amount of MRX from the contract.
The required statements are used to ensure that the conditions for withdrawing MRX are met.
- First require statement checks that the person calling the function is indeed the buyer specified in the contract.
- Second require statement checks that the requested withdrawal amount is greater than zero.
- Third require statement checks that the buyer has sufficient balance to withdraw the requested amount.
Finally, the contract_balance[buyer] -= mrx_amount; line subtracts the withdrawn amount from the buyer balance.
The payable(msg.sender).transfer(mrx_amount); line transfers the requested amount of MRX to the address that called the function.
Conclusion
Withdrawing funds from a Solidity smart contract is a complex process which must be considered carefully for both security and usability reasons.
We’ve discussed Solidity withdrawal patterns in this article as a good starting point for building convenient and secure withdrawal mechanisms.