Question about the design of Receiving object

I am new to SUI. I am curious about the design of Receiving. When I transfer an object, the object will turned into Receiving status, and the receiver needs to call public_receive() explicitly.

Why does SUI have this design? Is there specific attack they are trying to protect from?
And if no one calling public_receive(). Will the object just staying in mempool forever?

The Receiving structure in Sui is designed for secure and controlled asset transfers. When an object is transferred, it enters a “Receiving” state, requiring the recipient to explicitly accept it. This mechanism, highlighted in the Sui documentation and the sui::transfer module, ensures flexibility and security, preventing unauthorized access and allowing for conditional transfers. It addresses potential security concerns while enabling sophisticated transactional workflows. If public_receive() isn’t called, the object remains securely in limbo, awaiting rightful ownership claim, ensuring assets don’t get lost or misused. For a detailed explanation, check the Sui documentation on transfers: Transfer to Object | Sui Documentation

1 Like