-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Feature] Support transfer public credits from self.signer #2139
Comments
Great idea. Instead of creating a new function, perhaps we can pass the payer ( |
I think either calling However, this feature is necessary to make aleo credits and other programs to be composable. |
There's danger in either path but approvals is my preferred option. It should be somewhat safer. It would be very nice to include this in the default credits.aleo program as I see forcing the wrapping of tokens to be an anti-pattern that will only make it more difficult for DApps to support many tokens. |
The |
Yes, there's danger in either path. In any case, if you call a sign a dangerous contract either design will permit draining all of your funds. It's really a question of how pooling assets should work. Approvals enable users to control their own funds without depositing them in a pool. This enables a user to interact with many DApps simultaneously with the same pool of funds where a transfer is effectively changing who controls the funds so the user can't use the same pool of funds in parallel with another DApp. For example, we could create a program that acts as a trusted oracle about which DApps have been hacked. Users could give it an u64 max approval and it could monitor other approvals. If something gets hacked, it can automatically transfer away your funds to a safe place. I think approvals should be the preferred solution but nothing is perfectly safe but I do believe approvals offer some interesting new types of user experiences. Ultimately, I think we should head in the direction of Permit2: https://blog.uniswap.org/permit2-and-universal-router so we can get gasless approvals but just signing messages but that may be a little too ambitious right now. |
Yes, the approvals method is quite important and necessary. Regarding |
@snowtigersoft it doesn't seem that |
I don't think it works like that. When you invoke I understand what you're saying. |
Here's a program that demonstrates the desired functionality
An associated test can be found here |
馃殌 Feature
I propose adding two new methods to
credits.aleo
, tentatively namedtransfer_by_signer_public
andtransfer_by_signer_public_to_private
. These new methods would be similar to the existingtransfer_public
andtransfer_public_to_private
, but the payer in these new methods should be changed fromself.caller
toself.signer
.Motivation
Currently, when
transfer_public
andtransfer_public_to_private
are invoked via a program, the cost is deducted from the program's account, not the actual initiator's (i.e., the signer's) account. This may not be the desired behavior in some scenarios.For example, if a smart contract needs to make transfers on behalf of a user, the existing design deducts credits from the smart contract itself, rather than from the user (the signer). This could not only potentially deplete the smart contract's credits unexpectedly but may also introduce security and permission-related concerns.
By introducing these two new methods, we can ensure that the cost is correctly deducted from the signer's account, which is more logical and safer.
Implementation
transfer_by_signer_public
andtransfer_by_signer_public_to_private
, in thecredits.aleo
file.transfer_public
andtransfer_public_to_private
, butself.caller
should be replaced withself.signer
.Affected components could include:
credits.aleo
fileAre you willing to open a pull request?
Yes, I am willing to submit a pull request and engage in subsequent code reviews and testing.
The text was updated successfully, but these errors were encountered: