You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Key Delegation has the 'all-permissions' permission type, which gives the delegated key the same rights to all bubbles as the signing wallet key. This is clearly a security risk since an attacker could trick the user into unknowingly signing the hash of an all-permissions delegation giving the attacker full access to the user's bubbles.
Possible ways this could be prevented:
Firstly, remove the 'all-permissions' type. This is essential but means the Key Delegation becomes extremely restrictive without other changes, such as those below.
Add an 'application-protocol' code to each access control contract and have the Guardian check that the delegation includes that code, perhaps in a new 'application-permission' permission type. This could be implemented by:
a) having getAccessPermissions return the code in every call, using most of the spare bits in the returned permissions field.
b) add a new 'protocol' parameter to getAccessPermissions, which would allow the contract to restrict access itself.
Key Delegation has the 'all-permissions' permission type, which gives the delegated key the same rights to all bubbles as the signing wallet key. This is clearly a security risk since an attacker could trick the user into unknowingly signing the hash of an all-permissions delegation giving the attacker full access to the user's bubbles.
Possible ways this could be prevented:
Firstly, remove the 'all-permissions' type. This is essential but means the Key Delegation becomes extremely restrictive without other changes, such as those below.
Add an 'application-protocol' code to each access control contract and have the Guardian check that the delegation includes that code, perhaps in a new 'application-permission' permission type. This could be implemented by:
a) having getAccessPermissions return the code in every call, using most of the spare bits in the returned permissions field.
b) add a new 'protocol' parameter to getAccessPermissions, which would allow the contract to restrict access itself.
Consider a replacement for Key Delegation, such as ProxyIds https://github.com/Bubble-Protocol/bubble-contracts#bubble-id
Encourage users to create a different wallet key for each application. Means the SDK does not need to be modified.
Any others?
The text was updated successfully, but these errors were encountered: