Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Consensus upgrade to disallow linking to non-existing permission #6333
There are no critical security issues due to this bug. A user has no incentive to link an action to a non-existing permission. If they do so anyway, for example by accident, the result would be that the linked action could not be authorized by that account until it was unlinked. To unlink, the non-existing permission would first need to be created.
Nevertheless, it is desirable to fix this bug to avoid the above inconvenience due to an accident. A subjective mitigation against this could first be deployed (this is tracked in #6290) before the objective fix is activated as part of a consensus upgrade feature.
Consensus upgrade feature
The goal of this consensus upgrade feature is to correct the checks for the existence of the permission linked to by the
A new consensus protocol upgrade feature will be added to trigger the changes described in this consensus upgrade proposal. The actual digest for the feature understood at the blockchain level is to be determined. For the purposes of this proposal the codename
Note: even with