Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Role bot review - August 3, 2023 #16

Closed
mochet opened this issue Aug 2, 2023 · 1 comment
Closed

Role bot review - August 3, 2023 #16

mochet opened this issue Aug 2, 2023 · 1 comment

Comments

@mochet
Copy link

mochet commented Aug 2, 2023
edited
Loading

See below link: #16 (comment)

Problem

I cannot claim my membership.

  • The bot asks for the root account which shouldn't be done because this account should be kept in cold storage. The root account is very much not appropriate for this kind of activity. The root account is capable of changing the controller account and although not every user uses this level of security it is not a good idea to depend on people having to use their root account for this kind of activity.
  • controller account is also inappropriate because one controller account can be tied to multiple member handles
  • The bot should prompt for the Joystream membership handle and then the user should be asked to sign using their controller address
  • The bot does not explain how to submit /solve, the prompts should reference this. The only way I understood to do this was seeing other users in the server do so.

Notes

  • /claim
    • Asks for root account--this should ask for controller account as root account is typically kept in cold storage.
    • Bot replies with Go to this URL [https://polkadot.js.org/apps/?rpc=wss://rpc.joystream.org:9944#/signing](https://polkadot.js.org/apps/?rpc=wss://rpc.joystream.org:9944#/signing "https://polkadot.js.org/apps/?rpc=wss://rpc.joystream.org:9944#/signing") and sign the following data with the given account. Zb0mbbk7RG
      • I do this action and it doesn't explain where to put the signed data on Discord. Replying to the bot or just pasting it in chat does not do anything.
      • If I /claim with the signed data the bot appears to get stuck thinking for a long time/crashes.
    • Changes needed
      • Instructions to user must be far clearer--"Use /solve to submit your signed data". The bot currently doesn't explain how to do this step.
      • /claim takes any input, it should validate an address
      • /claim should be asking for membership controller address and not root address (!).
        • It should really prompt for the member handle and then ask them to sign using the controller address.
      • How does bot deal with an address that has multiple memberships attached to it?
@mochet mochet mentioned this issue Aug 2, 2023
Closed
@mochet
Copy link
Author

mochet commented Aug 3, 2023

Ok so after a call today to discuss this the bot doesn't need any /claim or /solve action at all. It should just look at the profile metadata on-chain and assign roles to the Discord username specified there. If more than one Joystream profile claims a Discord username it should assign roles to both.

This is because to get any role (council member, storage worker etc) on-chain is a privilege already, there is no way for a random user to really abuse this because the Joystream handle is the one that gets given roles, not the Discord handle.

@goldstarhigher goldstarhigher mentioned this issue Aug 8, 2023
Merged
@mochet mochet closed this as completed Dec 25, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mochet