You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The bot asks for the root account which shouldn't be done because this account should be kept in cold storage. The root account is very much not appropriate for this kind of activity. The root account is capable of changing the controller account and although not every user uses this level of security it is not a good idea to depend on people having to use their root account for this kind of activity.
controller account is also inappropriate because one controller account can be tied to multiple member handles
The bot should prompt for the Joystream membership handle and then the user should be asked to sign using their controller address
The bot does not explain how to submit /solve, the prompts should reference this. The only way I understood to do this was seeing other users in the server do so.
Notes
/claim
Asks for root account--this should ask for controller account as root account is typically kept in cold storage.
Bot replies with Go to this URL [https://polkadot.js.org/apps/?rpc=wss://rpc.joystream.org:9944#/signing](https://polkadot.js.org/apps/?rpc=wss://rpc.joystream.org:9944#/signing "https://polkadot.js.org/apps/?rpc=wss://rpc.joystream.org:9944#/signing") and sign the following data with the given account. Zb0mbbk7RG
I do this action and it doesn't explain where to put the signed data on Discord. Replying to the bot or just pasting it in chat does not do anything.
If I /claim with the signed data the bot appears to get stuck thinking for a long time/crashes.
Changes needed
Instructions to user must be far clearer--"Use /solve to submit your signed data". The bot currently doesn't explain how to do this step.
/claim takes any input, it should validate an address
/claim should be asking for membership controller address and not root address (!).
It should really prompt for the member handle and then ask them to sign using the controller address.
How does bot deal with an address that has multiple memberships attached to it?
The text was updated successfully, but these errors were encountered:
Ok so after a call today to discuss this the bot doesn't need any /claim or /solve action at all. It should just look at the profile metadata on-chain and assign roles to the Discord username specified there. If more than one Joystream profile claims a Discord username it should assign roles to both.
This is because to get any role (council member, storage worker etc) on-chain is a privilege already, there is no way for a random user to really abuse this because the Joystream handle is the one that gets given roles, not the Discord handle.
See below link: #16 (comment)
Problem
I cannot claim my membership.
root account
which shouldn't be done because this account should be kept in cold storage. Theroot account
is very much not appropriate for this kind of activity. The root account is capable of changing the controller account and although not every user uses this level of security it is not a good idea to depend on people having to use theirroot account
for this kind of activity.controller account
is also inappropriate because one controller account can be tied to multiple member handlesJoystream membership handle
and then the user should be asked to sign using theircontroller address
/solve
, the prompts should reference this. The only way I understood to do this was seeing other users in the server do so.Notes
/claim
root account
--this should ask for controller account as root account is typically kept in cold storage.Go to this URL [https://polkadot.js.org/apps/?rpc=wss://rpc.joystream.org:9944#/signing](https://polkadot.js.org/apps/?rpc=wss://rpc.joystream.org:9944#/signing "https://polkadot.js.org/apps/?rpc=wss://rpc.joystream.org:9944#/signing") and sign the following data with the given account. Zb0mbbk7RG
/claim
with the signed data the bot appears to get stuck thinking for a long time/crashes./solve
to submit your signed data". The bot currently doesn't explain how to do this step./claim
takes any input, it should validate an address/claim
should be asking for membership controller address and not root address (!).member handle
and then ask them to sign using the controller address.The text was updated successfully, but these errors were encountered: