Skip to content
This repository has been archived by the owner on Jul 6, 2022. It is now read-only.

SecurityToken.addToWhitelist() can only be called by the KYC provider #30

Closed
pabloruiz55 opened this issue Jan 10, 2018 · 3 comments
Closed

SecurityToken.addToWhitelist() can only be called by the KYC provider #30

pabloruiz55 opened this issue Jan 10, 2018 · 3 comments

Comments

@pabloruiz55
Copy link
Contributor

According to the docs:

  1. (This part can be done by anyone) The investor/issuer calls
    SecurityToken.addToWhitelist()     which checks the KYC provider address
    customer datastore in Customers.sol and verifies the customer verifications
    meet the security token compliance template requirements.

But the function specifies:

require(KYC == msg.sender);

@everhusk which is correct?
@satyamakgec
Copy link
Contributor

satyamakgec commented Jan 11, 2018
edited

it is only be called by KYC provider otherwise we can't get the data of the customer from our chain. i think sukh did a mistake in the documentation.
anyways @everhusk please confirm

@pabloruiz55
Copy link
Contributor Author

Why not? The issuer should be able to consult whether or not an investor has been verified by the KYC provider.

It looks like a problem otherwise, the issuer would have to make, somehow, the KYC provider add investors to the whitelist for their token, which definitively should not be the KYC provider's job.

@everhusk
Copy link
Contributor

I agree with Pablo on this, let's allow only the Issuer or KYC provider to addToWhitelist()

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pabloruiz55 @everhusk @satyamakgec