Enhance smart contract's seed security #686
Labels
feature
New feature request
mining
Involve transaction validation and mining
smart contracts
Involve smart contracts
to-analyze
Comments
samuelmanzanera
added
feature
Open
|
No need after #945 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem?
Archethic's smart contract leverages secret delegation to allow self-triggered transactions.
In this context, the smart contract's owner encrypts the chain's seed with the storage nonce public key (known by all the nodes).
Of course, to restrict the impact of the seed's usage, the inherit constraints define a whitelist of mutated properties allowed by the nodes.
So, a node could not change something which was not expected.
Because the storage nonce is known by all the nodes at any time, some people could have access to all the seeds of the smart contracts and try to leverage this to build transactions unexpected.
To prevent security issue, if the inherit constraints were not well scoped, we can increase the way the transactions are triggered to target only authorized nodes and leverage proof of work to ensure the origin.
Describe the solution you'd like
To tackle this problem, I propose to ensure the origin of the transactions by changing the
Contracts.accept_new_contract/3function to check the origin signature based on the list of authorized nodesAdditional context
Epic: #608
The text was updated successfully, but these errors were encountered: