Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Review check of asset authorizations for all operations #973

Closed
3 tasks done
abitmore opened this issue May 25, 2018 · 1 comment
Closed
3 tasks done

Review check of asset authorizations for all operations #973

abitmore opened this issue May 25, 2018 · 1 comment
Labels
4c High Priority Priority indicating significant impact to system/user -OR- workaround is prohibitivly expensive bug hardfork
Projects
Protocol Upgrade Release (6.0.0)
Milestone
6.0.0 - Protocol ...

Comments

@abitmore
Copy link
Member

abitmore commented May 25, 2018
edited
Loading

There are some checks are missing, that said, limitations e.g. white-listing can be bypassed.

  • vesting balances related operations (issue Check asset authorizations and withdrawals in vesting balance related evaluators #972, PR Add missing asset authorization checks for some operations #2468)
    • Note: check asset authorization on creation, but not on withdrawal
  • call_order_update_operation / asset_settle_operation / bid_collateral_operation (PR Add missing asset authorization checks for some operations #2468):
    able to create an new MPA backed by restricted asset, and create a short position, then get margin called or force-settled; or to settle if want to move in the other direction.
  • others (need to review and add here)
    • Note: for blind transfer operations, transfer_to_blind_operation is not allowed if white_list bit is set, no matter if whitelist authorities or blacklist authorities are set; no asset authorization check for transfer_from_blind_operation or blind_transfer_operation
    • Note: no asset authorization check for asset_claim_fees_operation (when fees are collateral asset)
    • Note: for HTLC operations, check asset authorization on creation only
    • Note: for withdraw permissions, check asset authorization on claim only
@abitmore abitmore added this to New -Awaiting Core Team Evaluation in Project Backlog via automation May 25, 2018
@ryanRfox ryanRfox added this to To do in Protocol Upgrade Release (4.0.0) via automation Feb 1, 2019
@ryanRfox ryanRfox removed this from New -Awaiting Core Team Evaluation in Project Backlog Feb 1, 2019
@abitmore abitmore added this to New -Awaiting Core Team Evaluation in Project Backlog via automation Feb 2, 2020
@abitmore abitmore added this to To Do in Protocol Upgrade Release (6.0.0) via automation Apr 9, 2020
@abitmore abitmore removed this from New -Awaiting Core Team Evaluation in Project Backlog Apr 9, 2020
@abitmore abitmore added the 4c High Priority Priority indicating significant impact to system/user -OR- workaround is prohibitivly expensive label Nov 22, 2020
@abitmore abitmore moved this from To Do to In Development in Protocol Upgrade Release (6.0.0) May 23, 2021
@abitmore abitmore mentioned this issue May 29, 2021
Merged
@abitmore abitmore moved this from In Development to In Testing in Protocol Upgrade Release (6.0.0) May 29, 2021
@abitmore
Copy link
Member Author

Fixed by #2468.

Protocol Upgrade Release (6.0.0) automation moved this from In Testing to Done May 31, 2021
@abitmore abitmore mentioned this issue Oct 10, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
4c High Priority Priority indicating significant impact to system/user -OR- workaround is prohibitivly expensive bug hardfork
Projects
No open projects
Protocol Upgrade Release (6.0.0)
  
Done
Milestone
6.0.0 - Protocol Upgrade Release
Development

No branches or pull requests
1 participant
@abitmore