-
Notifications
You must be signed in to change notification settings - Fork 184
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(solecs): restrict write access to Set and MapSet to owner #244
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tested on Sky Strife, everything is working correctly 👍🏼
We should probably have a way for the current owner to update the owner, right? If so, we might consider inheriting from Ownable in one of the standard set of solidity libraries (OpenZeppelin, etc.) |
Agree, waiting for #239 before this refactor |
Can we store ownership in ECS too? no reason to have state that doesn't
conform to our way of storing state. we'll need to have custom getters
client side in case someone builds a frontend for system/component
management using MUD.
I think it's good to expose view functions that implements IOwnable; but
let's avoid saving the state in the systems/components with a custom
storage slot.
…On Fri, 11 Nov 2022 at 07:32, alvarius ***@***.***> wrote:
Agree, waiting for #239 <#239>
before this refactor
—
Reply to this email directly, view it on GitHub
<#244 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AFBYUK3BCSL2GYR3SJB2U3DWHZRKDANCNFSM6AAAAAAR5RUCTA>
.
You are receiving this because your review was requested.Message ID:
***@***.***>
|
Or if we don't do that; we can standardise the fact that only components
can write to their map set (which would make sense); and let Components
handle access control themselves with that state stored in ECS.
Mental model here is that all state that could possibly be needed by a CLI
/ a frontend should be in ECS.
…On Fri, 11 Nov 2022 at 12:53, Ludens ♝ ***@***.***> wrote:
Can we store ownership in ECS too? no reason to have state that doesn't
conform to our way of storing state. we'll need to have custom getters
client side in case someone builds a frontend for system/component
management using MUD.
I think it's good to expose view functions that implements IOwnable; but
let's avoid saving the state in the systems/components with a custom
storage slot.
On Fri, 11 Nov 2022 at 07:32, alvarius ***@***.***> wrote:
> Agree, waiting for #239 <#239>
> before this refactor
>
> —
> Reply to this email directly, view it on GitHub
> <#244 (comment)>, or
> unsubscribe
> <https://github.com/notifications/unsubscribe-auth/AFBYUK3BCSL2GYR3SJB2U3DWHZRKDANCNFSM6AAAAAAR5RUCTA>
> .
> You are receiving this because your review was requested.Message ID:
> ***@***.***>
>
|
Fixes a critical security bug in solecs (restricting write access to internal MapSet and Set contracts to the owner of those contracts)