Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Gate account linking behind pragma #2353

Closed
turbolent opened this issue Feb 27, 2023 · 4 comments · Fixed by #2355
Closed

Gate account linking behind pragma #2353

turbolent opened this issue Feb 27, 2023 · 4 comments · Fixed by #2355
Assignees
@turbolent
Labels
Feature Feedback

Comments

@turbolent
Copy link
Member

turbolent commented Feb 27, 2023
edited
Loading

Issue to be solved

Currently, the account capabilities / linking feature is gated behind a configuration option of the checker. This option is constantly enabled by FVM on all networks but Mainnet.

Sentiment on the account capabilities FLIP has been positive, but there has also been a lot of feedback, requesting additional safe guards to make abuse of the feature harder.

A long term solution is being discussed in https://forum.onflow.org/t/super-user-account/4088. However, it will likely only be released with Stable Cadence.

As we would like to not block the release of the feature until the release of Stable Cadence, we need a temporary solution.

Suggested Solution

Introduce a new #allowAccountLinking pragma.

In the Cadence implementation, when the type checker encounters the pragma, enable the account linking feature.

This solution is both simple to add and remove, once migrating to the long-term solution.

It also allows wallets to detect relatively easily if the account linking feature is used in a transaction, and potentially prevent it.
@turbolent turbolent self-assigned this Feb 27, 2023
@bluesign
Copy link
Contributor

this seems like a great solution actually. One minor suggestion, can we force this to be declared on the top of the transaction? This way even wallets does not support (warning etc), user can see easily.

@turbolent turbolent mentioned this issue Feb 28, 2023
Merged
6 tasks
@jacob-tucker
Copy link

I also really like this solution. And totally agree with @bluesign - this should be required at the top of the transaction

@j1010001 j1010001 mentioned this issue Mar 2, 2023
Merged
@sisyphusSmiling
Copy link
Contributor

sisyphusSmiling commented Mar 2, 2023
edited
Loading

This is great to see! Thanks for moving quickly on this feature.

Question on the full scope of coverage for this feature - it's clear that account linking would be gated, but would accessing an existing AuthAccount Capability also be gated behind the pragma? More concretely, once I've linked my account at myAccount.linkAccount(/private/MyAccountCap) with a gated transaction, could another un-gated transaction simply call myAccount.getCapability<&AuthAccount>(/private/MyAccountCap) without requiring the pragma?

@turbolent
Copy link
Member Author

@sisyphusSmiling Correct, the pragma is purely for allowing the linking, it has no influence on the use of the link.

@turbolent turbolent mentioned this issue Mar 10, 2023
Merged
6 tasks
@sisyphusSmiling sisyphusSmiling mentioned this issue Mar 13, 2023
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@turbolent turbolent

Labels
Feature Feedback
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Require #allowAccountLinking pragma to allow use of account linking function onflow/cadence
4 participants
@turbolent @bluesign @jacob-tucker @sisyphusSmiling