[security] The contract needs to enforce permission restrictions when creating a session. #1530
Labels
area::ideas
Application or Feature ideas
area::sdk
area::security
skill::move
Need the Move language skill to complete the issue
skill::typescript
Need the typescript language to complete the issue
Milestone
Comments
wow-sven
added
area::security
skill::move
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
For instance
Create a new session, replace the auth key, transfer.
If a DApp behaves maliciously, it can circumvent the restrictions imposed by the SDK and manipulate the permission information presented to users. In such a scenario, a session key could potentially obtain access to all operations. Our aim with sessions is to prevent repetitive authorizations, rather than bestow super permissions.
If modifications are required here, it's necessary to thoroughly review all permissions and contract adjustments and then update the SDK.
The text was updated successfully, but these errors were encountered: