Skip to content
This repository has been archived by the owner on Jun 29, 2023. It is now read-only.

Access control for contracts #584

Open
ChihChengLiang opened this issue May 4, 2021 · 0 comments
Open

Access control for contracts #584

ChihChengLiang opened this issue May 4, 2021 · 0 comments
Labels
contracts This PR changes some contracts p3

Comments

@ChihChengLiang
Copy link
Collaborator

What's wrong

Some of these contracts have no access controls. Which might be a potential attack vector. This issue consolidate those contracts

SpokeRegistry

SpokeRegistry register spoke contracts and maps a spokeID to a spoke contract. Once a spoke is registered, people can send massMigration to migrate their tokens from Hubble to the spoke.

No access control means anyone can register malicious spoke contracts.

tokenRegistry

No access control means anyone can register malicious ERC20 token.

How can we fix it

We don't have governance and we don't want to assign that access to a particular entity.

One way to fix this is to determine all the spokes and the tokens at the deployment and no one are allowed to add new tokens in the future.
@ChihChengLiang ChihChengLiang added the contracts This PR changes some contracts label May 4, 2021
This was referenced May 4, 2021
Closed
Closed
@jacque006 jacque006 mentioned this issue Dec 23, 2021
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
contracts This PR changes some contracts p3
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ChihChengLiang