Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Review check of asset authorizations for all operations #973

Closed
3 tasks done
abitmore opened this issue May 25, 2018 · 1 comment
Closed
3 tasks done

Review check of asset authorizations for all operations #973

abitmore opened this issue May 25, 2018 · 1 comment
Labels
4c High Priority Priority indicating significant impact to system/user -OR- workaround is prohibitivly expensive bug hardfork
Milestone
6.0.0 - Protocol ...

Comments

@abitmore
Copy link
Member

abitmore commented May 25, 2018
edited
Loading

There are some checks are missing, that said, limitations e.g. white-listing can be bypassed.

  • vesting balances related operations (issue Check asset authorizations and withdrawals in vesting balance related evaluators #972, PR Add missing asset authorization checks for some operations #2468)
    • Note: check asset authorization on creation, but not on withdrawal
  • call_order_update_operation / asset_settle_operation / bid_collateral_operation (PR Add missing asset authorization checks for some operations #2468):
    able to create an new MPA backed by restricted asset, and create a short position, then get margin called or force-settled; or to settle if want to move in the other direction.
  • others (need to review and add here)
    • Note: for blind transfer operations, transfer_to_blind_operation is not allowed if white_list bit is set, no matter if whitelist authorities or blacklist authorities are set; no asset authorization check for transfer_from_blind_operation or blind_transfer_operation
    • Note: no asset authorization check for asset_claim_fees_operation (when fees are collateral asset)
    • Note: for HTLC operations, check asset authorization on creation only
    • Note: for withdraw permissions, check asset authorization on claim only
@abitmore abitmore added the 4c High Priority Priority indicating significant impact to system/user -OR- workaround is prohibitivly expensive label Nov 22, 2020
@abitmore abitmore mentioned this issue May 29, 2021
Merged
@abitmore
Copy link
Member Author

Fixed by #2468.

@abitmore abitmore mentioned this issue Oct 10, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
4c High Priority Priority indicating significant impact to system/user -OR- workaround is prohibitivly expensive bug hardfork
Projects
None yet
Milestone
6.0.0 - Protocol Upgrade Release
Development

No branches or pull requests
1 participant
@abitmore