`Account` `Capabilities` entitlement effectively entails all entitlements #166

turbolent · 2024-04-29T21:45:29Z

from auth(Capability) &Account it is not obvious to see it can add keys for example (by issuing account capability)

basically, granting Capabilities grants everything due to the ability to issue an account capability controller

The same applies to AccountCapabilities – it might not be obvious that it effectively grants all account entitlements.

Document potentially dangerous entitlements:

Contracts, AddContract: Allows adding a contract, which has access to the whole account
Capabilities, AccountCapabilities, IssueAccountCapabilityController: Allows issuing an account capability controller, with potentially access to the whole account

The text was updated successfully, but these errors were encountered:

j1010001 · 2024-05-10T18:19:28Z

Too close to Crescendo feature freeze & low prio.

turbolent mentioned this issue Apr 29, 2024

Cadence 1.0 (formerly known as "Stable Cadence") onflow/cadence#2642

Open

j1010001 added the documentation Improvements or additions to documentation label May 24, 2024

turbolent transferred this issue from onflow/cadence Oct 21, 2024

Provide feedback