search

Agoric / agoric-sdk

monorepo for the Agoric Javascript smart contract platform
Apache License 2.0
326 stars 205 forks source link

how to limit excess authority when registering a storage node #8594

Open 0xpatrickdev opened 10 months ago

0xpatrickdev commented 10 months ago

What is the Problem Being Solved?

In a permit for a core-eval, a contract can request access to chainStorage like this:

{
  "consume": {
    "chainStorage": true
  }
}

This grants excess authority and the ability to overwrite other storage nodes.

first observed as a potential SDK improvement in https://github.com/Agoric/agoric-sdk/issues/8194#issuecomment-1710725136 - @raphdev

Description of the Design

A similar approach to this suggestion, where chainStorage is limited to particular path(s):

{
  "consume": {
    "chainStorage": {
      "myNode": true
    }
  }
}

Security Considerations

The goal of this ticket is to limit excess authority granted around chainStorage during the core-eval process.

Scaling Considerations

Test Plan

Upgrade Considerations

raphdev commented 10 months ago

Worth noting this was first observed as a potential SDK improvement in https://github.com/Agoric/agoric-sdk/issues/8194#issuecomment-1710725136

dckc commented 3 months ago

We have a prototype in https://github.com/Agoric/dapp-offer-up/commit/0c894f6b7126ccfa575c11117e82e87c93a67186

I don't think that one (https://github.com/Agoric/dapp-offer-up/pull/61 ) has landed, but the one in dapp-agoric-basics has:

cc @Jovonni