dckc
commented
1 month ago I'm not sure about the security implications of letting clients unilaterally add issuers. Added needs-design.
Closed dckc closed 1 month ago
dckc
commented
1 month ago I'm not sure about the security implications of letting clients unilaterally add issuers. Added needs-design.
samsiegart
commented
1 month ago Thanks for making an issue.
I'm not sure about the security implications of letting clients unilaterally add issuers. Added needs-design.
If the design was up to me right now, I'd just allow it. We already do the same with swaparoo. If we ever decide to deploy this to mainnet, perhaps we could revisit these concerns?
dckc
commented
1 month ago I suppose as long as the clients don't get to choose names / keywords, it should be fine.
So the design would be, like swaparoo, to let clients give issuers to add in the invitationArgs? (or offerArgs)
samsiegart
commented
1 month ago So the design would be, like swaparoo, to let clients give issuers to add in the invitationArgs? (or offerArgs)
Yea, in invitationArgs
the postal service contract doesn't dynamically add issuers like the swaparoo contract does.
noted by @samsiegart in #45
Design
let clients give issuers to add in the invitationArgs