evanmcfarland
commented
3 months ago burn/mint functions are accessable only to nft_manager canister. Icrc37 removed. All query functions remain open because motoko sucks.
Closed evanmcfarland closed 3 months ago
evanmcfarland
commented
3 months ago burn/mint functions are accessable only to nft_manager canister. Icrc37 removed. All query functions remain open because motoko sucks.
The ICRC37 properties we won't use anyway, because (1) The nfts will likely be traded inside our platform, (2) if they're off our platform than people can send their nfts to a SC, and (3) Setting high approval limits opens security and ddos attacks.
If someone else triggers the approval limit, the cansiter garbage collects us as the owner, and renders the whole thing useless anyway.
The problem is the nft_manager canister uses the init() function, which populates with icrc37 functions with all data, and which we can't deploy the canister without.
The task is to trim all the icrc37 related logic out of the icrc7 canister, or take the lazy way and set all the initial parameters to zero/null, and ensure none of those functions work.
The other thing, kind of separate, but since we're going to blackhole the icrc7 canister, we have to add guards (if this is possible in motoko). Conditions:
It's kindof turning this into a closed system, but I don't care because it's ddos proof and future proof in case of vulnerabilities. I didn't make this icrc7 implementation and it's in motoko so I can't read it. The more restrictions we put, the better.