Open str opened 5 years ago
One possible workaround is by using "./cleos set action permission" to set a required permission name for some action in some contract. for example:
./cleos set action permission a123 eosio.token transfer owner
This will set owner
permission as required permission in eosio.token::transfer. After that transferring EOS with permission active
will be rejected:
./cleos transfer a123 a124 "0.0001 SYS"
Error 3090005: Irrelevant authority included
Please remove the unnecessary authority from your action!
Error Details:
action declares irrelevant authority '{"actor":"a123","permission":"active"}'; minimum authority is {"actor":"a123","permission":"owner"}
However, if a transfer transaction is signed by owner
, it can still get through:
./cleos transfer a123 a124 "0.0001 SYS" -p a123@owner
executed transaction: 9f06964323a63518dbdd5664d24d02ead273ed5734f927c24d24877a17db2f13 128 bytes 184 us
# eosio.token <= eosio.token::transfer {"from":"a123","to":"a124","quantity":"0.0001 SYS","memo":""}
# a123 <= eosio.token::transfer {"from":"a123","to":"a124","quantity":"0.0001 SYS","memo":""}
# a124 <= eosio.token::transfer {"from":"a123","to":"a124","quantity":"0.0001 SYS","memo":""}
warning: transaction executed locally, but may not be confirmed by the network yet ]
To remove the permission link, you also need to satisfy the required permission set by the previous "set permission", for example:
./cleos set action permission a123 eosio.token transfer NULL -p a123@owner
I think that's it!
The only missing part is to be able to use a wildcard, so we can blacklist transfers for all contracts
./cleos set action permission myaccount123 '*' transfer owner
OK, after testingwhat @taokayan said, it did not work. Currently the work around is what EOS Newyork said at https://medium.com/eos-new-york/your-eos-account-in-safe-mode-86ad99fd8c40
If someone else is interested in blacklist actions, please upvote this feature/enhacenment
where we can upvote?
I've read the different options for the permissions, and all documentation I found was to create a new permission that can only "vote", which is fine. It looks the solution is a "whitelist" method. I can create a key/permission for a specific task.
But I was looking for the other way around, a blacklist solution. I want a key/permission I can use for everything EXCEPT transfers. I want an account I can use to sign any kind of action, except withdrawing from my EOS balances (or any other token I have).
Can we add that feature in the future please?