search

EOSIO / eos

An open source smart contract platform
https://developers.eos.io/manuals/eos
MIT License
11.27k stars 3.6k forks source link

[feature-request] blacklist permissions #6536

Open str opened 5 years ago

str commented 5 years ago

I've read the different options for the permissions, and all documentation I found was to create a new permission that can only "vote", which is fine. It looks the solution is a "whitelist" method. I can create a key/permission for a specific task.

But I was looking for the other way around, a blacklist solution. I want a key/permission I can use for everything EXCEPT transfers. I want an account I can use to sign any kind of action, except withdrawing from my EOS balances (or any other token I have).

Can we add that feature in the future please?

taokayan commented 5 years ago

One possible workaround is by using "./cleos set action permission" to set a required permission name for some action in some contract. for example:

./cleos set action permission a123 eosio.token transfer owner

This will set owner permission as required permission in eosio.token::transfer. After that transferring EOS with permission active will be rejected:

./cleos transfer a123 a124 "0.0001 SYS"
Error 3090005: Irrelevant authority included
Please remove the unnecessary authority from your action!
Error Details:
action declares irrelevant authority '{"actor":"a123","permission":"active"}'; minimum authority is {"actor":"a123","permission":"owner"}

However, if a transfer transaction is signed by owner, it can still get through:

./cleos transfer a123 a124 "0.0001 SYS" -p a123@owner
executed transaction: 9f06964323a63518dbdd5664d24d02ead273ed5734f927c24d24877a17db2f13  128 bytes  184 us
#   eosio.token <= eosio.token::transfer        {"from":"a123","to":"a124","quantity":"0.0001 SYS","memo":""}
#          a123 <= eosio.token::transfer        {"from":"a123","to":"a124","quantity":"0.0001 SYS","memo":""}
#          a124 <= eosio.token::transfer        {"from":"a123","to":"a124","quantity":"0.0001 SYS","memo":""}
warning: transaction executed locally, but may not be confirmed by the network yet         ]

To remove the permission link, you also need to satisfy the required permission set by the previous "set permission", for example:

./cleos set action permission a123 eosio.token transfer NULL -p a123@owner
str commented 5 years ago

I think that's it!

The only missing part is to be able to use a wildcard, so we can blacklist transfers for all contracts

./cleos set action permission myaccount123 '*' transfer owner

str commented 5 years ago

OK, after testingwhat @taokayan said, it did not work. Currently the work around is what EOS Newyork said at https://medium.com/eos-new-york/your-eos-account-in-safe-mode-86ad99fd8c40

If someone else is interested in blacklist actions, please upvote this feature/enhacenment

dariusdev commented 5 years ago

where we can upvote?