In the Terminus contract we have isApprovedForPool(uint256 poolID, address operator) function, which grants operator burning and minting permission (only pool owner can grant this permissions). There are problems with it:
Approval cannot be taken away. (Huge security problem)
When the pool control transfer is done, old approvals will not be reset (which might be ok), but you will not be able to easily remove approvals for all of the operators
Possible solutions
Add the ability for terminus owner to grant roles (minting, burning, control, etc) by giving terminus pools
Since, solution No 1 can make mess inside the terminus contract, make TerminusManager contract that will handle all the access control. (TerminusManager will be the controller of the pool)
Problem
In the
Terminus
contract we haveisApprovedForPool(uint256 poolID, address operator)
function, which grantsoperator
burning and minting permission (only pool owner can grant this permissions). There are problems with it:operators
Possible solutions
TerminusManager
contract that will handle all the access control. (TerminusManager
will be the controller of the pool)