CJ42
commented
1 year ago I think it is an excellent idea and I would push this proposal further.
@skimaharvey @samuel-videau wdyt?
Open YamenMerhi opened 1 year ago
CJ42
commented
1 year ago I think it is an excellent idea and I would push this proposal further.
@skimaharvey @samuel-videau wdyt?
samuel-videau
commented
1 year ago So if I understand well, there would be a only an interval when you can accept the ownership? E.g. 17:00 - transferOwnership 17:05 - acceptOwnership open 17:15 - acceptOwnership close
YamenMerhi
commented
1 year ago We could have an interval like @samuel-videau mentioned, or we agree on a simplest version where:
Just to do the purpose of this issue, which is having 2 steps, and a delay where in case the transferOwnership happened by mistake or by an attacker, a user will have time to do some stuff, like revoking the access, etc ..
And the idea is to allow this effect of delay after the deployment of the UP by like 100 block, so when deployed the UP can be setup (transferOwnership to another contract) without a delay, like we do with lsp-factory/relayer.
Issue Description
LSP0 relies on LSP14 for ownership management, which is beneficial in preventing accidental ownership transfers by mitigating common mistakes such as typos in addresses. However, LSP14 does not provide protection against phishing attacks.
Currently, LSP14 allows attackers to trick users into signing a transferOwnership transaction, which can then be accepted by the attacker as soon as it's mined. This single-step process is vulnerable to phishing attacks.
In contrast, the renounceOwnership process in LSP14 requires two steps and enforces a delay between them. This delay helps reduce the risk of successful phishing attacks since the attacker cannot immediately request the user to sign the subsequent transaction.
Proposed Solution
To enhance the phishing protection in LSP0, we suggest implementing a similar mechanism to the renounceOwnership process for transferOwnership:
After a user initiates a transferOwnership transaction, the recipient address cannot accept ownership until a predefined delay period has passed. If the new owner does not accept ownership within the limited time window, the transfer is invalidated. By adding this delay, interfaces can display warnings or notifications to the user regarding the ownership transfer, giving them a chance to rectify any mistakes. Additionally, integration with mobile, email, or SMS services can alert users of ownership transfers, allowing them to take quick action if needed, similar to receiving notifications when someone logs into their Google account.
This proposed solution strengthens LSP0 against phishing attacks, providing a more robust protection mechanism for ownership transfers.