Add an unentitled way to identify if an account be controlled by account caps

onflow / cadence

Cadence, the resource-oriented smart contract programming language 🏃‍♂️

https://cadence-lang.org

Apache License 2.0

533 stars 138 forks source link

Add an unentitled way to identify if an account be controlled by account caps #3312

Open btspoony opened 6 months ago

btspoony commented 6 months ago

Issue to be solved

The current exposed interface of the account cannot allow anyone to know whether the address has an Account Capability. This will make it impossible to implement some logic that needs to determine the controllability of the address.

Discussion context: https://discord.com/channels/613813861610684416/1235590034837475378

Suggested Solution

Add a method that can be used by any unentitled account to determine the existence of an Account Capability.

turbolent commented 6 months ago

Even when being able to determine there are no account capability controllers on an account, a contract deployed to the account may expose similar functionality (e.g. allows adding keys).

btspoony commented 6 months ago

Even when being able to determine there are no account capability controllers on an account, a contract deployed to the account may expose similar functionality (e.g. allows adding keys).

Yes, but currently there is no way to determine the uncontrollability.

Once this is available, combined with the judgment of not deploying any contracts, it can be determined that the address is permanently uncontrollable.