search

rchain-community / rgov

RChain liquid democracy demo: capability sharing, mailbox, directory, chat, ...
https://rchain-community.github.io/rgov/
10 stars 14 forks source link

Remove advisory "only once" from inbox bullet #191

Closed Bill-Kunj closed 3 years ago

Bill-Kunj commented 3 years ago

Now that we have MemberDirectory.rho, newinbox no longer allows multiple inbox creations. A second attempt simply returns the existing inbox. The text warning "only one" on index.html is no longer necessary.

dckc commented 3 years ago

Now that we have MemberDirectory.rho, newinbox no longer allows multiple inbox creations. A second attempt simply returns the existing inbox.

Really? I don't see how to do that securely.

I'm looking at the code, and it seems to involve sending my deployerId around... are we sure this is secure? I wonder in which PR this was added and how closely it was reviewed.

Resting on the security of deployerId has got me nervous. If I'm using a typical dApp, I don't look carefully at the rholang code that it deploys on my behalf. For all I know, it deploys code that steals my deployerId. I wonder how to manage that risk. I suppose it is already a known risk that you shouldn't just sign any old transaction that a dApp asks you to... and while most users don't directly read the code they're signing, there is some community review process by which dApps earn reputations...

Bill-Kunj commented 3 years ago

Yep. @jimscarver and I discussed the use of deployerId at length. I believe he's waiting for rho:rchain:revAddress before we address this completely, but he'll have the full justification for passing around deployerId. Note that newinbox.rho is the only place we pass it.

Bill-Kunj commented 3 years ago

@dckc @jimscarver What if we had participate.js look for references to deployerId in the rholang and alert the user?

dckc commented 3 years ago

That might help a little, but it would be a drop in the bucket. All other dApps pose the same risk.

So perhaps this should be a wallet feature. But then (and this belongs in a different issue...) what would the alert say? How would we make it intelligible to a broad audience?

Bill-Kunj commented 3 years ago

Closed by #262

dckc commented 3 years ago

262 is still open; how does it address this issue?

Bill-Kunj commented 3 years ago

@dckc #262 is about deployerId being passed around. The original intention for this issue "Remove advisory "only once" from inbox bullet" was to warn people from creating multiple inboxes, which is no longer possible.