xeroc
commented
2 years ago *Note: people can create as many wallet79 accounts they like.
Could this pose a problem that a hacker create all the accounts for himself leaving no more accounts available?
On this code base, we do not limit account creations at all. However account creation requires a fee (either liquid, power, or deletgated). This requirement of fee is what requires a user to go through an onboarding process with someone that already has stake that would delegate some stake when creating the new user. The initial stake is required since the number of transactions on chain is limited by the stake you have in it (rate-limitations via power).
Hence, for account creation, your students would go to a centralized service that can do all sorts of abuse prevention (e.g. requiring invitation code, verification of email/sms, even verification of student id would be possible). Only after verification would the onboarding process create an account on the blockchain (which technically requires a fee).
We could setup an account specifically for onboarding users into wallet79. This onboarding account would maybe not require a fee to be paid and the users would then not have any stake. Hence, we would need to modify the rate-limitation so that users would still be able to transfer SEREY on chain (remember: rate-limitation through power -> no power => no transactions/transfers).
Then, in order for a user to exit the limitations of transfer-only, we could (maybe) just require them to do a powerup of SEREY to become a full account. Then their stake would be locked up in their account and the rest of SEREY's functionality would become available.
TL;DR; I propose that we modify the rate-limitations so that
- accounts can be created by an (specific) onboarding account with 0 initial stake
- accounts would be naturally rate-limited to 0 transactions
- we would exclude the transfer operation from the rate-limitation so that they could do X transfers per day or so with 0 fees.
- users would be able to upgrade their limited account into a regular account by powering up some SEREY (and thus get over the rate-limitations).
*Note: people can create as many wallet79 accounts they like. Could this pose a problem that a hacker create all the accounts for himself leaving no more accounts available?
Currently, any account can create a new account as long as they pay/delegate some stake to the new account. The proposal above however would introduce an onboarding account (controlled by you) that can create 0-stake accounts (e.g. wallet79) without paying a fee. We could allow creation of this sort of accounts by anyone as well, but that opens up the issue of denial-of-service/spam, wouldn't recommend.
*Note: could we add a different prefix for the wallet79 accounts? So that the usernames on Serey are still available for normal users?
since the onboarding account is in your control, you can prefix/postfix any account name by anything. However, the proposal above would not rename an account name on upgrade. Also, keep in mind that changing an account name is bad practice on STEEM based blockchains as the name is part of the serialized transactions and you may end up in all sorts of weird race-conditions (imagine renaming an account by removing the prefix and someone else registering the account with prefix afterwards).
Let me know what you think and we can start digging into the rate-limitation code to see how much efforts it would take to implement it.
Besides Serey we are working with a Dutch professor on a project called wallet79. With wallet79 we want to connect students looking for jobs at companies. For this we use a revolutionary novel algorithm designed by Karen (Harvard Professor) and Steef (Dutch professor).
Users on wallet79 should have limited functionalities: only able to send a transaction in SRY. These users can upgrade their account to a full functionality Serey account that can do posting, voting, power up/down, etc..
*Note: people can create as many wallet79 accounts they like. Could this pose a problem that a hacker create all the accounts for himself leaving no more accounts available?
*Note: could we add a different prefix for the wallet79 accounts? So that the usernames on Serey are still available for normal users?