known issues
By requesting a gasless service, a user can have time to increase the seqno on his own, or via another service.
In this case, the gasless service will incur gas costs.
However, this is a non-scalable scenario, as it requires the user to incur gas costs as well.
A blacklist on the service backend side solves the problem.
The user can request a gasless service and by means of a specialised extension have time to withdraw the entire balance of Jettons without change seqno.
In this case, the Jetton transfer message from the service will encounter a balance shortage and the Toncoins attached to message will return to the user's wallet.
However, this is a non-scalable scenario, as it requires the user to incur gas costs as well.
A blacklist on the service backend side solves the problem.
Suggested extensions
Decentralised subscriptions. The extension can withdraw a given number of Toncoins or Jettons once in a given period.
2FA: Multisig extension is added, extension prohibits wallet signature;
Key recovery: 2FA, but in multisig extension there is an option to change the control keys. Possible cooldown period when the other party can cancel the key change.
tolya-yanot
commented
1 month ago
known issues By requesting a gasless service, a user can have time to increase the seqno on his own, or via another service.
In this case, the gasless service will incur gas costs.
However, this is a non-scalable scenario, as it requires the user to incur gas costs as well.
A blacklist on the service backend side solves the problem.
The user can request a gasless service and by means of a specialised extension have time to withdraw the entire balance of Jettons without change seqno.
In this case, the Jetton transfer message from the service will encounter a balance shortage and the Toncoins attached to message will return to the user's wallet.
However, this is a non-scalable scenario, as it requires the user to incur gas costs as well.
A blacklist on the service backend side solves the problem.
Suggested extensions Decentralised subscriptions. The extension can withdraw a given number of Toncoins or Jettons once in a given period.
2FA: Multisig extension is added, extension prohibits wallet signature;
Key recovery: 2FA, but in multisig extension there is an option to change the control keys. Possible cooldown period when the other party can cancel the key change.