Comments (6)
I don't fully understand your example, can you give a clearer explanation? The invalidate action can be called by C to invalidate any proposals that affect B.
from eosio.contracts.
Account A adds a proposal in order to update auth, then account A is offline traded to others and the public key is modified, and then proposal is executed causing the public key to be modified again. This will cause serious property damage to the buyer.
like this example
the proposal which named xxtest111111 change the owner key to "EOS7QsF9zA4Yq7ugtVrEFP4UEhBGGnTuhHwaknQJoxp4daih1gUnx"
from eosio.contracts.
I think all proposals should expire after ownership changes.
from eosio.contracts.
How do we know when ownership changes? I still do not understand why in your example the invalidate action doesn't resolve the problem. The code was specifically modified to stop msig actions from restoring account permissions after an account has been sold. But it is the new owner/exchanges responsibility to call the invalidate action.
from eosio.contracts.
I understand what you mean, we will try to solve the problem in this way, thank you
from eosio.contracts.
As @StarryJapanNight mentioned, the new invalidate
action was added (#59) to eosio.msig
in v1.3.0 specifically to address this issue. But it is the responsibility of the parties doing the exchange to call that invalidate
in the same transaction that transfers ownership.
Keep in mind there are other loopholes (using deferred transactions) that a malicious account seller can use to effectively do the same thing. Unfortunately, there is no clean solution to this other than using an escrow process. See the discussion here.
from eosio.contracts.
Related Issues (20)
- [email protected]
- Tiny typo correction[docs] Suggestion / Change Request HOT 1
- Small typo in table correction[docs] Suggestion / Change Request HOT 1
- Tiny typo correction in a table[docs] Suggestion / Change Request HOT 1
- NRM modelling: decay_secs has no effect? HOT 4
- [docs] buyram description seems to be wrong
- cant Borrow CPU/NET
- Luckyangie12
- [docs] Suggestion / Invalid parameter name in the issue action. HOT 1
- eosio newaccount ACTION might has an issue. HOT 1
- [eosio.wrap] Use inline action instead of deferred trx
- Unable to build tests HOT 19
- [docs] Suggestion / Change Request
- [docs] Suggestion / Change Request - Fix Description for 2nd Argument of setabi()
- Error 3070003: Serialization Error Processing WASM HOT 1
- build.sh does not detect newer Darwin versions HOT 2
- stod causes access violation error
- [docs] I think the replenish algorithm description is wrong
- Calling actions of deployed smart-contract HOT 1
- eosio powerup ABI type is invalid
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from eosio.contracts.