Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Forbid Unregister<Account> if's referenced from elsewhere #4329

Closed
mversic opened this issue Feb 27, 2024 · 3 comments
Closed

Forbid Unregister<Account> if's referenced from elsewhere #4329

mversic opened this issue Feb 27, 2024 · 3 comments
Labels
iroha2-dev The re-implementation of a BFT hyperledger in RUST Security This issue asks for improved security

Comments

@mversic
Copy link
Contributor

mversic commented Feb 27, 2024
edited

In iroha_core, we should prevent Unregister<Account> if it's listed in Domain::owned_by or AssetDefinition::owned_by. Custom defined executor can check for this and choose to transfer the account ownership to some other account before executing Unregister<Account>
@mversic mversic added Bug Something isn't working iroha2-dev The re-implementation of a BFT hyperledger in RUST labels Feb 27, 2024
@mversic mversic mentioned this issue Feb 27, 2024
Closed
@mversic mversic added Security This issue asks for improved security and removed Bug Something isn't working labels Feb 27, 2024
@mversic
Copy link
Contributor Author

mversic commented Apr 17, 2024

this will not be an issue after #4411 since accounts will be globally unique and it won't be possible to steal ownership

@mversic mversic closed this as completed Apr 17, 2024
@s8sato
Copy link
Contributor

s8sato commented Apr 19, 2024

I wonder if this issue can be closed.
I thought this had nothing to do with account uniqueness, but was like implementing ON DELETE PROTECT in RDB

@s8sato
Copy link
Contributor

s8sato commented Apr 19, 2024

mingler, [2024/04/19 16:23]
well, I was thinking that since after your changes with AccountId even "non-registered" accounts can be set as owners of domains/asset_definitions

mingler, [2024/04/19 16:23]
just as you can send assets to non-registered account, you can also transfer ownership to non-registered accounts

S. Sato, [2024/04/19 16:29]
Ok, I think account unregistration also should be reconsidered

S. Sato, [2024/04/19 16:29]
I guess your point is that pointing unregistered account would be no longer a problem

mingler, [2024/04/19 16:31]
unregistration of an account will now be like cleaning/wiping the account

mingler, [2024/04/19 16:31]
it's not that accounts stops existing

This issue can stay closed. Instead, #4426 should properly address unregistration of accounts as well as registration

@nxsaken nxsaken closed this as not planned Won't fix, can't repro, duplicate, stale May 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
iroha2-dev The re-implementation of a BFT hyperledger in RUST Security This issue asks for improved security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nxsaken @mversic @s8sato