Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Restrict capabilities.publish to account's own capabilities #196

Open
bluesign opened this issue Sep 13, 2023 · 0 comments
Open

Restrict capabilities.publish to account's own capabilities #196

bluesign opened this issue Sep 13, 2023 · 0 comments
Labels
flip: cadence

Comments

@bluesign
Copy link
Collaborator

bluesign commented Sep 13, 2023
edited

Currently it is possible to republish someone else's capability via new capabilities API, I think it makes sense to keep old restriction.

There are a lot of scenarios ( voting, gating with existence of NFT ) usually checking if account owns some balance or resource, by checking a public path capability. Now it will be extra burden for developers and small foot gun with this change of behaviour.

FLIP suggests adding a restriction to the capability API, permitting only capabilities from the same account address to be published via capabilities.publish.

Previous Discussion: onflow/cadence#2768
Draft PR: onflow/cadence#2782
FLIP Discussion: #197
@bluesign bluesign removed their assignment Nov 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
flip: cadence
Projects
FLIPs Tracker
Status: Drafted
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bluesign