KIPs icon indicating copy to clipboard operation
KIPs copied to clipboard
verified publisher icon kadena-io

Add kip-0022 - No principal guard rotation in coin contract

Open imalsogreg opened this issue 2 years ago • 4 comments

imalsogreg avatar Oct 25 '23 16:10 imalsogreg

I like it. It makes sense.

But what about the owners of principal accounts, who have already previously rotated their guard ?

We should give them a possibility to come back to the right path.

I would change your new enforcement by:

(enforce (or? (not? (is-principal)) 
              (validate-principal new-guard) account)
         "It is unsafe for principal accounts to rotate their guard")

Allow rotation if either:

  • it's not a principal account
  • or the destination guard is matching the account name

CryptoPascal31 avatar Nov 02 '23 21:11 CryptoPascal31

By the way: A more straightforward workaround proposal for non-rotatable accounts could be to simply use r: accounts (keyset references).

Keysets are still rotatable. This has been suggested by @emilypi here: https://github.com/kadena-io/KIPs/pull/43#discussion_r1187677609

IMHO, it should be mentioned in the KIP.

CryptoPascal31 avatar Nov 02 '23 21:11 CryptoPascal31

Thanks @CryptoPascal31 for the good feedback! @imalsogreg any thoughts?

emilypi avatar Nov 03 '23 16:11 emilypi

:thumbsup:

CryptoPascal31 avatar Nov 08 '23 20:11 CryptoPascal31