near-cli icon indicating copy to clipboard operation
near-cli copied to clipboard

Published 20 hours ago verified publisher icon near

zombie auths ("delete" doesn't delete what "create" creates)

Open myklemykle opened this issue 3 years ago • 1 comments

Describe the bug "near create-account" creates a subaccount, and authorizes it with a master account . "near delete" deletes the subsidiary account but does not remove the authorization. The authorization lives on. Possibly it could become an attack vector.

To Reproduce Steps to reproduce the behavior: 1. use "near create-account" to make an account; use some master account. 2. use "near delete" to delete the account from step 1 3. visit the master account in the Near Wallet (I see this on testnet) and see the authorization is still there.

Expected behavior It should be possible, probably the default behavior, for the auth to be deleted when the account is deleted. If there's a use case for maintaining an authorization to a non-existent account, there could be a flag to support that.

Desktop (please complete the following information):

  • OS: MacOs Big Sur
  • Version [e.g. 22]

Additional context My dev process has me re-deploy the contract fairly often on testnet. I just found about 20 of these zombie auths.

myklemykle avatar Mar 23 '21 19:03 myklemykle

Hi . First timer this side . I will like to work on this issue .

Rishabhraghwendra18 avatar Jun 03 '21 05:06 Rishabhraghwendra18