hybrid-custody icon indicating copy to clipboard operation
hybrid-custody copied to clipboard

Published 20 hours ago verified publisher icon onflow

[FEATURE] Migrate to Capability Controllers

Open austinkline opened this issue 1 year ago • 0 comments

Issue to be solved

There are a few potential issues called out in Hybrid Custody due to the nature of capabilities and how they are currently obtained. For instance, giving ownership of one account to another isn't guaranteed to actually revoke auth account access from the previous owner because they could obtain a capability to the cap which would be provisioned when ownership is given away.

Capability Controllers prevent this type of behavior, and is an upgrade we will have to do for stable cadence anyway some time down the line.

Suggest A Solution

Migrate all uses of capabilities on the Hybrid Custody contract to use Capability Controllers instead of the current getCapability access pattern. FLIP for capcons can be found here: https://github.com/onflow/flow/pull/798

What are you currently working on that this is blocking?

Nothing. This is not strictly needed, but would make HC more secure

austinkline avatar Jul 10 '23 05:07 austinkline