rooch-network
Add amount_limit field to VerificationMethod for spending control in DID documents
This PR adds an amount_limit field to the VerificationMethod struct in the DID system, enabling fine-grained spending control for different verification methods within a DID document.
Changes Made
Core Data Structure
- Added
amount_limit: u256field toVerificationMethodstruct in both Move and Rust code - Updated struct serialization/deserialization logic to handle the new field
API Updates
All DID creation and verification method management functions now require amount limit parameters:
// Before
did::add_verification_method_entry(
&signer, fragment, method_type, public_key, relationships
);
// After
did::add_verification_method_entry(
&signer, fragment, method_type, public_key, 1000000u256, relationships
);
Updated Functions
-
create_did_object_for_self_entry()- now acceptsuser_vm_amount_limit -
create_did_object_via_cadop_with_did_key_entry()- now accepts both user and service amount limits -
add_verification_method_entry()- now acceptsamount_limitparameter - All internal creation and authentication helper functions
Test Coverage
- Updated all test files with appropriate amount limits (500K-10M range)
- Primary account keys: 10M tokens (higher limit for main keys)
- Secondary verification methods: 1M-2M tokens
- Specialized keys (ECDSA-R1): 1.5M tokens
Documentation
- Updated
did_guide.mdto reflect the new VerificationMethod structure - Added clear documentation about the purpose and usage of amount limits
Benefits
This change enables:
- Graduated security policies - Different keys can have different spending limits
- Risk management - Limit exposure if secondary keys are compromised
- Multi-tier access control - Beyond permission types, now amount-based restrictions
- Flexible key management - Primary keys for large amounts, secondary keys for smaller transactions
Breaking Change
This is intentionally a breaking change to force developers to explicitly consider spending limits when creating verification methods, improving overall security posture.
Example Usage
// Create DID with 10M limit for primary account key
did::create_did_object_for_self_entry(&signer, public_key, 10000000u256);
// Add secondary verification method with 1M limit
did::add_verification_method_entry(
&signer,
string::utf8(b"backup-key"),
string::utf8(b"Ed25519VerificationKey2020"),
backup_public_key,
1000000u256, // 1M token limit
vector[1u8] // assertion_method
);
Fixes #3643.
[!WARNING]
Firewall rules blocked me from connecting to one or more addresses
I tried to connect to the following addresses, but was blocked by firewall rules:
esm.ubuntu.com
- Triggering command:
/usr/lib/apt/methods/https(dns block)If you need me to access, download, or install something from one of these locations, you can either:
- Configure Actions setup steps to set up my environment, which run before the firewall is enabled
- Add the appropriate URLs or hosts to my firewall allow list
💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.
The latest updates on your projects. Learn more about Vercel for Git ↗︎
| Name | Status | Preview | Comments | Updated (UTC) |
|---|---|---|---|---|
| rooch-portal-v2.1 | ✅ Ready (Inspect) | Visit Preview | 💬 Add feedback | Jul 6, 2025 0:43am |
| test-portal | ✅ Ready (Inspect) | Visit Preview | 💬 Add feedback | Jul 6, 2025 0:43am |
1 Skipped Deployment
| Name | Status | Preview | Comments | Updated (UTC) |
|---|---|---|---|---|
| rooch | ⬜️ Ignored (Inspect) | Visit Preview | Jul 6, 2025 0:43am |
![vercel[bot] avatar](https://avatars.githubusercontent.com/in/8329?v=4 "Published by a pub.dev verified publisher"){kind=small}