BSIP: 0029 Title: Asset issue change to require owner authority Authors: Fabian Schuh Status: Draft Type: Protocol Created: 2018-01-28 Discussion: https://github.com/bitshares/bitshares-core/issues/199 Worker: 1.14.81 # Abstract With the current design, the issuer of an asset can be changed with the *active authority* alone. However, this authority is also required for issuing new units of an asset/token. If this process wants to be automated, an active key needs to be stored on an internet-connected device. If compromised, an attacker can easily move the asset under his control with no way to back. This proposal comes with two changes to the protocol: 1. The current behavior of changing an assets' parameters will no longer allow to change the issuer. 2. A new operation is introduced that allows to change the issuer of an asset but requires the owner authority of the issuer to sign that transaction. # Motivation Improve asset security. # Rational Assets should not be at risk while automating issuing of new units. # Specifications ## Current Design and Implementation Currently, any asset can be updated with `asset_update_operation`. This operation contains an optional `new_issuer` that changes the issuer of the asset. ## Proposed Changes # `asset_update_operation` The existing `asset_update_operation` will be modified in such that it no longer allows the user of `new_issuer` after a hard fork. # `asset_update_issuer_operation` A new operation is added with the following construction ``` struct asset_update_issuer_operation : public base_operation { struct fee_parameters_type {uint64_t fee = 20 * GRAPHENE_BLOCKCHAIN_PRECISION; }; asset fee; account_id_type issuer; asset_id_type asset_to_update; account_id_type new_issuer; extensions_type extensions; account_id_type fee_payer()const { return issuer; } void validate()const; void get_required_owner_authorities( flat_set& a )const { a.insert( issuer ); } void get_required_active_authorities( flat_set& a )const { } }; ``` This new operation merely allows to change the issuer of an asset and requires the owner authority (of the issuer account) to sign the transaction. # Summary for Shareholders We here propose the addition of a new operation that improves security of assets with respect to updating the issuer. This closes a long existing problem that makes running automated issuing of units a security issue since an attacker that obtains the keys can obtain full control of an asset indefinitely. This proposal changes this behavior and requires the owner to sign such change of issuer. # Copyright This document is placed in the public domain. # Sponsoring This worker proposal is proudly presented and sponsored by [Blockchain Projects BV](http://blockchainprojectsbv.com).