98 lines
2.9 KiB

BSIP: 0029
Title: Asset issue change to require owner authority
Authors: Fabian Schuh <>
Status: Accepted
Type: Protocol
Created: 2018-01-28
Worker: 1.14.81
# Abstract
With the current design, the issuer of an asset can be changed with the
*active authority* alone. However, this authority is also required for
issuing new units of an asset/token. If this process wants to be
automated, an active key needs to be stored on an internet-connected
device. If compromised, an attacker can easily move the asset under his
control with no way to back.
This proposal comes with two changes to the protocol:
1. The current behavior of changing an assets' parameters will no longer
allow to change the issuer.
2. A new operation is introduced that allows to change the issuer of an
asset but requires the owner authority of the issuer to sign that
# Motivation
Improve asset security.
# Rational
Assets should not be at risk while automating issuing of new units.
# Specifications
## Current Design and Implementation
Currently, any asset can be updated with `asset_update_operation`. This
operation contains an optional `new_issuer` that changes the issuer of
the asset.
## Proposed Changes
# `asset_update_operation`
The existing `asset_update_operation` will be modified in such that it
no longer allows the user of `new_issuer` after a hard fork.
# `asset_update_issuer_operation`
A new operation is added with the following construction
struct asset_update_issuer_operation : public base_operation
struct fee_parameters_type {uint64_t fee = 20 * GRAPHENE_BLOCKCHAIN_PRECISION; };
asset fee;
account_id_type issuer;
asset_id_type asset_to_update;
account_id_type new_issuer;
extensions_type extensions;
account_id_type fee_payer()const { return issuer; }
void validate()const;
void get_required_owner_authorities( flat_set<account_id_type>& a )const
{ a.insert( issuer ); }
void get_required_active_authorities( flat_set<account_id_type>& a )const
{ }
This new operation merely allows to change the issuer of an asset and
requires the owner authority (of the issuer account) to sign the
# Summary for Shareholders
We here propose the addition of a new operation that improves security
of assets with respect to updating the issuer. This closes a long
existing problem that makes running automated issuing of units a
security issue since an attacker that obtains the keys can obtain full
control of an asset indefinitely. This proposal changes this behavior
and requires the owner to sign such change of issuer.
# Copyright
This document is placed in the public domain.
# Sponsoring
This worker proposal is proudly presented and sponsored by [Blockchain Projects BV](