98 lines
2.9 KiB
Markdown
98 lines
2.9 KiB
Markdown
BSIP: 0029
|
|
Title: Asset issue change to require owner authority
|
|
Authors: Fabian Schuh <Fabian.Schuh@blockchainprojectsbv.com>
|
|
Status: Accepted
|
|
Type: Protocol
|
|
Created: 2018-01-28
|
|
Discussion: https://github.com/bitshares/bitshares-core/issues/199
|
|
Worker: 1.14.81
|
|
|
|
# Abstract
|
|
|
|
With the current design, the issuer of an asset can be changed with the
|
|
*active authority* alone. However, this authority is also required for
|
|
issuing new units of an asset/token. If this process wants to be
|
|
automated, an active key needs to be stored on an internet-connected
|
|
device. If compromised, an attacker can easily move the asset under his
|
|
control with no way to back.
|
|
|
|
This proposal comes with two changes to the protocol:
|
|
|
|
1. The current behavior of changing an assets' parameters will no longer
|
|
allow to change the issuer.
|
|
2. A new operation is introduced that allows to change the issuer of an
|
|
asset but requires the owner authority of the issuer to sign that
|
|
transaction.
|
|
|
|
# Motivation
|
|
|
|
Improve asset security.
|
|
|
|
# Rational
|
|
|
|
Assets should not be at risk while automating issuing of new units.
|
|
|
|
# Specifications
|
|
|
|
## Current Design and Implementation
|
|
|
|
Currently, any asset can be updated with `asset_update_operation`. This
|
|
operation contains an optional `new_issuer` that changes the issuer of
|
|
the asset.
|
|
|
|
## Proposed Changes
|
|
|
|
# `asset_update_operation`
|
|
|
|
The existing `asset_update_operation` will be modified in such that it
|
|
no longer allows the user of `new_issuer` after a hard fork.
|
|
|
|
# `asset_update_issuer_operation`
|
|
|
|
A new operation is added with the following construction
|
|
|
|
```
|
|
|
|
struct asset_update_issuer_operation : public base_operation
|
|
{
|
|
struct fee_parameters_type {uint64_t fee = 20 * GRAPHENE_BLOCKCHAIN_PRECISION; };
|
|
|
|
asset fee;
|
|
account_id_type issuer;
|
|
asset_id_type asset_to_update;
|
|
account_id_type new_issuer;
|
|
extensions_type extensions;
|
|
|
|
account_id_type fee_payer()const { return issuer; }
|
|
void validate()const;
|
|
|
|
void get_required_owner_authorities( flat_set<account_id_type>& a )const
|
|
{ a.insert( issuer ); }
|
|
|
|
void get_required_active_authorities( flat_set<account_id_type>& a )const
|
|
{ }
|
|
|
|
};
|
|
```
|
|
|
|
This new operation merely allows to change the issuer of an asset and
|
|
requires the owner authority (of the issuer account) to sign the
|
|
transaction.
|
|
|
|
# Summary for Shareholders
|
|
|
|
We here propose the addition of a new operation that improves security
|
|
of assets with respect to updating the issuer. This closes a long
|
|
existing problem that makes running automated issuing of units a
|
|
security issue since an attacker that obtains the keys can obtain full
|
|
control of an asset indefinitely. This proposal changes this behavior
|
|
and requires the owner to sign such change of issuer.
|
|
|
|
# Copyright
|
|
|
|
This document is placed in the public domain.
|
|
|
|
# Sponsoring
|
|
|
|
This worker proposal is proudly presented and sponsored by [Blockchain Projects BV](http://blockchainprojectsbv.com).
|