bsips/bsip-0029.md
2018-03-05 10:35:32 +00:00

2.9 KiB

BSIP: 0029
Title: Asset issue change to require owner authority
Authors: Fabian Schuh <Fabian.Schuh@blockchainprojectsbv.com>
Status: Accepted
Type: Protocol
Created: 2018-01-28
Discussion: https://github.com/bitshares/bitshares-core/issues/199
Worker: 1.14.81

Abstract

With the current design, the issuer of an asset can be changed with the active authority alone. However, this authority is also required for issuing new units of an asset/token. If this process wants to be automated, an active key needs to be stored on an internet-connected device. If compromised, an attacker can easily move the asset under his control with no way to back.

This proposal comes with two changes to the protocol:

  1. The current behavior of changing an assets' parameters will no longer allow to change the issuer.
  2. A new operation is introduced that allows to change the issuer of an asset but requires the owner authority of the issuer to sign that transaction.

Motivation

Improve asset security.

Rational

Assets should not be at risk while automating issuing of new units.

Specifications

Current Design and Implementation

Currently, any asset can be updated with asset_update_operation. This operation contains an optional new_issuer that changes the issuer of the asset.

Proposed Changes

asset_update_operation

The existing asset_update_operation will be modified in such that it no longer allows the user of new_issuer after a hard fork.

asset_update_issuer_operation

A new operation is added with the following construction


   struct asset_update_issuer_operation : public base_operation
   {
      struct fee_parameters_type {uint64_t fee = 20 * GRAPHENE_BLOCKCHAIN_PRECISION; };

      asset           fee;
      account_id_type issuer;
      asset_id_type   asset_to_update;
      account_id_type new_issuer;
      extensions_type extensions;

      account_id_type fee_payer()const { return issuer; }
      void            validate()const;

      void get_required_owner_authorities( flat_set<account_id_type>& a )const
      { a.insert( issuer ); }

      void get_required_active_authorities( flat_set<account_id_type>& a )const
      {  }

   };

This new operation merely allows to change the issuer of an asset and requires the owner authority (of the issuer account) to sign the transaction.

Summary for Shareholders

We here propose the addition of a new operation that improves security of assets with respect to updating the issuer. This closes a long existing problem that makes running automated issuing of units a security issue since an attacker that obtains the keys can obtain full control of an asset indefinitely. This proposal changes this behavior and requires the owner to sign such change of issuer.

Copyright

This document is placed in the public domain.

Sponsoring

This worker proposal is proudly presented and sponsored by Blockchain Projects BV.