2.9 KiB
BSIP: 0029
Title: Asset issue change to require owner authority
Authors: Fabian Schuh <Fabian.Schuh@blockchainprojectsbv.com>
Status: Accepted
Type: Protocol
Created: 2018-01-28
Discussion: https://github.com/bitshares/bitshares-core/issues/199
Worker: 1.14.81
Abstract
With the current design, the issuer of an asset can be changed with the active authority alone. However, this authority is also required for issuing new units of an asset/token. If this process wants to be automated, an active key needs to be stored on an internet-connected device. If compromised, an attacker can easily move the asset under his control with no way to back.
This proposal comes with two changes to the protocol:
- The current behavior of changing an assets' parameters will no longer allow to change the issuer.
- A new operation is introduced that allows to change the issuer of an asset but requires the owner authority of the issuer to sign that transaction.
Motivation
Improve asset security.
Rational
Assets should not be at risk while automating issuing of new units.
Specifications
Current Design and Implementation
Currently, any asset can be updated with asset_update_operation
. This
operation contains an optional new_issuer
that changes the issuer of
the asset.
Proposed Changes
asset_update_operation
The existing asset_update_operation
will be modified in such that it
no longer allows the user of new_issuer
after a hard fork.
asset_update_issuer_operation
A new operation is added with the following construction
struct asset_update_issuer_operation : public base_operation
{
struct fee_parameters_type {uint64_t fee = 20 * GRAPHENE_BLOCKCHAIN_PRECISION; };
asset fee;
account_id_type issuer;
asset_id_type asset_to_update;
account_id_type new_issuer;
extensions_type extensions;
account_id_type fee_payer()const { return issuer; }
void validate()const;
void get_required_owner_authorities( flat_set<account_id_type>& a )const
{ a.insert( issuer ); }
void get_required_active_authorities( flat_set<account_id_type>& a )const
{ }
};
This new operation merely allows to change the issuer of an asset and requires the owner authority (of the issuer account) to sign the transaction.
Summary for Shareholders
We here propose the addition of a new operation that improves security of assets with respect to updating the issuer. This closes a long existing problem that makes running automated issuing of units a security issue since an attacker that obtains the keys can obtain full control of an asset indefinitely. This proposal changes this behavior and requires the owner to sign such change of issuer.
Copyright
This document is placed in the public domain.
Sponsoring
This worker proposal is proudly presented and sponsored by Blockchain Projects BV.