Skip to content
This repository has been archived by the owner on Aug 21, 2023. It is now read-only.

isApprovedForPool problems and Proposal to replace it. #41

Open
Yhtiyar opened this issue Mar 15, 2022 · 0 comments
Open

isApprovedForPool problems and Proposal to replace it. #41

Yhtiyar opened this issue Mar 15, 2022 · 0 comments
Labels
enhancement New feature or request terminus Terminus decentralized authorization

Comments

@Yhtiyar
Copy link
Contributor

Yhtiyar commented Mar 15, 2022

Problem

In the Terminus contract we have isApprovedForPool(uint256 poolID, address operator) function, which grants operator burning and minting permission (only pool owner can grant this permissions). There are problems with it:

  1. Approval cannot be taken away. (Huge security problem)
  2. When the pool control transfer is done, old approvals will not be reset (which might be ok), but you will not be able to easily remove approvals for all of the operators

Possible solutions

  1. Add the ability for terminus owner to grant roles (minting, burning, control, etc) by giving terminus pools
  2. Since, solution No 1 can make mess inside the terminus contract, make TerminusManager contract that will handle all the access control. (TerminusManager will be the controller of the pool)
@Yhtiyar Yhtiyar added terminus Terminus decentralized authorization enhancement New feature or request labels Mar 15, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement New feature or request terminus Terminus decentralized authorization
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Yhtiyar