BSIP: 0029
Title: Asset issue change to require owner authority
Authors: Fabian Schuh <[email protected]>
Status: Accepted
Type: Protocol
Created: 2018-01-28
Discussion: https://github.com/bitshares/bitshares-core/issues/199
Worker: 1.14.81
With the current design, the issuer of an asset can be changed with the active authority alone. However, this authority is also required for issuing new units of an asset/token. If this process wants to be automated, an active key needs to be stored on an internet-connected device. If compromised, an attacker can easily move the asset under his control with no way to back.
This proposal comes with two changes to the protocol:
- The current behavior of changing an assets' parameters will no longer allow to change the issuer.
- A new operation is introduced that allows to change the issuer of an asset but requires the owner authority of the issuer to sign that transaction.
Improve asset security.
Assets should not be at risk while automating issuing of new units.
Currently, any asset can be updated with asset_update_operation
. This
operation contains an optional new_issuer
that changes the issuer of
the asset.
The existing asset_update_operation
will be modified in such that it
no longer allows the user of new_issuer
after a hard fork.
A new operation is added with the following construction
struct asset_update_issuer_operation : public base_operation
{
struct fee_parameters_type {uint64_t fee = 20 * GRAPHENE_BLOCKCHAIN_PRECISION; };
asset fee;
account_id_type issuer;
asset_id_type asset_to_update;
account_id_type new_issuer;
extensions_type extensions;
account_id_type fee_payer()const { return issuer; }
void validate()const;
void get_required_owner_authorities( flat_set<account_id_type>& a )const
{ a.insert( issuer ); }
void get_required_active_authorities( flat_set<account_id_type>& a )const
{ }
};
This new operation merely allows to change the issuer of an asset and requires the owner authority (of the issuer account) to sign the transaction.
We here propose the addition of a new operation that improves security of assets with respect to updating the issuer. This closes a long existing problem that makes running automated issuing of units a security issue since an attacker that obtains the keys can obtain full control of an asset indefinitely. This proposal changes this behavior and requires the owner to sign such change of issuer.
This document is placed in the public domain.
This worker proposal is proudly presented and sponsored by Blockchain Projects BV.