-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The security check of "black list address" is best performed at the base module rather than the application module #8463
Comments
We do not need to. The blacklist is used to prevent funds from being explicitly sent to via However, as you've pointed out, there are a few exceptions where a user can set an address to receive funds such as |
Yes, your findings are great. I think that security checks should be based on more basic modules to prevent such things from happening, because it is difficult for new module development to avoid the omission of such checks from happening again. |
If we want to transfer funds to "module accounts", we only need to call "SendCoinsFromAccountToModule" or "SendCoinsFromModuleToModule" instead of "SendCoinsFromModuleToAccount". The design of the function has stipulated its scope of use. |
Module developers just need to keep in mind and ask themselves, "Can a user explicitly and externally set an address to receive funds in this case?". If the answer is yes, then need to guard against the blacklist. |
If these are easy to remember in our mind, there will be no omissions in the check that occurred in "SetWithdrawAddr". I think complex and generic inspections should be handed over to the basic module, and the considerations of the application module should be as simple as possible. |
Summary
Problem Definition
Proposal
For Admin Use
The text was updated successfully, but these errors were encountered: