You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The current two-step ownership transfer approach does not completely solve the issues surrounding secure transfer of ownership given that the new owner first has to simply call accept_ownership to finalize the transfer.
📝 Details
There is need to add an extra step to further secure the ownership transfer process such that in the event the first owner mistakenly transfers ownership to a malicious actor, ownership is not at risk even when such a bad actor immediately calls accept_ownership. The final transfer of ownership should be majorly determined by the first owner who must call an approve_ownership_transfer function to securely authorize the ownership transfer to the intended entity.
I'm proposing a three-step process:
1. Transfer Ownership: transfer_ownership initiates the three-step ownership transfer process by setting the pending owner.
/// Starts the three-step ownership transfer process by setting the pending owner./// Can only be called by the intended first owner.fntransfer_ownership(refself:ComponentState<TContractState>,new_owner:ContractAddress){self.assert_only_owner();self._propose_owner(new_owner);}
2. Accept Ownership: this is 2nd step which involves the ownership acceptance by the pending owner. to prevent name collision with the current accept_ownership of the 2-step approach, we may change the name as consensus can be reached by the community on this.
/// this is 2nd step which involves the ownership acceptance by the pending owner./// Can only be called by the intended pending owner.fnconsent_to_ownership(refself:ComponentState<TContractState>){let caller = get_caller_address();let pending_owner = self.Ownable_pending_owner.read();assert(caller == pending_owner,Errors::NOT_PENDING_OWNER);self._consent_to_ownership();}
3. ApproveOwnershipTransfer: approve_ownership_transfer finishes the ownership transfer process and this can only be called by the first owner to validate the transfer
/// completes the three-step ownership transfer process by authorizing the ownership transfer to the intended pending owner./// Can only be called by the first owner.fnapprove_ownership_transfer(refself:ComponentState<TContractState>,new_owner:ContractAddress){self.assert_only_owner();// assert that the pending owner has consentedassert(self._is_pending_ownership_consented(new_owner) == true,Errors::NOT_CONSENTED);self._approve_ownership_transfer();}
The text was updated successfully, but these errors were encountered:
🧐 Motivation
The current two-step ownership transfer approach does not completely solve the issues surrounding secure transfer of ownership given that the new owner first has to simply call
accept_ownership
to finalize the transfer.📝 Details
There is need to add an extra step to further secure the ownership transfer process such that in the event the first owner mistakenly transfers ownership to a malicious actor, ownership is not at risk even when such a bad actor immediately calls
accept_ownership
. The final transfer of ownership should be majorly determined by the first owner who must call anapprove_ownership_transfer
function to securely authorize the ownership transfer to the intended entity.I'm proposing a three-step process:
transfer_ownership
initiates the three-step ownership transfer process by setting the pending owner.accept_ownership
of the 2-step approach, we may change the name as consensus can be reached by the community on this.approve_ownership_transfer
finishes the ownership transfer process and this can only be called by the first owner to validate the transferThe text was updated successfully, but these errors were encountered: