Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSW-302: Redundant stake address check #26

Merged
merged 2 commits into from
Jan 16, 2024
Merged

SSW-302: Redundant stake address check #26

merged 2 commits into from
Jan 16, 2024

Conversation

Quantumplation
Copy link
Member

@Quantumplation Quantumplation commented Jan 10, 2024
edited
Loading

TxPipe pointed out that we had a redundant check for the stake address, but this revealed a more subtle issue.

Previously, we were checking that the address didn't change between the pool output and the pool input. Then, we also checked that the staking key didn't change.

However, this would have locked a pool with the same staking key forever. The intention is to allow the treasury administrator to change the staking address if needed.

This resolves it by moving the full address check into the Scoop redeemer path. In the Withdraw path, we require that the payment key stay fixed, but allow the staking key to be set to any allowed_staking_key from the settings datum.

Note that this required us to change the authorized_staking_keys to a list of Credentials, so we could easily compare, though this is expected to have low impact.

See: SSW-302

@Quantumplation
Resolve SSW-302
ca212dc 
TxPipe pointed out that we had a redundant check for the stake address,
but this revealed a more subtle issue.

Previously, we were checking that the address didn't change between the
pool output and the pool input. Then, we also checked that the staking
key didn't change.

However, this would have locked a pool with the same staking key
forever. The intention is to allow the treasury administrator to change
the staking address if needed.

This resolves it by moving the full address check into the Scoop
redeemer path. In the Withdraw path, we require that the payment key
stay fixed, but allow the staking key to be set to any
allowed_staking_key from the settings datum.

Note that this required us to change the `authorized_staking_keys` to a
list of Credentials, so we could easily compare, though this is expected
to have low impact.
@rrruko
Copy link
Contributor

rrruko commented Jan 11, 2024

lgtm

@Quantumplation Quantumplation changed the title Resolve SSW-302 SSW-302: Redundant stake address check Jan 13, 2024
@francolq
Copy link
Collaborator

LGTM. We didn't review the WithdrawFees redeemer yet but it looks good for the moment.

@Quantumplation Quantumplation merged commit 3a4e39b into main Jan 16, 2024
1 check passed
@Quantumplation Quantumplation deleted the pi/SSW-302 branch January 16, 2024 23:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Quantumplation @rrruko @francolq