Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lock Authority cannot Unlock Tokens they do not own #446

Closed
sentientforest opened this issue Nov 20, 2024 · 0 comments · Fixed by #469
Closed

Lock Authority cannot Unlock Tokens they do not own #446

sentientforest opened this issue Nov 20, 2024 · 0 comments · Fixed by #469

Comments

@sentientforest
Copy link
Contributor

When defined, a lockAuthority on a TokenHold is expected to be able to unlock the token(s) regardless of ownership:

https://github.com/GalaChain/sdk/blob/main/chain-api/src/types/TokenBalance.ts#L583-L591

However, the unlockFungibleTokens method does not support this logic:

https://github.com/GalaChain/sdk/blob/main/chaincode/src/locks/unlockToken.ts#L91-L105
https://github.com/GalaChain/sdk/blob/main/chain-api/src/types/TokenBalance.ts#L583-L591

Based on a read of the logic above, the only scenarios that will result in a successful unlock are:

  1. calling user is the owner AND the owner is set as the lockAuthority on the TokenHold
  2. calling user is a Token Authority AND the owner is set as the lockAuthority on the TokenHold

This issue tracks the following fixes:

  1. owner can unlock fungible tokens when lockAuthority is undefined on the TokenHold
  2. lock authorities can unlock fungible tokens they don't own, regardless of whether or not they are a token authority
  3. token authorities can unlock fungible tokens regardless of whether or not a lock authority is defined
sentientforest added a commit to sentientforest/galachain-sdk that referenced this issue Dec 12, 2024
@sentientforest
fix: lock authorities and token authorities can unlock fungibles
37529b2 
Port changes from
GalaChain#455 to v2

Closes GalaChain#446

When defined, a lockAuthority on a TokenHold can unlock the token
regardless of ownership.

A token authority can unlock a TokenHold on another users balance
regardless of lockAuthority status.

Refactoring or reworking order of unlocks by token authorities
is out of scope for this immediate fix, should be pursued in a
separate issue if needed.
@sentientforest sentientforest mentioned this issue Dec 12, 2024
Merged
sentientforest added a commit that referenced this issue Dec 13, 2024
@sentientforest @dzikowski
fix: lock authorities and token authorities can unlock fungibles v2 (#…
92a8092 
…469)

* fix: lock authorities and token authorities can unlock fungibles

Port changes from
#455 to v2

Closes #446

When defined, a lockAuthority on a TokenHold can unlock the token
regardless of ownership.

A token authority can unlock a TokenHold on another users balance
regardless of lockAuthority status.

Refactoring or reworking order of unlocks by token authorities
is out of scope for this immediate fix, should be pursued in a
separate issue if needed.

* Update chain-api/src/types/TokenBalance.ts

Safer type definitions

Co-authored-by: Jakub Dzikowski <[email protected]>

* Update chain-api/src/types/TokenBalance.ts

Safer type definitions

Co-authored-by: Jakub Dzikowski <[email protected]>

* fix: TokenBalance.spec.ts after type changes

---------

Co-authored-by: Jakub Dzikowski <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: lock authorities and token authorities can unlock fungibles v2 sentientforest/galachain-sdk
1 participant
@sentientforest