Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Ownable] Add a three-step approach in ownership transfer (Transfer, Accept and ApproveTransfer) #1070

Open
3 tasks done
sprtd opened this issue Jul 29, 2024 · 0 comments
Open
3 tasks done

[Ownable] Add a three-step approach in ownership transfer (Transfer, Accept and ApproveTransfer) #1070

sprtd opened this issue Jul 29, 2024 · 0 comments

Comments

@sprtd
Copy link

sprtd commented Jul 29, 2024

🧐 Motivation

The current two-step ownership transfer approach does not completely solve the issues surrounding secure transfer of ownership given that the new owner first has to simply call accept_ownership to finalize the transfer.

📝 Details

There is need to add an extra step to further secure the ownership transfer process such that in the event the first owner mistakenly transfers ownership to a malicious actor, ownership is not at risk even when such a bad actor immediately calls accept_ownership. The final transfer of ownership should be majorly determined by the first owner who must call an approve_ownership_transfer function to securely authorize the ownership transfer to the intended entity.

I'm proposing a three-step process:

  • 1. Transfer Ownership: transfer_ownership initiates the three-step ownership transfer process by setting the pending owner.
 /// Starts the three-step ownership transfer process by setting the pending owner.
 /// Can only be called by the intended first owner.
 fn transfer_ownership(
       ref self: ComponentState<TContractState>, new_owner: ContractAddress
  ) {
        self.assert_only_owner();
        self._propose_owner(new_owner);
  }
  • 2. Accept Ownership: this is 2nd step which involves the ownership acceptance by the pending owner. to prevent name collision with the current accept_ownership of the 2-step approach, we may change the name as consensus can be reached by the community on this.
  /// this is 2nd step which involves the ownership acceptance by the pending owner.
   /// Can only be called by the intended pending owner.
fn consent_to_ownership(ref self: ComponentState<TContractState>) {
      let caller = get_caller_address();
      let pending_owner = self.Ownable_pending_owner.read();
      assert(caller == pending_owner, Errors::NOT_PENDING_OWNER);
      self._consent_to_ownership();
 }
  • 3. ApproveOwnershipTransfer: approve_ownership_transfer finishes the ownership transfer process and this can only be called by the first owner to validate the transfer
  /// completes the three-step ownership transfer process by authorizing the ownership transfer to the intended pending owner.
  /// Can only be called by the first owner.
  fn approve_ownership_transfer(
       ref self: ComponentState<TContractState>, new_owner: ContractAddress
   ) {
        self.assert_only_owner();
        // assert that the pending owner has consented
        assert(self._is_pending_ownership_consented(new_owner) == true, Errors::NOT_CONSENTED);
        self._approve_ownership_transfer();
  }
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sprtd