Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Custom StoreCode Authorization for authz module #1584

Closed
jhernandezb opened this issue Aug 29, 2023 · 2 comments · Fixed by #1591
Closed

Custom StoreCode Authorization for authz module #1584

jhernandezb opened this issue Aug 29, 2023 · 2 comments · Fixed by #1591
Assignees
Milestone

Comments

@jhernandezb
Copy link
Contributor

Currently signing store code transactions with multisigs can only be done if you use non-ledger keys due to the memory limit on such devices it makes impossible for signers and for this reason I think it would be very useful to have a contract upload authorization for authz.

  • Authorize grantee to upload any contract (although this can already be achieved by the generic grant authorization)
  • Authorize grantee to upload any contract from a list of given hashes so the granter can verify and be confident the grantee only uploads pre-approved contracts,

This can even be useful for DAOs or CW4 multisigs giving access to an uploader by creating a custom authorization.

@jhernandezb jhernandezb changed the title Custom ContractUpload Authorization for authz module Custom StoreCode Authorization for authz module Aug 29, 2023
@alpe
Copy link
Contributor

alpe commented Aug 31, 2023

This is a good idea!
Would it make sense to have the same for migration?

On store code, an instantiateAccess configuration can be set. Is this something that you want to ensure by the grant as well? I does not seem required but I want to bring this up.

@jhernandezb
Copy link
Contributor Author

jhernandezb commented Aug 31, 2023

I don't see migration being necessary but would be a nice to have.

On instantiate access now that you bring it up might makes a lot of sense to limit it to a specific config per code hash

hash1 -> AnyOfAddresses(address1)
hash2 -> EveryBody

This would make it a lot easier for permissioned chains like stargaze and osmosis where it has a set of uploaders only but dealing with store codes and multisigs is a bit of a pain.

@pinosu pinosu self-assigned this Aug 31, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants