-
Notifications
You must be signed in to change notification settings - Fork 11.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add back WhitelistedCrowdsale #1525
Add back WhitelistedCrowdsale #1525
Conversation
Hey @nventuro, this looks great! The whitelist looks good and the crowdsale is a nice example of using it.
From what I've seen, the important thing with security tokens is that at any point in time, accounts holding these tokens can be identified. So I think most use-cases will need to do something like this at the token level as you suggest (performing this check in |
Thanks for reviewing @mjdietzx! One more tiny question, so as to not derail the discussion here: is it token holder identification that's needed, or restriction when transferring? Detection should be doable via events, with no modifications to the contract code. |
At least in our case (regulated in Switzerland / Lichtenstein), we need to be able to identify any token holders. This means given a wallet address, we can tie this to a person's identity. So because we restrict transfers, we can guarantee that only 'known' addresses hold tokens, and therefore we guarantee we can identify them. If transfers aren't restricted, a known address could purchase tokens during the crowdsale (all good so far), and later transfer them to an 'unknown' address (by any means, i.e. an exchange, p2p). And that would be a problem for us. |
Co-Authored-By: nventuro <[email protected]>
Co-Authored-By: nventuro <[email protected]>
I think there should be some documentation as a markdown file on the functionality of this crowdsale. |
@levino what sort of documentation would you like to see there? |
Hm. |
@mjdietzx Did you manage to implement the following rule: When tokens are to be transferred, the sender and the recipient must have the role |
I added my own modifier to the contract code:
|
I also have another remark about the current design: So the whitelisting will be automated, I suppose. Lets say we have some server side code that verifies some user input data and then adds an address as whitelisted. Now some attacker gets access to this server and uses the whitelister private key to add himself to the whitelist. Then they could remove all other whitelisters and as such take over the smart contract, right? It would be nice to have an additional |
Okay, I see now that noone can remove whitelisters. But still the attacker could do a lot of trouble. |
This creates a new
WhitelistedCrowdsale
, similar to the pre-2.0 one, but now usingRoles
.The creator of the crowdsale is assigned the
Whitelister
role. This role can be added to other accounts, and cannot be removed (by default).Whitelister
s can also give theWhitelistee
role to any acccount.Whitelistee
s can renounce their role, but cannot give it to other accounts, nor can they remove it from any account.The crowdsale only processes token purchases where the recipient of the tokens has the
Whitelistee
role. Note that this doesn't prevent the token to then be transferred to non-Whitelistee
accounts: such a restriction would have to be imposed at the token level.As an experiment, I enhanced the
PublicRole.behavior
to support the concept of 'managed roles': how each role is tested differs slightly depending on whether the role is managed (Whitelistee
) or not (all other roles). This may be extended down the line, as more differences between roles arise, but it suffices for now - I didn't want to go overboard with a full-fledged role configuration object.Closes #1292