-
Notifications
You must be signed in to change notification settings - Fork 379
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[question] How to handle contract grc20 treasury ? #634
Comments
Can you show some code links so I know what to look at? We will be implementing a "GetRealmCaller" which gets the last realm that ultimately called the current function. This function should generally be used, (instead of "GetOrigCaller" which is only the tx signer). Banker could be used, but we would have to figure out coin issuance management at the SDK banker level. So I guess, not at first. First we can implement a pure Gno one to get the interfaces right.
Only for testing, we can't support that in production without opening a can of worms we prob don't want.
What's the difference? |
Hey, i'm currently working on a Merkle Airdrop realm, and i'm facing an implementation decision, and i'd love to have your inputs
context: i developed:
p/demo/airdrop
package to create easily merkle airdropsr/demo/foo20airdrop
airdrop realm forr/demo/foo20
In my first implementation, the
struct MerkleAirdrop
contained atoken *grc.AdminToken
, but i believe it's a security issue, and i have updated to agrc20.IGRC
So when i call
p/demo/airdrop.MerkleAirdrop.Claim()
i need to call the GRC20Transfer
orTransferFrom
function, but the issue is that the spender isstd.GetOrigCaller()
, which lead to an allowance error.i would need the spender to be the contract address (
std.GetOrigPkgAddr()
)I see multiple solutions to that (not always good)
foo20.Approve
to all airdroped users, IMHO: non-sensefoo20.GetAdmin
with a whitelist of address to access the*AdminToken
IMHO: not good for security reasonsstd.GetOrigCaller()
to a new system likestd.GetCallers()
and have an array of callers (when a contract call a contract that call a contract ...) to be able to check all allowance, or juststd.GetLastCaller
?std.TestSetOrigCaller(std.GetOrigPkgAddr())
Or do you have another idea ? Am i missing something ?
The text was updated successfully, but these errors were encountered: