[question] How to handle contract grc20 treasury ? #634
Comments
|
Can you show some code links so I know what to look at? We will be implementing a "GetRealmCaller" which gets the last realm that ultimately called the current function. This function should generally be used, (instead of "GetOrigCaller" which is only the tx signer). Banker could be used, but we would have to figure out coin issuance management at the SDK banker level. So I guess, not at first. First we can implement a pure Gno one to get the interfaces right.
Only for testing, we can't support that in production without opening a can of worms we prob don't want.
What's the difference? |
Hey, i'm currently working on a Merkle Airdrop realm, and i'm facing an implementation decision, and i'd love to have your inputs
context: i developed:
p/demo/airdroppackage to create easily merkle airdropsr/demo/foo20airdropairdrop realm forr/demo/foo20In my first implementation, the
struct MerkleAirdropcontained atoken *grc.AdminToken, but i believe it's a security issue, and i have updated to agrc20.IGRCSo when i call
p/demo/airdrop.MerkleAirdrop.Claim()i need to call the GRC20TransferorTransferFromfunction, but the issue is that the spender isstd.GetOrigCaller(), which lead to an allowance error.i would need the spender to be the contract address (
std.GetOrigPkgAddr())I see multiple solutions to that (not always good)
foo20.Approveto all airdroped users, IMHO: non-sensefoo20.GetAdminwith a whitelist of address to access the*AdminTokenIMHO: not good for security reasonsstd.GetOrigCaller()to a new system likestd.GetCallers()and have an array of callers (when a contract call a contract that call a contract ...) to be able to check all allowance, or juststd.GetLastCaller?std.TestSetOrigCaller(std.GetOrigPkgAddr())Or do you have another idea ? Am i missing something ?
The text was updated successfully, but these errors were encountered: