Add a whitelister role admin that can reset the whitelist #1585
Comments
…remove all other whitelisters.
…remove all other whitelisters.
…remove all other whitelisters.
…remove all other whitelisters.
…remove all other whitelisters.
|
Hmm, you do have sort of a valid point in that the whitelist admins will usually not sign messages manually, though I wonder how that server would look like. In any case, any automated service that signs messages for an account should be extremely well guarded - not only could the whitelist be tampered with, but funds could be stolen, tokens exchanged, etc. All in all, I think this requirement is too specific to be part of OpenZeppelin, specially considering we provide the tools for users to implement these custom features on their own. You could either use |
|
Hey @levino, we're closing this for now due to the requirement being deemed to specific: we consider such a feature should be part of a user's business logic. Feel free to continue the discussion though if you feel we're in the wrong about this! |
🧐 Motivation
This is about the whitelister role
Following up on a comment I made:
So the whitelisting usually will be automated, I suppose. Lets say we have some server side code that verifies some user input data and then adds an address as whitelisted. Now some attacker gets access to this server and uses the whitelister private key to add himself to the whitelisters. Then they could forever temper with the whitelist. Currently there is not way to remove someone from the whitlisters list again.
📝 Details
It would be nice to have an additional Owner who can reset the whitelister list.
The text was updated successfully, but these errors were encountered: