Summary

Authz has been a tremendous benefit to the Interchain ecosystem. Many chains have used it to overcome the shortcomings of other parts of the Cosmos SDK, but there are shortcomings of authz as well. Authz gives complete permission over a users account, in a sudo like fashion. we have seen this cause issues with users being scammed and/or having their accounts stolen.

Users are wanting to do more with Authz, we have seen some users begin forking the authz module to make authorisations stateful. Authz was not designed in a way to be extended to avoid forking.

Problem Definition

No response

Proposed Feature

This issue is presented as an alternative to authz, not an outright replacement.

The accounts module provides users a way to define custom account types with custom checks.

In this issue I propose two account types.

One account type that has the right to do actions on behalf of another account but it can not move funds from the owner account nor can it direct funds to other accounts in different actions. In short this account type can do all actions except the movement or directing of funds to other accounts.

(By directing funds, I mean that it can not withdraw rewards to another account without permission from the main account.)

The second account type would be similar to the first except it would allow the movement of funds.

The idea here is to separate concerns and limit the potential damage of sudo control of another users accounts.