Open
Description
openedon Apr 29, 2024
https://discord.com/channels/613813861610684416/1234593264196128768/1234616114307272756:
from
auth(Capability) &Account
it is not obvious to see it can add keys for example (by issuing account capability)
basically, granting Capabilities grants everything due to the ability to issue an account capability controller
The same applies to AccountCapabilities
– it might not be obvious that it effectively grants all account entitlements.
Document potentially dangerous entitlements:
Contracts
,AddContract
: Allows adding a contract, which has access to the whole accountCapabilities
,AccountCapabilities
,IssueAccountCapabilityController
: Allows issuing an account capability controller, with potentially access to the whole account
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment