[SIP-1] FileStorage Reserve Improvement - Fix Security Vulnerability in Owner Key

Question

[SIP-1] FileStorage Reserve Improvement - Fix Security Vulnerability in Owner Key

TheGreatAxios opened this issue 3 years ago · 1 comments

SKALE Improvement Proposal 1 | Fix Usage of Ownership Key to Reserve Storage

The Problem

SKALE Chain Owner must be involved in signing a transaction to reserve space
This is a MAJOR vulnerability when deployed and cannot be used in production code
This is a vulnerability because the SKALE chain owner private key must be embedded into the client

A Solution

Allow SKALE Chain Config to let contracts call the reserve space function internally. So essentially whitelist contracts (and addresses) if that is your preference.

The actual solution would involve a whitelist mapping with potentially different access levels, amounts that can be reserved, and other config SKALE sees internally.

Example

A Storage Contract Inherits Storage Contract.
A Storage Contract is Whitelisted.
The Storage contract can now determine when storage can actually be reserved.

Example

User can receive 100 KB for free, and pay per each additional 100 KB. The storage contract can handle unlocking and go from there.
The same could be done for an NFT contract.

┆Issue is synchronized with this Jira Task

Answer 1 · 2022-04-06T03:32:41.000Z

Resolved by #73 and v2 release