Whitelist externally callable contracts #1414
Comments
|
Closing to move this into the contract wishlist in aragon/aragon-apps#1101. Let's keep discussions here or in the spectrum link though. |
|
I would like to support the notion of whitelisted externally callable contracts (and specific methods). In particular, we are looking to configure an Aragon Agent in such a way that in general the agent acts after a vote has passed, but certain predefined methods on predefined contracts can be executed by certain predefined address without a vote. Our use case would be a Melon Fund that is managed by an Aragon DAO, where the trading function would be whitelisted such that a specific member of the DAO (or an external address, e.g. a trading bot) is able to trade on behalf of the fund (but do nothing else). |
|
Theoretically the above is possible via an ACL Oracle, but indeed, we do not have a good mechanism for exposing this functionality at either a contract or frontend level yet. |
Problem
Both Agent and Voting (if we want to be correct, actually all forwarders) expose the ability to execute user-defined contract interactions (through EVMScripts or baked-in functionality).
This can be a bit scary, as it leaves a big window for malicious contract interactions to happen if users or organization operators do not carefully vet votes or other interactions before they're executed.
Feature request
It would be nice if these apps, or an organization in general, could define a whitelist of externally callable contracts, to limit their scope of interaction.
More context
See discussion on Spectrum.
The text was updated successfully, but these errors were encountered: