feat(patterns): add token-gated access pattern#506
Open
DevZenPro wants to merge 1 commit intoMystenLabs:mainfrom
Open
feat(patterns): add token-gated access pattern#506DevZenPro wants to merge 1 commit intoMystenLabs:mainfrom
DevZenPro wants to merge 1 commit intoMystenLabs:mainfrom
Conversation
Add a new access pattern that gates encrypted content on ownership of a specific on-chain object type (NFT, DAO token, game asset). Access travels with the asset: transfer the token, transfer decryption access. Key design decisions: - Generic seal_approve<T: key> validates ownership via Move VM - type_name::with_original_ids<T>() survives package upgrades - TokenGate frozen after creation (immutable, no consensus overhead) - Prefix-bound key IDs (same structure as whitelist.move) Security: assumes token type T is owned, never shared/frozen. Includes 6 tests: valid approval, multiple nonces, type confusion rejection, wrong prefix rejection, empty ID, create/destroy. Closes MystenLabs#466
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Implements the token-gated access pattern proposed in #466. This gates encrypted content on ownership of a specific on-chain object type (NFT, DAO token, game asset). Access travels with the asset automatically — transfer the token, transfer decryption access — with no admin update required.
Design
seal_approve<T: key>— generic entry function; the Move VM enforces that only the owner of an owned object can pass&Tas a transaction argumenttype_name::with_original_ids<T>()— stores the required type using original IDs so the gate survives package upgrades (same approach askey_request.move)TokenGateas a frozen object — immutable after creation, zero consensus overhead on reads, prevents accidental mutation via future upgrades[pkg id][gate id][nonce], same structure aswhitelist.moveCapreturned to creator for future extensibilitySecurity Model
This pattern assumes token type
Tis owned, never shared or frozen. IfTcan be shared/frozen, anyone could pass&Tand bypass the gate. This is an intentional tradeoff — it enables the "access travels with the asset" property that no other pattern provides. For high-value content with token types you don't control, a collection-specific integration with concrete types would be more appropriate.Comparison with Existing Patterns
whitelist.moveaccount_based.movesubscription.movetoken_gated.move(this PR)Tests
6 tests added, all passing:
ETypeMismatch)ENoAccess)Full test suite (13 patterns + 42 seal) passes with no regressions.
Usage
Closes #466
Credit to @Danny-Devs for the detailed proposal, testnet deployment, and ValidPtb compatibility verification in #466.