Update BSIP39, update security-related info

froooze · Oct 3, 2019 · 4c4d786 · 4c4d786
1 parent 54d5851
commit 4c4d786
Showing 1 changed file with 13 additions and 3 deletions.
diff --git a/bsip-0039.md b/bsip-0039.md
@@ -34,6 +34,16 @@ itself, and two approvals.
 The inconvenience and additional fee hinders adoption of this scheme and
 makes it unnecessary complicated.
 
+Due to lacking of an auto-approval feature, an ignorant user might fire a
+`proposal_create` operation to create a proposal and then immediately fire
+a `proposal_update` (i.e. approve) operation to approve the proposal.
+However, the final proposal ID is not known before the `proposal_create`
+operation is beyond the last irreversible block. So the user might
+inadvertently approve the wrong proposal.
+On Monday, 20th December 2018, [a node crash incident
+](https://www.bitshares.foundation/announcements/2018-12-21-proposal-incident)
+was indirectly caused by this.
+
 # Rational
 
 Giving the proposer an option to automatically approve the proposal
@@ -43,9 +53,8 @@ If the proposer is not part of the multisig-setup, having him approve
 the proposal automatically does not affect the validity of the proposal
 itself.
 
-It's not a security related change, changing the default behavior is not
-the best option. It's good to maintain backward compatibility, avoid
-breaking existing applications.
+For backward compatibility, to avoid breaking existing applications,
+It's good to keep the default behavior.
 
 # Specifications
 
@@ -76,3 +85,4 @@ This document is placed in the public domain.
 
 * https://github.com/bitshares/bitshares-core/issues/138
 * https://github.com/bitshares/bsips/issues/71
+* https://www.bitshares.foundation/announcements/2018-12-21-proposal-incident