From 4c4d7869ee353c35b2b2478fe6c4ab46e840040e Mon Sep 17 00:00:00 2001 From: Abit Date: Thu, 3 Oct 2019 20:33:36 +0200 Subject: [PATCH] Update BSIP39, update security-related info --- bsip-0039.md | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/bsip-0039.md b/bsip-0039.md index c5a8b07..53bb98a 100644 --- a/bsip-0039.md +++ b/bsip-0039.md @@ -34,6 +34,16 @@ itself, and two approvals. The inconvenience and additional fee hinders adoption of this scheme and makes it unnecessary complicated. +Due to lacking of an auto-approval feature, an ignorant user might fire a +`proposal_create` operation to create a proposal and then immediately fire +a `proposal_update` (i.e. approve) operation to approve the proposal. +However, the final proposal ID is not known before the `proposal_create` +operation is beyond the last irreversible block. So the user might +inadvertently approve the wrong proposal. +On Monday, 20th December 2018, [a node crash incident +](https://www.bitshares.foundation/announcements/2018-12-21-proposal-incident) +was indirectly caused by this. + # Rational Giving the proposer an option to automatically approve the proposal @@ -43,9 +53,8 @@ If the proposer is not part of the multisig-setup, having him approve the proposal automatically does not affect the validity of the proposal itself. -It's not a security related change, changing the default behavior is not -the best option. It's good to maintain backward compatibility, avoid -breaking existing applications. +For backward compatibility, to avoid breaking existing applications, +It's good to keep the default behavior. # Specifications @@ -76,3 +85,4 @@ This document is placed in the public domain. * https://github.com/bitshares/bitshares-core/issues/138 * https://github.com/bitshares/bsips/issues/71 +* https://www.bitshares.foundation/announcements/2018-12-21-proposal-incident