Secure access to "`rho:deploy:params`" by on-chain deployer ID

Description

the deployParams(`rho:deployarams`) system process should only respond when given a deployerAuth token for the current deploy as parameter. Otherwise it's possible to:

1. create acl-based auth schemes that know the caller's identity without their consent
2. abuse any of those schemes in precisely the way the 'drain vault attack' does

Status

Assignee

Unassigned

Reporter

Artur Gajowy

Priority

High

Components

Story Points

None

Epic Link

None

Fix versions

None

Labels

Sprint

Configure