This PR adds another subjective blacklist feature to the whitelist/blacklist toolbox already provided to block producers.
This feature (`key-blacklist`) allows producers to add public keys to their config.ini which are disallowed from being used in the authorities of account permissions. Any transaction that tries to add/modify a permission authority (for example through `eosio::newaccount` or `eosio::updateauth`) which contains a blacklisted public key is subjectively rejected by the producer. As usual, a node is forced to accept such transactions even if they contain keys on the node’s local blacklist if the transaction is part of a completed block signed by a producer.
The `key-blacklist` feature is intended to be used by the top 21 producers as a way to protect users from mistakenly using public keys that have publicly-known private keys (for example, public/private key pairs provided in tutorials) as part of the permission authority for their account.
You can view, comment on, or merge this pull request online at:
— Commit Summary —
* add key-blacklist
— File Changes —
M libraries/chain/controller.cpp (17)
M libraries/chain/eosio_contract.cpp (8)
M libraries/chain/include/eosio/chain/controller.hpp (2)
M libraries/chain/include/eosio/chain/exceptions.hpp (2)
M plugins/chain_plugin/chain_plugin.cpp (14)
— Patch Links —