[EOSIO/eos] Permissions abuse by contract update (#4531)

Hey guys, I have been thinking about permissions for token manipulations for external contract given by user (calling updateauth, for example).

But, due to ease of contract change, the contract code could be replaced with fraudulent functionality, so the given permission could be used to transfer money to the thief.

Is there a way to prevent or track this?

Seems like a bug or misbehaviour for me.

This post was last modified on July 8, 2018, 12:11 am