-
Notifications
You must be signed in to change notification settings - Fork 5.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ERC: Owned Standard #173
Comments
could |
I like it. I added it as the new first option. |
@FlySwatter this is super needed, nice, we do need standards across the board for this. |
Author of the AuctionHouse Asset protocol here. I wanted to point out that it's a little different then what is proposed here. The idea behind the Asset protocol was not that the contract itself was owned or transfered, but that the records tracked within the contract, identified by So for example, a contract:
I think settling on a standard for the above is important so that we can have common implementations of trading, buying, selling, and transferring non-fungible assets. But it may be a little different than what you're suggesting here in terms of contract ownership itself. Yes? |
Yes, I guess so!
|
I suggest using only |
I agree, it would be good to leverage a public variable for this. Any opinion on the setter name? |
Shameless plug: ENS can make this pattern obsolete; a contract can do a lookup in the ENS registry for the owner of a given node, and treat that as the owner of the current contract. |
My suggestion is
I use it for a marketplace structure that I'm working on |
@cholewa1992 The problem I see with that pattern is that you can't easily ask if an arbitrary user is the owner, only if the current user is. That's why a simple getter (as provided by a public variable) is nice, it's very open ended, and lets the contract speak for itself. @Arachnid Sorry for not exploring that sooner; So you're saying ENS could make this pattern obsolete if the current owner is registered on ENS, right? In even that case, the |
The idea is that you would look up a predetermined name, and only allow the owner of that name to interact with the contract. There's no need to register anyone; just to set an ENS record. More generally, it's worth considering extending this model to ACLs in general, not just 'owner'. |
@FlySwatter the multi-user case should be solved by abstraction in the owner, not by complicating the base class. Also want to make a comment regarding your examples that I also strongly favor a minimal variant like the one @cholewa1992 suggested. |
I think this pattern has been largely canonized in the DS-Auth pattern. |
We are using this for DigixCore 2.0 Assets with an additional mint() function which converts the assets into ERC-20 tokens. |
+1 to |
@Arachnid It seems that your suggestion to use ENS would only solve one of the problems.
It seems that ENS could be used to authenticate that a user is owner of a contract or not. But it seems that ENS could not be used in Contract B to get the owner address of Contract A. Correct? So a function such as |
@mudgen If contract A determines its owner by looking up an ENS record, contract B can do the same. |
@Arachnid, if contract B only has the ethereum address of contract A, then how can it get the owner address of contract A? Let's say that Contract A calls a function in Contract B. The function in Contract B wants to get the owner address of Contract A but it only has the ethereum address of Contract A via msg.sender. Could ENS still be used to get the owner address of Contract A? |
I can see some users wanting to use an I think it is important to have an agreed upon way to get the owning address of a contract. Having this will help interoperability between contracts and other software. @danfinlay Are you planning to move this issue through the standards process? If not, is it okay with you if I create a draft EIP about this and move the Owned Standard forward? |
@Arachnid I'm not a fan of using ENS for this due to gas costs. A cross-contract ENS check of ownership on a function modified with |
Recommend checking out https://github.com/OpenZeppelin/openzeppelin-solidity/tree/master/contracts/ownership for a bunch of things related to ownership. One pattern I am a big fan of is |
Something I don't see discussed here is why this needs to be standardized rather than just a best practice? In the original description @danfinlay says:
Can you go into detail on how we could leverage standardization for cross-compatibility? Is there an opportunity for shared tooling that works with Ownable contracts? My gut tells me that the opportunity for shared tooling is pretty limited for ownable contracts, and I would rather see effort spent on something like #719 that would allow us to have shared tooling for good UX of arbitrary contracts than trying to build one-off shared tooling for every common pattern. |
@MicahZoltu I am not an implementer of contract UI tools so I am not going to give examples of that. I am an implementer of contracts so I will give some examples of how an Owned Standard would be very useful for controlling ownership of contracts with contracts.
The Owned Standard popped up on my radar because I need to create a simple contract registry for a system I want to make. But for it to work with more contracts there needs to be a standard way to get the ownership of a contract. |
I don't have a specific use case in mind, so I'm not that interested in defending this proposal anymore, but I will briefly anyways: I understand https://github.com/ProjectWyvern is a protocol for selling owned smart contracts, so they would be a good example of a smart contract that would benefit from common and widespread interfaces between ownable smart contracts. I'm a huge fan of 719, but that's more about client rendering, this proposal would allow inter-operability between smart contracts that are owned, and allow other smart contracts to more easily manage their ownerships. |
I wrote an EIP about this here: https://github.com/mudgen/EIPs/blob/master/EIPS/eip-173.md and submitted a pull request. The first draft is ready for some feedback. |
EIP 173 has been merged and is here: https://github.com/ethereum/EIPs/blob/master/EIPS/eip-173.md Please give feedback. |
@danfinlay Can you edit your first post in this issue to add a link to the proposed standard here: https://github.com/ethereum/EIPs/blob/master/EIPS/eip-173.md |
@MicahZoltu Absolutely agree. Forcing the new owner to claim ownership before the transfer is an essential step. It ensures that the new owner is an account that is at least able to transact with the contract, which means the contract can't be locked down indefinitely due to a typo, or bugs like encoding errors. I recently wrote an article on the "ownable" and "claimable" patterns, if anyone is interested: https://www.ohalo.co/blog/redundancy-is-needed-when-building-safe-smart-contracts |
@MicahZoltu @androlo do you think the standard should support both patterns: claimable and transfer? |
How necessary do you think the Any thoughts on whether or not RBACOwnable should or could conform to this standard? |
@mudgen I don't know. Maybe it is good to do like zeppelin and create two separate interfaces. |
Presently the ownership of a contract seems useful. Metamask and etherscan could show this data. I'm not yet 100% sure the transfer mechanism needs to be standardized. Standardized as in, will Metamask and etherscan ever call that function? Assuming yes for the following notes. The one-step transfer function makes sense. The documentation is broken, can be fixed. The two-step transfer function DOES NOT NEED TO BE STANDARDIZED. So I like the current version. If not clear, I can provide detail here. |
Here are the various standard interfaces I could see coming out of this:
|
Suggest adding |
@danfinlay and I are finally pushing this standard through the process to become final. Two questions for you:
The current version of the standard is here: https://eips.ethereum.org/EIPS/eip-173 Thanks! |
The review period is supposed to have ended almost a year ago. Shouldn't this be marked final ? |
I am not sure what implementations of this standard exists, but I would bet a very large proportion of contracts use OpenZeppelin's implementation. That OpenZeppelin implementation has one crucial difference: The standard prescribes:
In my interpretation OZ is compatible with it, as implementations can impose additional restrictions. However my question goes to @Amxx and @frangio: what is the reasoning behind this? |
@axic It was felt that splitting the At this point we keep this design for backward compatibility. |
The solution is 0xcert's implementation. That allows you to nominate a new owner and then claim ownership from that account. I'm not really sure what the goal here is to standardize because I don't see a big demand for consumers for this interface. |
@fulldecent What you are talking about is a completelly different pattern/workflow. |
I think the benefit of standardising is that contracts are queryable using ERC-165 to see if these are supported. It would be nice for wallets/clients/tools to display what standards contracts support at the time of interaction. |
LexDAO has a contract suite (conditional payments), one of which condition is ownable. The only significant difference is that the transfer function can be called from either the previousOwner or the newOwner
This may be worked around by conforming to final standard and add in ERC1363 to make arbitrary call on recipient after transfer. |
The issue this raises is whether the transfer of ownership can be rejected by the recipient. From a judicial perspective (hey, we're a guild of legal enginners) a "gift" (arbitrary transfer without consideration) needs 3 elements
There may be some (tax) paperwork if gifts exceed a threshold, hence the callback which comes in useful in modifying the acceptance. Also what will the new account abstraction do when the gas is associated with the contract and not EOA? You may potentially end up with dead contracts sitting in Merkle tree which still has a modicum of useful gas but not enough to do anything. |
maybe we can consider removing ERC-165 introspection to simplify this module? Essentially, I am not sure the benefit of ERC-165 where support for interfaces can be spoofed. |
There has been no activity on this issue for two months. It will be closed in a week if no further activity occurs. If you would like to move this EIP forward, please respond to any outstanding feedback or add a comment indicating that you have addressed all required feedback and are ready for a review. |
This issue was closed due to inactivity. If you are still pursuing it, feel free to reopen it and respond to any feedback or request a review in a comment. |
Opening discussion to nail down semantics for a common pattern that should be standardized.
Many smart-contracts have adopted some pattern of representing the ownership of that contract, and it's such a common and simple pattern, that the exact phrasing should be standardized into an Application-layer protocol, to allow leveraging cross-compatibility.
This standard could be called the
Owned
standard. I've also heard it called theAsset
standard. The standard defines at least one method, either:setOwner(address _newOwner)
transferOwner(address _newOwner)
This might be paired with an event, maybe called
OwnerTransfer
.It would also probably benefit from having a support method, either one of:
getOwner() returns address
owner() returns address
isOwner(address _owner) returns bool
Places I've seen this used
You can read a more formally specified version of this proposal here:
https://github.com/ethereum/EIPs/blob/master/EIPS/eip-173.md
The text was updated successfully, but these errors were encountered: