Skip to content

Commit

Permalink
ICRC-21: Add validation step for the consent message request sender
Browse files Browse the repository at this point in the history 
This PR includes a validation step in the cold signer use-case to
explicitly validate the `sender` property of the icrc21_consent_message
request.

A note is added to the hot signer use-case to use the same identity
(or the anonymous one) to fetch the consent message and sign the
requested call.
  • Loading branch information
@frederikrothenberger
frederikrothenberger committed Aug 12, 2024
1 parent e67fb74 commit 180dde4
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions topics/ICRC-21/icrc_21_consent_msg.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,7 @@ sequenceDiagram
2. The signer fetches the consent message from the target canister and validates the response:
* `icrc21_consent_message_request.method` must match the canister call method.
* `icrc21_consent_message_request.arg` must match the canister call argument.
* The signer must either use the anonymous identity or the same identity as for signing the canister call (in step 6) for the `icrc21_consent_message` request.
* The `icrc21_consent_message` canister call must be made to the target canister.
* The response to the `icrc21_consent_message` canister call (fetched using `read_state`) must be delivered in a valid certificate (see [Certification](https://internetcomputer.org/docs/current/references/ic-interface-spec#certification)).
* The decoded response must not be `null` and match the `icrc21_consent_message_response::OK` variant.
Expand Down Expand Up @@ -145,6 +146,7 @@ sequenceDiagram
1. The consent message request must match the canister call:
* `icrc21_consent_message_request.method` must match the canister call method.
* `icrc21_consent_message_request.arg` must match the canister call argument.
* The `icrc21_consent_message` request `sender` must be anonymous or match the identity used to sign the canister call request (in step 7).
* The `icrc21_consent_message` request `canister_id` must match the target canister id.
2. The consent message response must be certified and valid:
* The response to the `icrc21_consent_message` canister call must be provided in a valid certificate (see [Certification](https://internetcomputer.org/docs/current/references/ic-interface-spec#certification)).
Expand Down

0 comments on commit 180dde4

Please sign in to comment.