Are Hotkeys Risky?

jamesbeadle · August 29, 2024, 9:24am

Just building out the governance view in OpenFPL where you can vote on proposals.

Using the SnsGovernanceCanister type in @dfinity/sns, if someone has added the frontend hotkeys, they can code in say “vote yes on all proposals” using registerVote. Then on page refresh, if you have their identity saved locally, you can submit the yes votes.

Like I’m coding click events on these thumb buttons:

But I could just put the same vote yes in onMount and they couldn’t stop them triggering…

And as the frontend isn’t added via proposal, seems like it’s an accident waiting to happen.

Am I missing something here? I’ll have the buttons working soon so will be able to check locally just wondered if there is some fundamental thing I haven’t understood.

Severin · August 29, 2024, 9:52am

I think this is the critical part. Did you know that you can put asset canisters under SNS control? IMO that would be the proper way to do it, but maybe I’m missing some context?

jamesbeadle · August 29, 2024, 10:05am

Right now I feel I am able to code it to bypass votes if hotkey added.

I think yes, frontend should be by proposal if functionality contained can control governance.

It’s just really easy to make loads of frontend changes and deploy, so I’ve been using dfx canister install OpenFPL_frontend —ic —mode=upgrade.

Topic		Replies	Views
Is Hot or Not Decentralised? DFINITY	6	970	July 22, 2023
Fix: NF Neurons Not Available for Direct Voting in NNS Dapp Governance	0	364	January 19, 2024
SNS Proposal Adoption Developers sns	2	539	October 30, 2023
[Discussion] Adding an active "abstain" option to voting on NNS proposals Governance nns	37	1294	November 11, 2022
Improving the NNS Dapp for SNS voting 🗳️ General sns	5	449	July 7, 2023

Are Hotkeys Risky?

Related Topics