As of now, canisters cannot hold ICP.
Canisters also cannot control neurons, unfortunately.
When will these restrictions be lifted?
5 Likes
Bump, these are definitely critical functions for DAOs/community-run canisters
Can’t imagine if the Ethereum smart contract can’t handle ETH
5 Likes
The main attack vector seems to be that rogue node operator can currently sniff out wasm memory.
2 Likes
Wasm memory sniffing is a concern if you are using a manually created private key on the server. This doesn’t preclude the system from allowing canisters to hold ICP in the ledger under their principle. It is just expressly forbidden at the moment. Once it is allowed, the consensus mechanism should keep the ICP secure. The ICP ledger will just look at the principle sending the transaction(a canister) and the network would verify that the canister accurately created the network call.
1 Like
Bump, could we get an update on this? Anything?
1 Like
smart contract or canister will not storage any private key.
Hi Norton. Thanks for the ping. Very sorry but I do not have an ETA for when we will allow canisters to hold ICPs and neurons. Some of the key stakeholders on this decision making are away this week but are going be back in office next week. I will bring up this question on the Monday’s managers meeting to try to figure out what the plans are.
4 Likes
Related question: Is there an ETA for when Canister Signatures are supported on all subnets? (The main work – including the subnet scope in the delegation – has been merged into master, but I am not sure if it has already been deployed.) That would allow at least some work-arounds here.
3 Likes
This is interesting…are there subnets where CertifiedData isn’t enabled at the moment? How do we know which ones those are?
1 Like
All but the root subnet. But I am referring to the subnets whose cansiters can create signatures - canister signatures from the root subnet are accepted by all subnets.
Or put differently: the Internet Identity can currently only run on the root subnet. It is not be possible to run it on other subnets (e.g. during developer, or to offer an alternative identity provider).
4 Likes
Hey Joachim! No ETA on this either as of yet. I am trying to get some updates on these issues this week.
2 Likes
The work on canister signatures is still in progress, but you should start seeing scoped subnet delegations appear after the next round of replica upgrades, which then is the basis for securely extending canister signatures (as you know). I cannot give a reliable ETA for the extension of the canister signature validation, but the feature is not that complex by itself. We’ve recently seen a drop in development velocity of the reference implementation, though.
1 Like
Oh really? 
That’s a bummer… If the Interface Spec work was public, maybe the community would be able to help out with the reference implementation work 
4 Likes
A not-so-subtle euphemism for yourself?
In any case, seems like a good idea!
4 Likes