This is to open the discussion around the current proxy pallet in Polkadot inherited from substrate, and potential updates we can have around it.
First, I think that the meta problem that we are trying to solve here is pre-authorizing transactions by other accounts.
That is, for example, allowing another account to submit a group of transactions on your behalf as long as certain conditions are met after the fact.
Or, imagine you know that you want to perform an action (unbond, withdraw and transfer of exactly x DOTs) sometime in the next year from an account kept in cold storage, and you want to authorize it once and trigger the action via another hot account. You could store the exact signature, but details like nonce and transaction mortality generally prevent you from doing this.
the proxy system is a subset of these use cases, where we specify a list of allowed calls, with no restrictions on the number of times the proxy can be used, post-conditions or arguments.
If we are to look at the broader problem, as already hinted at, I generally see 3 parameters to a generic pre-auth scenario:
- which calls, and how many times each.
- which arguments.
- post-conditions.
For example, for the above scenario, I would create a proxy that would be allowed to call
unbond(x), wtihdraw(), transfer(x, dest)
exactly once.
All of these are very easy to program as long as Polkadot provides a pre-defined list for each item in the list above, and the user can picks and combines them. The current proxy pallet is also working in a similar manner.
If you want to allow users to define the above set themselves, I think only the first one is possible. Setting a counter on a proxy is trivial, and each call is identifiable by an index.
Althgough then, the user is taking the risk that the call indices (or details of the logic) might change over time, which could lead to unexpected authorization. We can allow users to specify if they want their proxies to extend to the next runtime upgrade, or expire if the spec_version changed.
With all of this in mind, I think it is fair to say that the current proxy pallet is a conservative implementation. In fact, I once asked about this and received a fair answer about it.
That being said, I do think that we can think of having a more comprehensive pre-authorization/proxy pallet in FRAME, and maybe someday, in Polkadot.
If we are to push forward the current proxy pallet, from the list above, we can easily tackle the first item and:
- Allow proxies to have a decrementing counter, after which they cannot do anything.
- Create a new proxy type that lets the proxy creator specify a list of call indices they want to allow, optionally with a flag that says if the proxies expire after a
spec_version
change.
But I am not sure if this is a better approach, compared to creating a brand new pallet-pre-authorization
and leaving the current proxy pallet as-is
One thing that makes me worried about Gav’s comment in the link above is that he seems to point out that allowing any type of flexibility with things such as proxies is extremely risky and could lead to various malicious backdoor being created. I don’t consider myself someone who follows the crypto space super deeply to know anecdotes about this, so if anyone knows a related story, please do share and perhaps the right decision is to in fact stick to the current simple proxy pallet.
(I do recall someone telling me about a team in our ecosystem that’s trying to solve making item 2 and 3 in my list programmable by end users, but I can’t remember their name).