BSIP65: Fix Locked Accounts

README.md

@@ -66,3 +66,4 @@ Number             | Title                                                    |
 [58](bsip-0058.md) | Global Settlement Protection Through Price Feeding | Jerry Liu | Protocol | Draft
 [59](https://github.com/bitshares/bsips/issues/140) | Adjustment of MSSR and MCR Through Voting | Jerry Liu | Informational | Draft
 [60](https://github.com/bitshares/bsips/issues/131) | BitShares URI scheme | John Titor, Stefan Schießl, Abit More | Informational | Draft
+[61](https://github.com/bitshares/bsips/pull/) | Fix locked accounts with circular dependencies             | OpenLedgerApp | Protocol      | Draft

bsip-0061.md

@@ -0,0 +1,53 @@
+    BSIP: 0061
+    Title: Fix locked accounts with circular dependencies 
+    Authors: OpenLedgerApp <https://github.com/OpenLedgerApp>
+    Status: Draft
+    Type: Protocol
+    Created: 2019-22-02
+    Updated: 
+    Discussion: https://github.com/bitshares/bsips/issues/94
+    Worker:
+
+
+# Abstract
+BitShares allow to change permissions of account A to account A. See *Cycles* paragraph of https://bitshares.org/technology/dynamic-account-permissions for details. More information can be found here: https://steemit.com/blockchain/@hipster/sad-story-how-i-lost-bitshares-account
+
+# Motivation
+We offer to develop additional functionality "Prevent to create cycled accounts". This functionality will avoid to create or update account authority with circular dependencies in the future.
+
+# Rationale
+According to our investigation, BitShares has about 384 locked accounts with circular dependencies. Most of these accounts are locked by mistake. 
+
+# Specifications
+
+## Prevent circular dependencies
+We must extend create and update account evaluators adding code that detect cycled authorities and throws exception in do_evaluate() method if cycle detected.
+To avoid any misunderstanding of existing authorization mechanism we propose to reuse actual code of sign_state::check_authority(). Make template class traverse_authorities_state and parametrize it with approve() method. By default approve = signed_by(), an existing method of sign_state class. We add keys_available() method to resolve signing path. So, check_authority() returns true, if signing path fully ends with existing keys.
+
+## Fix locked accounts
+There are two approaches here:
+
+    1) Automatic (unconditional)
+        - Detect all locked accounts in first maintenance after hard-fork.
+        - Find latest operation ("lock"-operation) among operations of cycled accounts. Do it for each cycle.
+        - Undo all "lock"-operations. Find previous account update/create operation that changes authorities and redo it.
+
+    2) Manual (on-demand)
+        - Check if account is locked.
+        - Find latest operation ("lock"-operation) in cycle.
+        - Undo "lock"-operation.
+
+# Discussion
+Should we identify authority as locked in case of cycle only? Bitshares has *max_authority_depth* parameter. So, authorities with delegetion depth > *max_authority_depth* are potentially locked. Should we prevent this?
+
+## Examples
+Account A has key. Account B delegates it's authority to A - ok. C -> B - ok. D -> C - fail.
+Transaction can never be signed by D. D exceed depth limit. Current depth limit in Bitshares = 2.
+
+# Summary for Shareholders
+
+# Copyright
+This document is placed in the public domain.
+
+# See Also
+https://github.com/bitshares/bitshares-core/issues/269