You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
createrune does not show human readable output. This means that I need to use lightning-cli decode string=$rune to interpret the rune in a way that a human can understand it
proposed fix: consider including the human readable summary or restrictions as part of the createrune output.
Issue 2: createrune allows you to create invalid runes
suggested fix: Either don't allow creating runes with unknown conditions or issue a warning when issuing
Issue 3 (UX) Warnings for runes that can drain funds
lightning-cli createrune
{
"rune": "XXXXX",
"unique_id": "256",
"warning_unrestricted_rune": "WARNING: This rune has no restrictions! Anyone who has access to this rune could drain funds from your node. Be careful when giving this to apps that you don't trust. Consider using the restrictions parameter to only allow access to specific rpc methods."
}
lightning-cli createrune restrictions='[["method=pay"]]'
{
"rune": "XXXXX",
"unique_id": "257"
}
suggested fix: both these runes will allow the user to drain all of the funds, but only the first one comes with a warning. Not quite sure how to fix this other then finding a way to communicate to the user what the rune will actually allow you to do.
The text was updated successfully, but these errors were encountered:
future_time=$(($(date +%s) + 24*60*60))
OR_restrictions='[["time<'$future_time'","rate=2"]]'
AND_restrictions='[["time<'$future_time'"],["rate=2"]]'
lightning-cli decode string=$(lightning-cli createrune restrictions=$AND_restrictions | jq .rune) | jq .restrictions
[
{
"alternatives": [
"time<1715762646"
],
"summary": "time (in seconds since 1970) less than 1715762646 (approximately 23 hours 59 minutes from now)"
},
{
"alternatives": [
"rate=2"
],
"summary": "rate (max per minute) equal to 2"
}
]
lightning-cli decode string=$(lightning-cli createrune restrictions=$OR_restrictions | jq .rune) | jq .restrictions
[
{
"alternatives": [
"time<1715762646",
"rate=2"
],
"summary": "time (in seconds since 1970) less than 1715762646 (approximately 23 hours 58 minutes from now) OR rate (max per minute) equal to 2"
}
]
Perhaps a safer way to create AND restrictions is to create hierarchical runes where the parent rune has a time to live ("time<'$future_time'") and the child rune has a rate limit.
Goal: to create a rune that can be rate limited to N times per hour
Documentation:
First attempt:
Issue 1 (UX): Human readable output
createrune does not show human readable output. This means that I need to use
lightning-cli decode string=$rune
to interpret the rune in a way that a human can understand itproposed fix: consider including the human readable summary or restrictions as part of the createrune output.
Issue 2: createrune allows you to create invalid runes
suggested fix: Either don't allow creating runes with unknown conditions or issue a warning when issuing
Issue 3 (UX) Warnings for runes that can drain funds
suggested fix: both these runes will allow the user to drain all of the funds, but only the first one comes with a warning. Not quite sure how to fix this other then finding a way to communicate to the user what the rune will actually allow you to do.
The text was updated successfully, but these errors were encountered: