register_identity function allows the registration of any valid user from GitHub, even if they are not the actual owner. #6
Comments
|
I agree 🙌 We could simplify the process by eliminating the need for identity registration and instead have contributors directly include their public address in the description of their pull request (PR). We could suggest a template for this. Once the PR is approved, a proof of contribution is recorded in the contract, but it remains unclaimable at this stage. Contributors will only be able to claim their due when the issue is officially closed. A significant benefit of this approach is the flexibility. For example incentives can be share among multiple contributors working on the same issue. Let name service providers manage identities, it's not our fight 🤘 |
|
I like the idea. We can consider having both implementations/templates:
Regarding the implementation, we could use PR templates to obtain the addresses or use a bot to register specific information in the contribution from the issue (using a command like |
|
After some investigation Phala Phat contracts can be used as oracles to properly register Github handles as identities. |
We need to enhance the registration process for GitHub users, which we use to map account IDs. Currently, there's a vulnerability where anyone can register any GitHub user, posing a risk of 'identity theft.' This situation prevents the real user from utilizing the solution effectively since they won't be able to claim the rewards. Even though we talked in the past about paying a small amount of money when registering a new identity this may not fix the problem.
Some quick solutions:
The text was updated successfully, but these errors were encountered: