Thank you HashMaps. So, if I’m reading this right, the ability to whitelist already exists, it is just that it would require setting up a box/smart contract for each allowed sender. And, further, the funds would not be automatically deposited into the recipient’s account, but rather would require the recipient to call the contract to claim the funds.
Yes. It would be a flavor of account abstraction. I’d visualize it like building a skyscraper in the middle of suburbia. Instead of 1 Address = 1 Entity you have 1 Address = Many Entities. And instead of a delivery person having immediate access to your front porch, they’d need you to buzz them in.
Is that right? If so, that’s better than no control, but still has some added friction.
Indeed. If this is indeed a major concern and barrier to adoption for a large enough number of entities, then it would definitely behoove us to look into a solution on the “L1” ledger.
For example, there could be something similar to an opt-in flag for Algo itself (the ultimate ASA!). Let’s call it an address guard flag. An address could raise it to ensure no one can send it Algo.
Later, whenever the entity wants to make a trade they could construct an atomic group as follows:
- BlackRock Lower Guard
- BlackRock Send X to Counterparty
- Counterparty Send Y to BlackRock
- BlackRock Raise Guard
I believe @joe-p is doing something similar called “flash re-keying” in the ARC-0058 proposal Plugin-based Account Abstraction.
Regarding changing the opt-in in general, I have expressed my thoughts on how the opt-in feature could be improved in this post and I would appreciate any feedback.
Also, is there a method for employing a blacklist? Eg, a box/smart contract to which anyone (except certain designated accounts) can send funds that can be withdrawn by the recipient?
The problem with blacklisting a specific address or groups of addresses is that anyone could trivially generate another address, send the money to it and then from it send to BlackRock.
You could devise a queuing system that would allow anyone to send transactions to BlackRock but they are “kept to wait in the lobby”. BlackRock has a certain amount of time to act on those transactions, e.g. explicitly accept or reject them, and after the time ends some default outcome takes place (a passive accept or reject).
So transactions that are clearly strange, e.g. coming from someone who has sent the funds through a mixer, could be rejected, the money either lost forever (burned), claimed by a 3rd party or made available for the original sender to claim themselves.
Incidentally, this is one technique to make legally compliant mixers - have the deposited funds be frozen for a set period of time, during which law enforcement or some other trusted entity are allowed to order them “rejected” (confiscated/burnt/returned).