Trustful - Questions | Stellar Developers | Page 1

obtuse brook Jul 30, 2024, 12:38 PM

#

@summer harness hey Leo, feel free to ask here pls

summer harness Jul 30, 2024, 2:15 PM

#

Hi guys, how are you doing? I'm Leo, Blockchain Engineer from Blockful.

So, right now, we are facing some trouble trying to create a non-transferable asset.

Let me give you some context. The Trustful will have the feature of creating badges for users. This Assets will be transferred as a Claimable Balance then the user can claim the token.

Ok. So, we want the token to be non-transferable. Currently, our application uses the Stellar SDK (TypeScript) to create assets. Following the suggestion of using the authorization required flag, we did the following steps:

Creation of the asset and claimable balance operation with the authorization required flag:

    const newAsset = new StellarSdk.Asset("tAuthReqFlag", issuerKeypair.publicKey());
    let userCanClaim = StellarSdk.Claimant.predicateBeforeRelativeTime("600");
    const claimableBalanceEntry = StellarSdk.Operation.createClaimableBalance({
        claimants: [
            new StellarSdk.Claimant(user, userCanClaim),
        ],
        asset: newAsset,
        amount: "1",
        setFlags: StellarSdk.AuthRequiredFlag,
        assertType: "credit_alphanum12"
    });

Sponsoring a trustline between the asset and the user:

const trustlineTransaction = new StellarSdk.TransactionBuilder(
        await server.loadAccount(user),
        { fee: StellarSdk.BASE_FEE, networkPassphrase: StellarSdk.Networks.TESTNET }
    )
        .addOperation(StellarSdk.Operation.changeTrust({
            asset: newAsset,
                        limit: '1',
        }))
        .setTimeout(TimeoutInfinite)
        .build();

#

We then checked the Albedo wallet and saw that the user's account did receive the created asset. However, the user can transfer the newly received asset through a claimable balance operation to a third party. This third party can then establish a trustline with the asset sent via Claimable Balance and claim it.

We do not want this transfer flow between accounts to exist. If an asset is sent to User-1, it should not be allowed to send or create a Claimable Balance for the asset.

The AuthRequiredFlag does not seem to have the desired effect.

For a clearer explanation, you can refer to the following flowchart. It shows what is currently happening with our created assets and highlights in red the part that should not happen.

#

#

So, to make it clear, the question is:** How do we make a non-tradable asset if the previous approach does not work? **

grizzled tapir Jul 30, 2024, 6:21 PM

#

The AuthRequiredFlag needs to be set on the issuing account - https://developers.stellar.org/docs/tokens/control-asset-access#authorization-required-0x1.

#

I believe what you want is to use an "Authorization sandwich", where the trustline is always deauthorized unless the payment (or claim in your case) is in a transaction where it is between a authorize trustline operation and a deauthorize trustline operation - https://developers.stellar.org/docs/tokens/control-asset-access#example-flow.

summer harness Aug 6, 2024, 4:40 PM

#

Hi @grizzled tapir, how are you doing?

Thanks for the answer, my friend. I have tested the flow of operations that you mentioned, and now the assets are non-tradable as I wanted. 😁

#Trustful - Questions