LiquidPledging Donor Permissions
Previously, we were limited to static permissions for a given method, that would be applied to all calls. Now that we're using AragonOS this us to have complex and dynamic permissions for a given method.
One concern that has been brought up is money laundering... I think it would make sense to have a "DONOR_ROLE" permission that can be used by projects/delegates (and givers?) to restrict who they receive donations from.
By default, delegate/campaigns/milestones would accept donations from anyone. For delegate/campaigns/milestones who want to follow KYC procedures, they would be able to "whitelist" specific givers. Since lp now works w/ any ERC20 token, the delegate/campaign/milestone can "whitelist" select tokens, instead of accepting any token.
I wanted to get feedback on the above. If you think a "Donor Role" makes sense please give feedback on the following as well:
- should Givers accept donations? If so, should they accept donations from anyone or just themselves? 1 use case for accepting from themselves is to "deposit" funds into the Giveth system, for later transferring. We do this in tests, but I'm not sure it is a valid "real-world" use case.
- A "PledgeAdmin" is an entity who controls (transfers, withdraws, etc) a "Pledge". This can be a single user/contract (addy), but can also be many users/contracts (addy) due to the new permission system. Knowing this... when whitelisting possible donors, is it more useful to authorize a "PledgeAdmin" or the address that is sending the donation tx? Or should we allow the ability to authorize either one?