Skip to content

seal() always revokes all keys — need a giveOwnership path that preserves keys #178

Description

@joshuahannan

Problem

OwnedAccount.seal() unconditionally revokes all keys on the account:

```cadence
access(Owner) fun seal() {
self.rotateAuthAccount()
self.revokeAllKeys()
emit AccountSealed(id: self.uuid, address: self.acct.address, parents: self.parents.keys)
self.currentlyOwned = false
}
```

`giveOwnership()` calls `seal()` as part of the ownership transfer flow. This means that every time ownership is transferred, all keys on the child account are revoked. There may be legitimate scenarios where an ownership transfer should preserve existing keys (e.g., when the new owner wants to retain their own key-based access rather than relying solely on the AuthAccount capability).

Proposed Solution

Consider adding an alternative to `giveOwnership` that does not call `revokeAllKeys()`, or refactor `seal()` to accept a parameter controlling whether keys should be revoked.

Context

The inline comment that prompted this issue was removed in PR fix/style-and-low-findings. This issue tracks the unresolved design question.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions