Problem
OwnedAccount.seal() unconditionally revokes all keys on the account:
```cadence
access(Owner) fun seal() {
self.rotateAuthAccount()
self.revokeAllKeys()
emit AccountSealed(id: self.uuid, address: self.acct.address, parents: self.parents.keys)
self.currentlyOwned = false
}
```
`giveOwnership()` calls `seal()` as part of the ownership transfer flow. This means that every time ownership is transferred, all keys on the child account are revoked. There may be legitimate scenarios where an ownership transfer should preserve existing keys (e.g., when the new owner wants to retain their own key-based access rather than relying solely on the AuthAccount capability).
Proposed Solution
Consider adding an alternative to `giveOwnership` that does not call `revokeAllKeys()`, or refactor `seal()` to accept a parameter controlling whether keys should be revoked.
Context
The inline comment that prompted this issue was removed in PR fix/style-and-low-findings. This issue tracks the unresolved design question.
Problem
OwnedAccount.seal()unconditionally revokes all keys on the account:```cadence
access(Owner) fun seal() {
self.rotateAuthAccount()
self.revokeAllKeys()
emit AccountSealed(id: self.uuid, address: self.acct.address, parents: self.parents.keys)
self.currentlyOwned = false
}
```
`giveOwnership()` calls `seal()` as part of the ownership transfer flow. This means that every time ownership is transferred, all keys on the child account are revoked. There may be legitimate scenarios where an ownership transfer should preserve existing keys (e.g., when the new owner wants to retain their own key-based access rather than relying solely on the AuthAccount capability).
Proposed Solution
Consider adding an alternative to `giveOwnership` that does not call `revokeAllKeys()`, or refactor `seal()` to accept a parameter controlling whether keys should be revoked.
Context
The inline comment that prompted this issue was removed in PR fix/style-and-low-findings. This issue tracks the unresolved design question.