Pact modules have a number of restrictions that determine what code users can call vs. what code only the module can control. Specifically, when a module is governed by a keyset (for example (module foo 'foo-keyset)
), then the documentation states that:
This indicates that if a user tried to upgrade the module, or directly write to the module tables, 'foo-keyset would be enforced on the transaction signature set.
It's not clear to me whether these are just examples or whether they constitute the full scope of things covered by module governance.
When I apply a keyset or governance function to my module, what specifically is protected by that keyset or governance function?
If you have a governance keyset set up in your module
(module my-module "admin-keyset"
...
)
it means you can upgrade the module with the keyset admin-keyset. Upgrading the module overwrites the existing module with a new version by redeploying it signed with the keyset. If you do not set a governance keyset the contract cannot be upgraded.
The functions of the module can be called by anyone who signs with the requested capabilities, if any. If no capabilities are requested by the function anyone can call it.
Writing directly to tables is not possible on public Kadena Chainweb as far as I know, it might refer to functionalities in Kadena's private blockchain software Kuro.