Using Sudo to Impersonate Other Accounts¶
Introduction¶
Sudo is a module that enables privileged runtime calls to be dispatched when called from the Sudo account. Sudo is sometimes colloquially referred to as a superuser or god-like account. This allows you to perform privileged actions while managing your network, such as impersonating other accounts.
In this guide, you'll learn how to use Sudo to impersonate other accounts. For example, this guide will use the Sudo account to pose as an arbitrary account and transfer funds from said account.
Warning
The balance transfer demonstrated in this guide is dubious, and it is shown only as an example of using Sudo.
Checking Prerequisites¶
For the examples in this guide, you will need to have the following:
- A Tanssi-powered network (Quick Trial or Dedicated)
- Your network's Sudo account connected to your network's Polkadot.js Apps. You can refer to the Managing Sudo guide for instructions on injecting your Sudo account into Polkadot.js Apps
If you're unsure what your Tanssi network's Sudo account is, you can find it in your Tanssi Dashboard underneath the Properties section.
Warning
It's critical to protect your Sudo account key with the utmost security precautions, as it grants privileged access to your Tanssi network.
Using the Sudo As Method¶
As you know, the Sudo account can perform privileged functions, including impersonating other accounts. When submitting a call via sudoAs
, the runtime will first authenticate the Sudo key and then dispatch the desired function call with the Signed
origin from a given account. In the following example, the sudoAs
method will orchestrate sending some tokens to another account. While the result is similar to using Sudo with a forceBalanceTransfer
call, the following example uses a regular balance transfer call where the origin is the sender's account rather than the Sudo account.
To make a sudoAs
call to impersonate another account, navigate to the Developer tab of Polkadot.js Apps for your Tanssi-powered network and click on Sudo. If you do not see Sudo in this menu, then you have not associated the Sudo account with Polkadot.js Apps. Ensure that your Sudo account is injected by your wallet and connected to Polkadot.js Apps. Then, take the following steps:
- Select the Sudo pallet
- Select the sudoAs method
- Select or paste in the desired account to impersonate
- Select the desired pallet for the call to submit. In this case, it is the balances pallet
- Select the transferAllowDeath method
- Specify the destination account for the balance transfer
- Specify the number of tokens to send
- Press SubmitSudo and confirm the resulting pop-up
The other account had a starting balance of 1,000
tokens before the call, and subsequently dropped to 995
as expected.
Using Sudo and the Dispatch As Utility¶
The following section will demonstrate using Sudo to dispatch calls from an arbitrary origin. When submitting a call in this manner, the runtime will first authenticate the Sudo key and then dispatch the call using the utility
pallet and the dispatchAs
function, allowing the transaction's origin to be exactly what you'd like.
To do so, navigate to the Developer tab of Polkadot.js Apps for your Tanssi-powered network and click on Sudo. If you do not see Sudo in this menu, you have not associated the Sudo account with Polkadot.js Apps. Ensure that your Sudo account is injected by your wallet and connected to Polkadot.js Apps. Then, take the following steps:
- Select the Sudo pallet
- Select the Sudo method
- Select the desired pallet for the call to submit. In this case, it is the utility pallet
- Select the dispatchAs method
- Select system from the dropdown
- Select the signed origin, which sets the origin of the transaction to be the specified account rather than root
- Select the desired pallet for the call to submit. In this case, it is the balances pallet
- Select the transferAllowDeath method
- Specify the destination account for the balance transfer
- Specify the number of tokens to send
- Press SubmitSudo and confirm the resulting pop-up
The other account had a starting balance of 995
tokens prior to the call and dropped to 990
as expected.
And that's it! The Developer Portal section has plenty more guides on how to manage your Tanssi network.
| Created: March 13, 2024