From 227efc147a592587231b59bdc9381eb8eb5fd1f5 Mon Sep 17 00:00:00 2001
From: Oleksandr Anyshchenko <oleksandr.anyshchenko@aurora.dev>
Date: Wed, 11 Oct 2023 19:31:08 +0100
Subject: [PATCH] Update engine/src/contract_methods/admin.rs

Co-authored-by: Michael Birch <michael.birch@aurora.dev>
---
 engine/src/contract_methods/admin.rs | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/engine/src/contract_methods/admin.rs b/engine/src/contract_methods/admin.rs
index ec468063d..a0db2abe1 100644
--- a/engine/src/contract_methods/admin.rs
+++ b/engine/src/contract_methods/admin.rs
@@ -449,6 +449,9 @@ pub fn attach_full_access_key<I: IO + Copy, E: Env, H: PromiseHandler>(
         target_account_id: current_account_id,
         actions: vec![action],
     };
+    // SAFETY: This action is dangerous because it adds a new full access key (FAK) to the Engine account.
+    // However, it is safe to do so here because of the `require_owner_only` check above; only the
+    // (trusted) owner account can add a new FAK.
     let promise_id = unsafe { handler.promise_create_batch(&promise) };
 
     handler.promise_return(promise_id);