Users security proposals

One of MultiversX main pros is user security.

The absence of approval functions gives users a safe place to interact with smart contracts with no malicious draining attack risk.

Still I see some risks:

  1. User don’t look at tx and signs a tx requiring for more funds than needed.

  2. User sending the correct amount but malicious front-end send funds to a malicious address

  3. I know, users should pay attention. But after signing thousands of txs it’ll happen that the user will not read it and sign it trusting the project he signed the txs for.
    If a bug happens or an hack is happening, the user may sign a tx requiring way more funds than needed to a smart contract.

Could even be an error when sending funds manually.

What I propose is a UI system in wallet that can do one of the two:

  1. Add an additional window/banner with different colours if the tx is requiring more funds than the ones set by the user (user might set it up for txs worth over 100$)
  2. Set one automatically when the user creates the wallet and allow to disable it.

The limit that triggers the pop-up message to appear could be a % of the total value of the wallet (tx requiring more than 5% of the wallet value) or/and a $ amount.

  1. On this second issue I see this problem:

A malicious front-end similar to a known website or a known website which front-end is hacked. Users wouldn’t be drained, that’s corrrect, but they would sign txs sending funds to a malicious address.

Better than losing funds, but we can do more.

I propose a system of separated herotags for smart contracts, and a verifiable system that shows a verified status in wallets UI.

I see it working this way:

  • Projects pay a fee for a particular herotag
  • They can then name all of their smart contracts under it, like a tree design.

For hatom for example it’d be Hatom herotag and then all of their smart contracts named after that. Initially I’d set a precise fee for these smart contracts, an annual fee to keep it after which it needs to be renovated.

On xPortal I’d manually verify all the smart contracts of the projects added to the Hub, this way user can interact with all of them and instead of seeing a random address they’d see the project name + the name of the smart contract.

We’d then also need a way to ban malicious herotags, for example those using different letters similar to a known project. Or some sort of system to also prevent hackers using pishing websites with herotags similar to known projects.

Hat0m instead of hatom for example. Inside xPortal a verified badge would help, on top of the decentralized herotag system.

I’d keep the system with a fee to leave room for the, hopefully, thousands of project we’ll have in the future. Not having fees could make people take all the best names leaving strange and difficult to read herotags for users.

Fees could go directly to validators. In the UI I’d clearly show the difference between smart contracts for users and for projects/smart contracts.

Last thing I’d like is adding intent-oriented txs, making them easily readable in the txs we’re signing. Making it easy to understand what we’re signing and what will happen to our funds.

3 Likes

That will be so good to implement it! my :+1:

1 Like

I’d like to add this to github issue discussion as well, because it suits the problem “1. User don’t look at tx and signs a tx requiring for more funds than needed”:

On ledger all we have right now is the encoded data field, which nobody can read (and I think its also cut short).

So I just wanted to add, that we really need a big improvement on ledger as well.

1 Like

I like the idea of having a different color approval page, if the payment is more than a certain customisable amount (for example: a red approval button and/or red themed page)

1 Like

I’d suggest looking at Ledger last announcement.

They intend to remove blind signing by June 2024.