Summary
I propose to add a list of whitelisted domains to terra wallet, when a user attempts to connect to a non whitelisted url a message pop up appears “The url you are trying to connect to is not whitelisted, please check domain url. Are you sure you wish to connect?”
Motivation
I am motivated by two of my LUNAtics friends losing a significant portion of their life savings this week by connecting to fake protocol sites that looked legitimate. It is literally heart breaking to hear about this and I am motivate to stop this from happening again. I would like to get this idea through to a proposal if possible.
Proposal
I am not a dev and so I do not know how the code should/can be written but having spoken to a few more development capable people I have been told that this should not be hard or time consuming at all. Obviously what may require some ongoing work is the addition of new whitelisted domains as new protocols appear on terra. Having said that even if a warning appears on a new domain until such time as it is added to the WL having to read a “fail safe” message to double check the url you are connecting to is a small price to pay to ensure that no more LUNAtics have their funds stolen.
Some people have mentioned sending a legal complaint to Google to request more vigilance in not allowing these scam sites to be advertised but in my opinion this will take time and money and why bother when we can fix this with tech. I will be asking XDEFI wallet if they would be prepared to also develop and code a similar or same fail safe on their wallet.
How would this work if/when the Armageddon protocol is activated? Would we have to vote on everything? How do we even validate a suggestion on a change when the Armageddon protocol is active? Can’t get around how this would work in a safe way in such scenario.
Terra operating as a decentralised entity and the native wallet warning people about dodgy urls are worlds apart… a pop up reminding people to double check the url is not going to disrupt the journey to decentralised oblivion, but it is going to save millions of normies hundreds of thousands of dollars of which they can invest more…
I support this proposal. It will increase safety for all Terrans, and provide the kind of guard rails that will encourage participation of newbies to the ecosystem.
However, a whitelist approach doesn’t help in scenarios where the scam sites deliver a popup that looks like Terra Station and the user is prompted to key in their seed phrase. This bypasses the wallet solution altogether.
Even if we were to adopt a whitelist, we will need to think of a neutral yet efficacious manner in which it can be maintained by the community in a decentralised manner.
Another idea that I am tabling to the team is a dApp explorer within the wallet, similar to how Safepal does this today (see screenshot below). This will help reduce the reliance on Google Search, which is one of the largest vectors of attack for these scams. However, we will run into the same issue of neutrality when it comes to maintenance of dApps listed on this explorer.
Tackling this issue requires a multipronged approach - but I agree that there are potentially solutions on the wallet that we can explore.
I really like the idea to make it a bit more visible to the casual user, if a website or address ist trustable. While I agree with @petes-fan-club that it would be cool that have a DAO that decides listings etc. I personally think it makes the process unnecessarily complicated and the wallets using the data are also not decentralized in the end. Implementation would probably also take significantly longer, so maybe it could also be a iterative process by starting with a GitHub managed JSON file (similar to cw20 / cw721 listings, like I already suggested here: https://twitter.com/col5_lunatic/status/1514598062504783874) and later on move over to a DAO based system since development and testing take far more time.
I think there are pro / cons for both systems, a DAO generally takes a lot longer to have a decision, while a GitHub maintained JSON file could act quickly if necessary. I also don’t think the decentralization part on this would be an issue, since we also trust GitHub / Open Source enough when it comes down to terra station wallet etc.
In my mind the tool would allow whitelisting of website domains + blacklisting of addresses. Blacklisted addresses would result in warnings, but would ultimately still allow interaction / transfers. I’m not an artist by any means but did some simple mockups how I imagined it in my head:
Direct visual verification of a website the user currently views by changing the icon of the extensions:
If the website is not on the whitelist, it will be indicated by a red protection icon. This wouldn’t mean it’s some scam etc, just that it is not verified at this point and could lead to the user taking a closer look on the page he’s using.
If a user tries to interaction / send funds to a blacklisted address, he will receive a warning, but still be able to proceed. Should increase awareness but not make it impossible for a user to interact if he still actively decides to. A warning for dangerous transactions already exists on the chrome extension and could be enhanced for this. (https://twitter.com/col5_lunatic/status/1514598943501561859?s=20&t=06jtJ1M9Y3l0fKtGG5jyFw)
Domain validation via Website Protection Status on the chrome extension overlay
Messages always relative to the active website the user is currently viewing.
Website PR has been created and / or if DAO is used, a proposal to add it to the verified list has been posted and is awaiting a decision. Maybe a click on it could lead to the proposal or PR
As Terra moves towards complete decentralization the process for protocols to get on this whitelist would be difficult and IMO counterintuitive to an open and inclusive ecosystem
If getting on the whitelist required a vote, what if the project was new or simply doesn’t have enough traction to garner the votes needed to reach quorum? What if there’s a whale behind the scam sites who consistently votes to get malicious links whitelisted?
I think a better approach would be, like you mentioned, to always have wallets display a verbose warning when connecting to a new domain
"You have never connected your wallet to this domain before. Are you sure that you are visiting the correct URL? "
This wouldn’t completely stop people from getting hit but it should be enough to prevent a lot of these occurrences while not punishing projects for having a smaller userbase
I agree with this I sometimes think the quest for EVERYTHING to be decentralised gets in the way of enacting a simple task to fix a simple problem & not EVERYTHING need to be a DAO…
I don’t fully agree here, the wallets etc also wallet development still remains a somewhat centralized part of the ecosystem, this could be handled the same way by utilizing a DAO and / or open-source JSON file via GitHub.
The information about connecting to a new website already exists in some form as you receive a popup that explicitly requests you to approve or decline the connection including a message. But most just hit approve very quickly after some time, it’s probably not that effective.
This would also not prevent users from getting phished by the need to add their seed phrase, while this is mighty obvious for most of us, it might not be for the casual user. So I think a direct visual indicator could help very much for such users.
I would also further recommend to make a big fat warning on the private key export function that reminds the user that nobody ever needs to know this and it should not be entered anywhere or loss of funds is pretty much guaranteed. export should only used to secure your own wallet and / or import it on another wallet of yours. Maybe even make them write a small message that they understand this. ^^ Everything to make them reconsider what they’re doing right now and not just act by habit
The wallet providers would have to integrate the non-whitelist warning feature as well unless this were to become a requirement for any wallet provider
The DAO whitelist solution just seems like it would create gatekeeping scenarios whether unintentional or not
If a new project doesn’t get the required votes to make the whitelist, then that would in turn lessen their potential growth because any time a new user was going to try out their protocol they’d see a “This project is not whitelisted, connecting here can cause a loss of your funds” and anybody who isn’t hip to what that actually means would immediately be turned away
As Terra continues to grow and new projects launching becomes a daily occurrence, 1) A whale could create many fake scam projects and vote the on the whitelist, increasing their voting power by the amount they steal in the process 2) it would be difficult for any projects which don’t have good marketing to get on the whitelist. People hardly vote on gov props now, as Terra grows that’s likely not going to get better
By providing an additional & bold font/bright text warning in the Approve Connection message, users who are new would at least glance over it and hopefully think to themselves “wait, maybe I should do more research before I connect my wallet containing my life savings to this”. Perhaps a “Retype this message to ensure you’ve read it” or even a link to the telegram/discord. Additionally, if a user then sees that message again when connecting to something they know they’ve used before, intuition should kick-in set off some red flags
We can do better as a community at teaching proper practices & provide warnings out the ass for things that may put them at risk, but I don’t think the whitelist idea is a viable solution long term
I fully agree with the warning/captcha thing for the Export Seed button
Of course they would’ve to implement it, but that’s not a big issue, especially since terra station already has a warning for dangerous transactions. (like giving a smart contract a signed permit to do something on your behalf, without the direct interaction needed)
I wasn’t pro DAO, so most of it doesn’t really fit as reply to my message imo, but I do sort of agree that this would be an issue eventually. The reason why I think a repo maintained (similar to cw20 / cw721 listings) makes most sense here. (As mentioned in my longer post above)
I also think that a trust indication would absolutely outweight the negative impact on projects, it would actually be better to have more careful newbies than people directly jumping onto scam. Education etc. won’t do much here as most of it happens in a bubble imo. Outsiders won’t know about it and easily be caught by a scam thanks to google search results which is often the most used way to a website. Even when the URL actually is known. So an additional safeguard makes sense imo and more experienced users can still do whatever they want since they can just ignore if they like and proceed. So personally I don’t think it’s a big issue if newcomers would be more careful on unverified projects and rather use older trusted projects. It would absolutely reduce the amount of scammed users.
Issue is that scams are everywhere at the moment and we somehow need to take responsability in protecting the inexperienced users. Usually the first thing I tell friends… never google always use the links on the official twitter accounts, but this is just not viable for the general public as they either just don’t use twitter etc. or just never realize this because they are not in our bubble. The people scammed will also spread the negative word as they might not realize that they were phished and call terra etc. scam.
It’s not because it’s cool.
It’s for legal protection.
If I approve a domain and it ends up being scammy then am I (the approver) liable?
Also… if I am a scammer I’d be working hard to be an approver so I can whitelist.
Storing them on chain or in git isn’t my issue. It’s liability.
If you really want a gated wallet, fork Station and make all the changes you want and have a whitelist that you maintain. Show us it can be done.
Otherwise, lets look to Ethereum and see what is going on there. When Terra reaches the size of Ethereum, are any of solutions listed scalable? I do not see a single solution that is truly scalable.
Also, @petes-fan-club brings up great points on liability. Likely why we don’t see Metamask and the rest doing the same.
