You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Dec 4, 2024. It is now read-only.
Now that we added direct link share we are not showing any kind of warning or message indicating that a Safe app don't belong to the default list. Even we should not act as full gatekeepers of the Safe Apps, it may be useful to indicate to take extra care for those apps that are not added to the list.
What is your hypothesis?
Someone could fork the transaction builder and create a malicious version of the tx-builder. If user is not careful and access via a direct link to this app, they may think they are using the legit transaction builder but using a modified one. So ideally we should signal with a light check so they can be aware that something could not be as usual and share with them some security practices whenever they use apps that don't belong to the default list
What value does this bring to our customer and/or our mission? What is the goal?
This will help us to educate the users trying to avoid blind signing or double checking the app link, as we could enumerate some good practices each time they open an app that doesn't belong to the Safe Apps list
How do we measure it?
We can measure by the number of openings we get via direct link from apps that don't belong to the Safe Apps list
Links:
Part 2: Shaping the problem
Problem Owner
// Who is responsible for leading the shaping process of this problem statement. Owner should be assigned directly after the Great Filter meeting. PM will assist.
Non Goal(s)
Adding automatic checks trying to prevent scam apps
Solution
Solution 1
Overview
Solution for this problem statement is to add some flags or feedback to the user to early detect that something is not being as it should. If they open a TX-Builder but they see some references that the App is not part of the default list they should start to be suspecting or that they should take extra attention.
Rough Scoping & Timeline
The feature is mostly about adding some feedback and messages to the user so they take extra care whenever the app is not part from the default list of apps
Show a message in Safe App details view (when you get to the Safe App "landing page") that the app is not part of the default list. As we can't retrieve which networks the app is available we can take advantage of that and add a warning to the user there.
Whenever the user opens a Safe App that was manually added to the list or the app was accessed via direct link we will show a modal suggesting recommended security practices. At least this would be included:
Please, make sure you trust the app you are accessing to.
You can check the app link at the end of this page URL
Always validate and review transaction information in the Safe interface before executing, even from Safe Apps that you trust.
Risk(s), Key Trade Offs & Decisions
This are light hints but should be enough to make the user aware of possible scams.
This will be specially effective when someone is trying to impersonate a Safe App that is heavily used by some user.
Concept Mocks
We will implement a bigger disclaimer component with different steps
The text was updated successfully, but these errors were encountered:
Part 1: Define the problem
What problem are you trying to solve?
Now that we added direct link share we are not showing any kind of warning or message indicating that a Safe app don't belong to the default list. Even we should not act as full gatekeepers of the Safe Apps, it may be useful to indicate to take extra care for those apps that are not added to the list.
What is your hypothesis?
Someone could fork the transaction builder and create a malicious version of the tx-builder. If user is not careful and access via a direct link to this app, they may think they are using the legit transaction builder but using a modified one. So ideally we should signal with a light check so they can be aware that something could not be as usual and share with them some security practices whenever they use apps that don't belong to the default list
What value does this bring to our customer and/or our mission? What is the goal?
This will help us to educate the users trying to avoid blind signing or double checking the app link, as we could enumerate some good practices each time they open an app that doesn't belong to the Safe Apps list
How do we measure it?
We can measure by the number of openings we get via direct link from apps that don't belong to the Safe Apps list
Links:
Part 2: Shaping the problem
Problem Owner
// Who is responsible for leading the shaping process of this problem statement. Owner should be assigned directly after the Great Filter meeting. PM will assist.
Non Goal(s)
Adding automatic checks trying to prevent scam apps
Solution
Solution 1
Overview
Solution for this problem statement is to add some flags or feedback to the user to early detect that something is not being as it should. If they open a TX-Builder but they see some references that the App is not part of the default list they should start to be suspecting or that they should take extra attention.
Rough Scoping & Timeline
The feature is mostly about adding some feedback and messages to the user so they take extra care whenever the app is not part from the default list of apps
Risk(s), Key Trade Offs & Decisions
This are light hints but should be enough to make the user aware of possible scams.
This will be specially effective when someone is trying to impersonate a Safe App that is heavily used by some user.
Concept Mocks
We will implement a bigger disclaimer component with different steps
The text was updated successfully, but these errors were encountered: