BitcoinDesign / Guide

A free, open-source community resource for designers, developers and others working on non-custodial bitcoin products.
https://bitcoin.design/guide/
Other
455 stars 98 forks source link

Add info about address poisoning attacks #1088

Open GBKS opened 6 months ago

GBKS commented 6 months ago

There was another address poisoning attack incident over the weekend, and discussion around address UX followed. I put together a quick mock of how wallets could warn about this.

My proposed addition would either go in the address page in the glossary, or the send page. We would suggest that wallets look at their transaction/address history and try to find identical or similar addresses to what the user has entered. Based on the finding (like an address with the same start and end that only sent dust to the wallet), the UI could ask the user to double-check or use a different address.

Peter Todd stated that this should have been baked into the Bech32 address format (bc1-qep2un4-cvwmhf...), but to me it's more of a UI-level issue. We should be able to rely on wallets to do some basic checks for us and help prevent mistakes.

image