mateodaza
commented
2 years ago front end could be manipulated, I believe the best is to have that condition on the mutation
Open laurenluz opened 2 years ago
mateodaza
commented
2 years ago front end could be manipulated, I believe the best is to have that condition on the mutation
mohammadranjbarz
commented
2 years ago @laurenluz @mateodaza
I have a query for getting purple list, but I should do some changes on that, for appending the ñist that ashley give me,
My suggestion is frontend get the list, and show a warning to user that donating with this wallet would not receive givbacks, and if user goes forward, it means user doesnt wabt givbacks
WhyldWanderer
commented
2 years ago I think this is a great topic to consider in the larger picture that has been discussed regarding accounts and connected wallets. I think I remember someone suggesting once that people could have a donor profile and a project profile. I think it is logical with our current "purple list" system to keep these addresses from donating on the UI - although this may make it harder to track/catch things.
Here is the forum discussion around account and wallet address relation: https://forum.giveth.io/t/account-and-wallet-address-relation/171
I think the warning that Mohammad mentioned isn't a bad idea until we have built something more robust with the accounts.
mateodaza
commented
2 years ago Is the main purpose remove the ability for those to donate or to make them aware they won't receive any GIV back? @laurenluz
WhyldWanderer
commented
2 years ago I know Im not lauren... but I just want to say that ideally we would use the warning of not getting GIVbacks for now.. Then brainstorm ways of how we can incorporate this into profiles/accounts in the future in a way that purple list addresses will not be able to donate through the UI.
laurenluz
commented
2 years ago it came up because of a instance this round where a project donated to themselves from the same address. it was just a clear example of someone trying to game the system, and we were thinking this should be made impossible.
I guess making a warning is good... but I also wish also that we could just make it impossible you know? like if the project is donating to themselves they should get a notification saying like "You can't donate to your own project!"... hmm... what do you think @WhyldWanderer ?
WhyldWanderer
commented
2 years ago Those donations are on the purple list and wont be eligible anyways... so technically, its already impossible to receive GIVbacks for donating to your project wallet. I think that is the most important part. People can waste gas and send funds to their own wallet if they want but they wont get GIVbacks.
I know that there is already work being done towards creating different profiles/accounts for use cases in the typescript version. I think that using dev resources to build something more than a warning or a few hours is a waste of energy when the typescript version is coming soon and we can implement donor/project accounts/profiles that will make it impossible at that time.
I imagine we could do something like this: When the user creates their profile they choose whether they are a donor or a project owner project owner accounts wouldn't be able to donate to any projects from their project addresses and addresses that are attached to projects wouldn't be able to create a donor account. I'm sure there is more to be thought about and spec'd out but these are my initial thoughts.
The other thing is that by making it impossible for purple list addresses to donate in the way that you describe is that we encourage users to find a loophole which makes it harder to track and discover fraud cases.
markoprljic
commented
2 years ago 
MoeNick
commented
2 years ago @mohammadranjbarz Can we do it for #2 but what about #1
mohammadranjbarz
commented
2 years ago @mohammadranjbarz Can we do it for #2 but what about #1
It's possible to do second item , it even doesn't need backend work, frontend should just check the userId of donor is not equal to adminId of project
Danibelle
commented
2 years ago When I donate I get this message. It seems this is a second place where a purple listed wallet would be notified that their donation does not qualify for GIVbacks.
mohammadranjbarz
commented
2 years ago @mohammadranjbarz Can we do it for #2 but what about #1
It's possible to do second item , it even doesn't need backend work, frontend should just check the userId of donor is not equal to adminId of project
@MoeNick For first thing that macro said we need some implementation in backend, please create an issue for that if we wat to do it
issue title can be something like: Implement a query/webservice to check if an address is in purpleList or not
This is a very clear instance of violating the GIVbacks program rules. Would be nice if we could make this impossible...
@WhyldWanderer @mohammadranjbarz do we have the purple list clearly accessible somewhere?
What's the best way to make this happen?