When a contract is imported it should be confirmed that the contracts byte code is on a white list of allowed values.
I am worried about people creating malicious contracts to attack our client side user interface. Tricking people into pointing our user interface at them. This is probably impossible right now but its a good practice to use from the outset in my opinion.
I raise it here as opposed to making PRs because
I don't know where all the contracts are imported.
I want to get your opinions on it before i move ahead with it.
When a contract is imported it should be confirmed that the contracts byte code is on a white list of allowed values.
I am worried about people creating malicious contracts to attack our client side user interface. Tricking people into pointing our user interface at them. This is probably impossible right now but its a good practice to use from the outset in my opinion.
I raise it here as opposed to making PRs because