Cross Network Use of Accounts Should Return Warning Message

[andersonmmi]

• I expected that MetaMask would warn me against using Truffle TestRPC accounts on the Main Net, or at least silo accounts between networks. I also expect metamask would return an error if I tried to purchase ETH for a TestRPC account.
• MetaMask allowed me to import the private keys from Truffle TestRPC and interact with the Main Net. I was able to link through the buy button and fund this account with 0.001 Ether from Coinbase. That ETH was captured within 3 blocks.
• Browser: Chrome
• OS: MacOS 10.13.3

Full write up here: https://medium.com/@andersonmmi/truffle-testrpc-accounts-can-cost-unwarry-developers-real-world-ether-c314c9bc970a

[2-am-zzz]

Although I understand your concerns, would you have any ideas by which we could even detect this kind of behavior? If it were as simple as detecting if a user has used a non-mainnet testnet within a single session, then we could set some booleans in the background to trigger a warning message.

However, it seems in this case that you've imported a private key from Truffle. There isn't a very good way for us to detect if this is a "test address" on the various chains out there.

However again, this was a test address that is basically becoming a "whoops" ground for several people--would it help you if we just blacklist this specific address and warn people that this is the truffle address as a stopgap measure?

[andersonmmi]

You know how imported addresses are labelled as loose? We could just label these testRPC/ganache addresses with "test". Seems like a logic test against the array of known test addresses could check this on the front end and it would be very light. I can code it up an PR it if that would help?

[2-am-zzz]

Yes please, go ahead and start up the PR and we can continue discussions there--thank you for such due diligence on writing up that blog post!