Closed DaveAppleton closed 6 years ago
@danfinlay - do you have a block To: address ?
We do not have a blacklist for addresses, we only have the blacklist phishing sites. A proposal to blacklist Etherdelta is not a likely one and would require deliberation. You can propose this here: https://github.com/MetaMask/eth-phishing-detect/issues/new. For now I believe notifying EtherDelta and its users would be the first step in preventing transactions to scam tokens. You can post your findings on EtherDelta's main Gitter channel. https://gitter.im/etherdelta/etherdelta.github.io
Proposal: Add blacklist for addresses/contracts.
Thanks.
@DaveAppleton
When trading on EtherDelta, you're sending TXs to EtherDelta, not any of these contract addresses, so blocking them won't stop people from buying them on EtherDelta, we would have to also add a custom EtherDelta transaction parser to block these purchases.
Why, I might ask, should we be responsible for keeping their users safer than they are willing to? They're the ones earning fees with every transaction, if they aren't willing to budge for security, people should seriously ask if they should be using it at all.
I've retweeted your warning from MetaMask's twitter, but ultimately I just think people need to stop using sites that don't have their security in mind. People can add tokens to EtherDelta forever, and if we (at MetaMask) try to blacklist all of them, we're going to put a huge strain on ourselves and our software, all in service of one exchange that has proven itself to stick with a variety of insecure practices (Continuing to use eth.sign for signatures, supporting private keys stored in the page, and allowing anyone to add duplicate tokens).
Fair comment.
This address has created fake tokens and put them onto E/D
address/symbol