omnat
commented
3 years ago @wachunei You had brought up the issue of missing address validation on custom networks (which affects extension too). Does that issue sound the same as this one?
I tested the watch asset method on mobile, and looks like we show an error when the token (by chaindID) doesn't match the selected chainID. So maybe this isn't an issue anymore?
wachunei
mobularay
As a user, if I don't see my token/nft appear right away, and I am manually adding a custom token, then I would like appropriate guidance (e.g., warnings, info) so I don't end up unknowingly custom adding a bad token.
Only show the tokens of this custom network in the dropdown list of 'Custom Add token'. For this, we need to find token lists for the different networks - this is not available yet.
When user tries to add a token that doesn't exist on this network, show them an error.
More context:
DAI needs to be minted separately on different chains - they aren't equivalent, they have different token addresses. User is trusting the network when they are adding a custom token. So, Matic, xDAI, BSC all have 'DAI' (with different token addresses), so users who are trying to move DAI from 1 network to another, then you have to go via a bridge (an application that interacts with the 2 chains to make this transfer of assets).. BUT, users don't know they have to do this via a bridge (NOT MetaMask) - if they do this without bridge then users lose their money.
Bad token = malicious token (impersonating), wrong token (ensure we block the ability to add a token that doesn't exist on this chain)
Relevant context: https://twitter.com/MyCrypto/status/1369402543625932803, https://consensys.slack.com/archives/G8RSKCNCD/p1614720056085500