Tag testnets in a machine readable way

[matejcik]

It's a huge pain to figure out which networks are testnets, esp. with people doing crap like calling the testnet "tau" and the mainnet "kappa"

[ligi]

What is the criteria for a testnet? The lines are blurry .. Why do you need to figure out which ones are testnets?

[matejcik]

Why do you need to figure out which ones are testnets?

Key isolation. On a hardware wallet, I don't want to be using the same address for toy coins for experimental chains, and coins that have actual value, which I don't want stolen or endangered by signing some sort of smart contract message with who-knows-what cross-chain replay protection.

(on Trezor we enforce that "testnet" coins are only using the derivation path m/44h/1h/... whereas the real thing is m/44h/<slip44>h/....)

(of course, the whole issue wouldn't exist if Metamask didn't use the same derivation path for every EVM)

What is the criteria for a testnet? The lines are blurry

The devs of the EVM in question should know ;) My criterion would be, is the environment stable enough to be a "store of value", however small that "value" is, then it is a mainnet. If there is built-in expectation that there will be rollbacks, experimental forks, if the coin is intended as valueless for this purpose, it is a testnet.

[ligi]

I do not see the key-isolation part tbh - the chainID and EIP155 isolate the chains already and they cannot be replayed from one to the other. We enforce unique chainIDs. The chainID is part of the tx and this way it cannot be replayed.

wrt becoming blurry: there are testnets I trust more than some "mainnets"

[matejcik]

Call it "account isolation" then? Signing an EIP712 message for a smart contract might not include the chain id, and the message might still confer some permissions when someone else wraps it into a transaction on another chain. Wasn't there a problem of this kind with some DEX back when EthPoW started?

But mainly, cryptographic hygiene: don't use the same key for different domains if you can at all avoid it.

Quite honestly, just the ability for the devs to say "this one is testnet and this one is mainnet" would be nice -- sure, I can rely on responsible devs to fill out different slip44 ids to indicate "don't use the same address", but even an irresponsible dev understands what a "testnet" is. (and if someone is deliberately creating something that is not clearly a testnet, flip a coin -- there is no hard line for my purposes so this will not mess anything up)

wrt becoming blurry: there are testnets I trust more than some "mainnets"

yes, well, a boolean field "do_not_touch_with_a_10foot_pole" (defaults to true) would also be appreciated ;)

[ligi]

But mainly, cryptographic hygiene: don't use the same key for different domains if you can at all avoid it.

yea - fully agree with this - but still do not see any reason for a testnet flag here as it is the same if you use it between 2 "mainnets"

yes, well, a boolean field "do_not_touch_with_a_10foot_pole" (defaults to true) would also be appreciated ;)

we kinda have this with the redFlags array - unfortunately this is a bid underused

I am really not opposed to add more markers to the data of chains - but I think a testnet flag is not helpful. I really hate a "testnet" filter that is often done btw. I value a lot of testnets more than some mainnets

[matejcik]

I guess you can close this issue then, i've stated my position well enough.

it is the same if you use it between 2 "mainnets"

Absolutely true, the trouble is we're fighting against the ecosystem here. We can't realistically enforce separation even between networks with properly defined slip44, because Metamask will hate you if you want to use different address per network. The very vague splitting of the world into "testnets" and "mainnets" is enforceable at least.

From the other end of this: a tag saying "this is an L2 of XYZ" marker would be useful to positively assert that you should use the same address.

[ligi]

we have a way of saying this is a L2 of XYZ in our data - happy to add metadata like this - because there is not really room for interpretation - it is "hard data"

My main fear about a "testnet" flag is that people will put to much trust into things that do not have this flag ..

Anyway happy about other ideas how to add metadata to chains to indicate intent - just "testnet" is to coarse/wishy-washy for me