RFC Security through user experience

[moul]

The purpose of this issue is to compile a list of ideas that can not only minimize security risks, but also improve the user experience to make Gno safer and more user-friendly.

Below are some initial ideas:

• Display contract information (used features, novel/established, dependencies), like GitHub displays repository details. Do it recursively with dependencies.
• Propose making allowance a native feature of the chain at the contract-side, not grc20 only, allowing pre-approval Approve of contracts and introducing an intermediary level of allowance called OnlyDirectlyIfNoSpecificApproval.
• Create a p/demo/rules library with well-named helpers to enable end developers to easily select the best policy for each case and simplify review for end users. (See issues #683 and #301).
• Implement source code highlighting to emphasize important components.
• Create an incentivized "security audit DAO" to review and badge compliant contracts.
• Reuse the same or establish a "Phishing Police DAO" responsible for identifying, blocking and punishing malicious contracts and authors.
• Display useful vanity metrics to gauge contract reputation, such as total direct/indirect transactions, age, and unique users (similar to NPMJS download counts).
• Add a warning message to contracts developed by non-registered developers specifically on gno.land. (see #384)

[kristovatlas]

@moul how about transaction simulation to try to predict the outcome of transactions prior to signing? This is becoming a popular feature in Etheruem wallets now.