search

leather-io / desktop

Manage STX tokens and Stacking
https://leather.io/
192 stars 71 forks source link

Mitigate against memo abuse (e.g. scam messages) #1192

Closed 314159265359879 closed 1 year ago

314159265359879 commented 1 year ago

If you see something like this in your wallet, ignore it. the website is phishing for your keys.

image

Some options to deal with this in the wallet:

  1. Show a partial memo
  2. filter out urls
  3. filter out common scam messages
  4. flag anything that is not a random string of characters (commonly used for memo's on exchanges) or yes/no/agree/disagree (commonly used for voting)
  5. Do not show memo until we have a better solution.

Or perhaps

  1. Leave it as is and expect users to use common sense.
markmhendrickson commented 1 year ago

either 2 or 5 sound fine to me

314159265359879 commented 1 year ago

I am in favour of 5, it is in line with the web extension and it also prevents a phisher to work around 2.

kyranjamie commented 1 year ago

5*: don't show memos on inbound transactions

markmhendrickson commented 1 year ago

@friedger is this something you could tackle this week or prefer someone else does? 🙏

markmhendrickson commented 1 year ago

Assigning myself to QA