Open johannesmoormann opened 2 years ago
Could we be more specific what the problem is (or what the sub problems are)?
What I go from the issue so far:
The problems above would be more problems that should be handled by the infrastructure team in my opinion and not web.
Related problems that would be more in the scope of the web app for me would be:
The problem was intentionally broad (though I agree that the title sucks) as I do not want to limit the discussion to what the web team could achieve here, especially since we have a solution in place (the spam token list) and opted out of individual token management before I joined.
Part 1: Define the problem
What problem are you trying to solve?
Spam tokens on Mainnet are a present issue, especially for publicly known Safes, and are likely to increase on L2s due to reduced spam costs. The manually curated spam token list does solve the issue of spam tokens appearing in our users interfaces.
What is your hypothesis?
What value does this bring to our customer and/or our mission? What is the goal?
Information provided by the interface such as total portfolio balance becomes irrelevant or misleading. Spam tokens are a highly subjective manner and we do not have a clear definition of what a spam token is nor is it likely that we can keep up with a manually curated spam token list. Increased loading times for Safes with a high number of spam tokens. Our L2 strategy opens up the door for low transaction costs on L2s make spamming more likely. Entities providing their Safe Address Spam tokens are a highly subjective manner and we do not have a clear definition of what a spam token is nor is it likely that we can keep up with a manually curated spam token list.
How do we measure it?
Links:
Top 5 Safes in terms of ETH value with Tokens marked as Spam or Misleading by Etherscan on Mainnet
9/10 of highest USD value assets: https://gnosis-safe.io/app/eth:0x220866B1A2219f40e72f5c628B65D54268cA3A9D/balances 2/3 of highest USD value assets: https://gnosis-safe.io/app/eth:0x1db92e2eebc8e0c075a02bea49a2935bcd2dfcf4/balances 2/10 of highest USD value assets: https://gnosis-safe.io/app/eth:0x78605df79524164911c144801f41e9811b7db73d/balances 1/6 of highest USD value assets: https://gnosis-safe.io/app/eth:0xC61b9BB3A7a0767E3179713f3A5c7a9aeDCE193C/balances 1/6 of highest USD value assets: https://gnosis-safe.io/app/eth:0xDCA6aB9508D28c0eB7b120b8252041edcb56753F/balances
Part 2: Shaping the problem
// Once the problem statement has passed the Great Filter, work with the team on the problem statement and elaborate on the following points to create more certainty around the problem and possible solutions. Make sure to identify dependencies and invite the necessary stakeholders early into the shaping process.
Problem Owner
@schmanu
Non Goal(s)
Solution
// At the end of the process, if possible, leave only the solution here that you want to be considered during the prioritization vote. Move all other solutions or ideas to Alternative solutions.
Solution 1: Allowlist using Tokenlist Standard
New Safe setting to only show ERC20 tokens from official tokenlists. Show verification level for each ERC20 token to build trust. For the tokenlists we use a selection of lists from the Uniswap Tokenlists standard.
How does the solution work?
By default: Only verified tokens are displayed to the user
In the Assets Page we display a badge next to ERC20 Tokens indicating if they are verified and by how many lists:
Give a warning when attempting to transfer unverified tokens
Rough Scoping & Timeline
Implementation Tasks (by Team)
🤳🏼 Mobile (if we wanna keep mobile / web in sync)
🎨 Design
🐙 Web
📱 Apps
🛣️ Infra
Change getBalance() API
[ ] Return verification info in TokenInfo for networks with token lists:
[ ] Return in ChainInfo if a chain supports tokenlist verification
Pros:
Most secure approach: Unexperienced users won’t be intimidated to interact with spam tokens
Those token lists are publicly available and actively maintained
Can be done in backend ⇒ Good performance
Quite common approach: Most DEXes use such lists in their auto-completion to avoid people falling for scams
Cons:
Concept Mocks
Alternative solutions & ideas
Open Questions