FuzzyDream
commented
1 year ago See also https://github.com/stake-house/wagyu-key-gen/issues/152 which was the original issue to require a withdrawal address. I think this was the right call (it even points out the capability still remains in CLI), and I strongly disagree with the later decision to revert it (#156), but at the very least some strong nudges should be provided.
Since leaving the withdrawal address blank is significantly more dangerous than choosing a withdrawal address upfront, and since the majority of less sophisticated users will be using the GUI, users should be strongly warned about the perils of leaving their withdrawal address blank if they attempt to do so.
Note that it was previously decided, in issue #155, that the user should not be REQUIRED to enter a withdrawal address, because they might for some reason not want to receive regular payouts while validating (although I would argue that corner-case scenarios like this should be limited to people using the command line, while the GUI should focus on limiting as much as possible the ways users can hurt themselves)
I suggest if the user attempts to leave the withdrawal address blank that they should see a pop-up warning that there are significant security risks associated with a blank withdrawal address. Additionally, the text on the box, which currently says "optional" should say something more stern like "highly recommended"