"Quick Win" Wallet security features?


Hope this is the right place. Seeing stories of wallets getting drained because of obscurity in the process made me wonder why client-side safeguards aren’t in place. Simple (from a user-perspective) and optional feature ideas like:

  • Description and confirmation of a transaction via a whitelisted wallet client before processing.

  • Configurable time delays before transaction processing begins in some scenarios (if combined with push notifications could help people cancel a malicious transaction).

  • Parsing actions a target smart contract can take on your wallet into a human-readable list of permissions, much like Android.

Presumably, this would have to entail a layer 1 mechanism to be able to define rulesets for whitelisted actors & operations. Additionally, smart contracts might have to handle these variable time delays appearing in their workflows. I also would expect this to be opt-in, as some people would prefer speed over enhanced security for at least certain things. This has probably been considered in some shape or form already, but haven’t seen anything yet.

1 Like