Skip to content
This repository was archived by the owner on Mar 5, 2025. It is now read-only.
This repository was archived by the owner on Mar 5, 2025. It is now read-only.

Proposal for a Transaction Safeguard in web3.js #6056

Open
Open
Proposal for a Transaction Safeguard in web3.js#6056
Labels
4.x4.0 relatedDiscussionFeature Request
@Muhammad-Altabba

Description

@Muhammad-Altabba
Muhammad-Altabba
opened on May 2, 2023

Description

I propose the addition of a safeguard that performs certain checks before signing or sending a transaction. This safeguard will help prevent common security risks associated with Ethereum transactions and can be configured with different levels of caution. I am opening this discussion to propose the implementation of this feature. Here are the proposed levels for the safeguard, along with their features.
[Thanks to @jdevcs for proposing some of the points listed below]

Features

The safeguard option would have one of the following configurations below:

  1. "Reckless" level:
    No restrictions or checks beyond the basic requirements for transaction signing and sending.

  2. "Expert" level: (could be the default level because it does not require any inquiry to a node or a third party)

  • Prevent sending to the null address (0x0 or 0x0000000000000000000000000000000000000000).
  • Prevent sending a token to its smart contract address.
  • Prevent sending Ethers or tokens to any address that does not have a valid checksum.
  1. "Normal" level: (users would be encouraged to use this)
    All of the Expert Level restrictions, plus:
  • Prevent sending to a known scam address (possibly depending on Ethereum Scam Checker or Etherscan).
  • Prevent sending a transaction or tokens to a smart contract that does not have its code verified on Etherscan.
  • Prevent paying very high transaction fees (for example, more than double the current normal).
  • Prevent paying very low transaction fees (for example, less than half of normal).
  • Prevent sending more than 50% of the user's balance of Ethers or the specified token.
  • Prevent sending to an address that has never initiated a transaction (to make the user double-check that they know the owner or have the private key).
  1. "Paranoid" level
  • Restrict sending to whitelisted addresses only (the user needs to first add the address to a whitelist that is saved inside, for example, SQLite or the browser cookies, or in the memory in the first draft implementation).
  • Prevent sending ethers or tokens to any smart contract address.

Implementation

The send and sign functions would need to be updated to accept a config object for the safeguard. This config object can be customized for every feature. For example, the user can use the "Normal" level, but also choose which of the last 2 restrictions to apply.

Conclusion

Overall, this safeguard will provide an extra layer of security for Ethereum transactions performed through web3.js and will be customizable according to the user's comfort level. I believe that this proposal will benefit all users of web3.js and make it easier for them to safely interact with the Ethereum network.

Thank you.

Metadata

Metadata

Assignees

No one assigned

    Labels

    4.x4.0 relatedDiscussionFeature Request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions