- Over the last 6 months the number of Front-End Attacks increased
- Users lost money because they interacted with malicious smart contracts
- We propose a system of linking DApp URLs to a list of owner verified smart contracts
- This way users can ensure to interact with the official smart contract of a domain
- We will make this available in MetaMask as a snap for smooth UX
- Happy to receive any feedback
As active users of the Balancer app, we’ve noticed the rising risk of Front-End Attacks for new users of DeFi. Balancer, Galxe, Curve experienced Front-End attacks and even security heavyweight Ledger’s frontend library was replaced with a malicious version.
Solutions until now, have always gone back to thorough user education and careful transaction behavior, just like this guide from Binance. However, we think there should be better solutions to guide user behavior and make DeFi more safe without the need to read through thick manuals.
We propose the following solution, but are happy to receive any feedback on that topic.
Linking DApp URLs to Verified Smart Contracts: The system associates Balancer DApp URL with a verified list of smart contracts. This list, updated by the Balancer team, will provide users the confidence that we are interacting with the official, secure smart contracts when using the app: e.g. With protection enabled, only whitelisted smart contract addresses (e.g. 0x0xBA1…2C8) will be interactable on Balancer
Enriching the Smart Contract Metadata with trust attestations like Twitter Account, Legal Entity Identifier for DAOs with legal entity, Contact Details and even on-chain data like transaction count and volume within the last 24h.
Integration with MetaMask: To make the experience even smoother, we are integrating this security feature directly into MetaMask (via Snaps). Imagine the peace of mind knowing that, as we use Balancer with MetaMask, we’re protected from potential Front-End Attacks.