Enhancing Security Against DeFi Front-End Attacks

WhiteHatDegen · February 7, 2024, 4:54pm

TLDR:

Over the last 6 months the number of Front-End Attacks increased
Users lost money because they interacted with malicious smart contracts
We propose a system of linking DApp URLs to a list of owner verified smart contracts
This way users can ensure to interact with the official smart contract of a domain
We will make this available in MetaMask as a snap for smooth UX
Happy to receive any feedback

Goals
As active users of the Balancer app, we’ve noticed the rising risk of Front-End Attacks for new users of DeFi. Balancer, Galxe, Curve experienced Front-End attacks and even security heavyweight Ledger’s frontend library was replaced with a malicious version.

Solutions until now, have always gone back to thorough user education and careful transaction behavior, just like this guide from Binance. However, we think there should be better solutions to guide user behavior and make DeFi more safe without the need to read through thick manuals.

Means
We propose the following solution, but are happy to receive any feedback on that topic.

Linking DApp URLs to Verified Smart Contracts: The system associates Balancer DApp URL with a verified list of smart contracts. This list, updated by the Balancer team, will provide users the confidence that we are interacting with the official, secure smart contracts when using the app: e.g. With protection enabled, only whitelisted smart contract addresses (e.g. 0x0xBA1…2C8) will be interactable on Balancer
Enriching the Smart Contract Metadata with trust attestations like Twitter Account, Legal Entity Identifier for DAOs with legal entity, Contact Details and even on-chain data like transaction count and volume within the last 24h.
Integration with MetaMask: To make the experience even smoother, we are integrating this security feature directly into MetaMask (via Snaps). Imagine the peace of mind knowing that, as we use Balancer with MetaMask, we’re protected from potential Front-End Attacks.

About Us
If you are involved as a DeFi Builder we are excited to connect!
Access for Early Users via Telegram Group
More Info: https://www.onchaintrust.org/

Topic		Replies	Views
Fund ChainPatrol to Protect the Balancer Community from Online Threats Funding Proposals	3	635	December 15, 2023
[BIP-333] - Deploy Balancer on Linea General Proposal	3	763	June 14, 2023
Funding PhishFort as Antiphishing and Brand Protection Solution Funding Proposals	0	751	October 13, 2023
[BIP-589] Enable Balancer Deployment into Mode Governance	2	320	April 18, 2024
[Proposal] Whitelist Index Coop's Investment Account Gnosis Safe for Balancer's VotingEscrow General Proposal	3	710	May 12, 2022

Enhancing Security Against DeFi Front-End Attacks

Related Topics