fbpx
Connect with us

Bit Coin

Wallets like MetaMask need to become more user-friendly

Published

on

Wallets like MetaMask need to become more user-friendly

After Ethereum’s long-awaited Merge, it’s an ideal time to think about how we can also improve smart contracts. Essentially apps that run on blockchains, smart contracts are a vital component of our Web3 applications. But interacting with them remains quite dangerous, especially for non-developers. Many of the incidents where users lose their crypto assets are caused by buggy or malicious smart contracts.

As a Web3 app developer, this is a challenge I think about often, especially as waves of new users keep onboarding into various blockchain applications. To fully trust a smart contract, a consumer needs to know exactly what it’s going to do when they make a transaction — because unlike in the Web2 world, there’s no customer support hotline to call and recover funds if something goes wrong. But currently, it’s nearly impossible to know if a smart contract is safe or trustworthy.

Related: Liquid staking is key to interchain security

One solution is to make wallets themselves smarter. For instance, what if wallets could tell us if a smart contract is safe to interact with? It’s probably impossible to know that with 100% certainty, but wallets could, at minimum, aggregate and display a lot of the signals that developers already look for. This would make the process simpler and safer, especially for non-developers.

Here’s a deeper look at the advantages and disadvantages of smart contracts, why they seem like the Wild West now, and how we might improve the UX for using them.

The promise and peril of smart contracts

For developers, using a smart contract as the backend for their app has enormous potential. It also increases the potential for bugs and exploits. It’s great that smart contracts can be created by developers without asking anybody for permission, but that can also expose users to considerable risk. We now have apps transacting hundreds of millions of dollars with no safety guarantees. As it stands, we simply have to trust that these apps are bug-free and do what they promise.

Many non-developers aren’t even aware of the safety issues involved and don’t take the appropriate precautions when interacting with blockchain-based apps. The average user might sign a transaction thinking it’s going to do one thing, only to discover the smart contract does something else entirely. It’s why malicious smart contracts are a primary attack vector for bad actors.

Why are smart contracts the Wild West?

When a Web3 app makes a smart contract call, you don’t know exactly what the transaction will do until you actually do it. Will it mint your nonfungible token (NFT), or will it send your money and tokens to a hacker? This unpredictability is true of any online application, of course, not just Web3 apps; predicting what code will do is very hard. But it’s a bigger issue in the Web3 world since most of these apps are inherently high stakes (they’re built for handling your money), and there’s so little protection for consumers.

The App Store is largely safe due to Apple’s review process, but that doesn’t exist in Web3. If an iOS app starts stealing users’ money, Apple will take it down right away to mitigate losses and revoke the account of its creator.

Related: Latin America is ready for crypto — Just integrate it with their payment systems

Malicious smart contracts, on the other hand, can’t be taken down by anybody. There’s also no way to recover stolen assets. If a malicious contract drains your wallet, you can’t simply dispute the transaction with your credit card company. If the developer is anonymous, as is generally the case with malicious contracts, there often isn’t even an option to take legal action.

From a developer’s perspective, it is much better if the code for a smart contract is open source. Popular smart contracts do typically publish their source code — a huge improvement over Web2 apps. But even then, it’s easy to miss what’s really going on. It can also be very difficult to predict how the code will run in all scenarios. (Consider this long, scary Twitter thread by an experienced developer who almost fell for a complex phishing scam, even after reading the contracts involved. Only upon a second closer inspection did he notice the exploit.)

Compounding these problems, people are often pressured to act quickly when interacting with smart contracts. Consider an NFT drop promoted by influencers: Consumers will be worried about the collection quickly selling out, so they’ll often try to make a transaction as fast as they can, ignoring any red flags they might encounter along the way.

In short, the very same features that make smart contracts powerful for developers — such as permissionless publishing and programmable money — make them quite dangerous for consumers.

I don’t think this system is fundamentally flawed. But there is a ton of opportunity for Web3 developers like me to provide better guardrails for consumers using wallets and smart contracts today.

The UX of wallets and smart contracts today

In many ways, wallets like MetaMask feel like they were created for developers. They display a lot of deep technical details and blockchain minutiae that are useful when building apps.

The problem with that is that non-developers also use MetaMask — without understanding what everything means. Nobody expected Web3 to go mainstream so quickly, and wallets haven’t quite caught up with the needs of their new user base.

Related: Learn from Celsius — Stop exchanges from seizing your money

MetaMask has already done a great job of rebranding the “mnemonic phrase” to “secret phrase” to prevent consumers from unwittingly sharing it with hackers. However, there’s plenty more room for improvement.

Let’s take a look at MetaMask’s user interface (UI), followed by a couple of mock-ups I created outlining some potential improvements that could guide consumers into the “pit of success.” (By the way, MetaMask here serves as a reference since it’s heavily used across the Web3 world, but these UI ideas should also apply to pretty much any wallet app.) Some of these design tweaks could be built today, while others might require technical advances on the smart contract side.

The image below displays what the current MetaMask smart contract transaction window looks like.

We see the address of the smart contract we’re interacting with, the website that initiated the transaction, and then a lot of details about the funds we’re sending to the contract. However, there’s no indication of what this contract call does or any indicator that it’s safe to interact with.

Potential solutions to improve smart contracts

What we’d really like to see here are signals that help us as end users to determine whether we trust this smart contract transaction or not. As an analogy, think about the little green or red lock in the address bar of modern web browsers, which indicates whether the connection is encrypted or not. This color-coded indicator helps guide inexperienced users away from potential dangers, while power users can easily ignore it if preferred.

As a visual example, here are two quick user experience (UX) design mock-ups of MetaMask transactions — one that’s likely to be safe, and one that’s less certain.

Here are a few of the signals in my mock-up:

  • Is the contract source code published? Open-source contracts are generally more trustable because any developer can read them to find bugs and malicious code. MetaMask already includes various links to Etherscan, so this would be a simple and convenient signal to add.
  • Audit score. A third-party audit is another signal that can determine trustworthiness. The main implementation question here is how to determine this score. Are there any accepted standards for this already? If not, a simple way could be to use Etherscan, which supports uploading audits. MetaMask, in this example, could also maintain its own list of auditors, or rely on a list of third parties. (From what I can tell, MetaMask already does this for NFT APIs and token detection.) In the future, it’s easy to imagine a decentralized autonomous organization for determining audit scores in a more decentralized way.
  • What can this transaction do? Can it call external contracts, and if so, which ones? This would be very difficult to determine perfectly, but I wonder if a simple version for open-source contracts would be feasible. There are already plenty of automated smart-contract vulnerability scanners out there. If this isn’t possible for Solidity, I wonder if we could design a smart contract programming language that does allow this level of static analysis. Perhaps individual functions could declare the permissions they need, and the compiler could guarantee conformance.
  • Security tips and education. If a smart contract doesn’t have many signals of trustworthiness (see mock-up above on the right), the UI could recommend an appropriate set of precautions to take, such as checking if the contract address is correct and using a different account. These are suggestions made in the orange text, as opposed to red, since a lack of signals isn’t necessarily dangerous; here, we’re simply recommending that users opt to be a bit more cautious about their next steps.

Like many existing features in MetaMask, these proposed features could be turned off in the settings.

Toward a safer future

In the future, there will likely be many safety-focused tools built on the primitive components that blockchains provide. For instance, it’s likely we’ll see insurance protocols that protect users from buggy smart contracts become commonplace. (These exist already, but they’re still fairly niche.)

Related: What will drive crypto’s likely 2024 bull run?

However, consumers are already using Web3 apps, even in these early days, so I’d love to see the dev community add more protections for them now. Some simple improvements to wallets could go a long way. Some of the aforementioned ideas would help protect inexperienced users while simultaneously streamlining the transaction process for Web3 veterans.

From my perspective, anything outside of trading crypto assets on Coinbase (or other big companies) is still far too risky for the average consumer. When friends and family ask about setting up a self-custody crypto wallet to use Web3 apps (let’s face it — usually, in order to buy NFTs), always start by warning them of the risks. This scares some of them away, but the more determined people want to use them anyway. When our wallets are smarter, we’ll be able to feel much better about onboarding the next wave of new users to Web3.

Devin Abbott (@dvnabbott) is the founder of Deco, a startup acquired by Airbnb. He specializes in design and development tools, React and Web3 applications, most recently with The Graph.

This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts, and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

Go to Source

Bit Coin

California fraud cases highlight the need for a regulatory crackdown on crypto

Published

on

California fraud cases highlight the need for a regulatory crackdown on crypto

The California Department of Financial Protection and Innovation (DFPI) announced last month that it had issued desist and refrain orders to 11 entities for violating California securities laws. Some of the highlights included allegations that they offered unqualified securities as well as material misrepresentations and omissions to investors.

These violations should remind us that while crypto is a unique and exciting industry for the public at large, it is still an area that is rife with the potential for bad players and fraud. To date, government crypto regulation has been minimal at best, with a distinct lack of action. Whether you are a full-time professional investor or just a casual fan who wants to be involved, you need to be absolutely sure of what you are getting into before getting involved in any crypto opportunity.

California has toyed with setting up a crypto-specific business registration process for those looking to do business in the state. The proposed framework was vetoed by Governor Gavin Newsom as the resources required to establish and enforce such a framework would be prohibitive for the state. While this type of compliance infrastructure has not been employed yet, it points to concerns that regulatory authorities have related to the crypto industry.

There appears to be a pattern that new industries, especially those that garner as much international attention as crypto, are especially susceptible to fraud. One must go only as far back as cannabis legalization to find the last time California had to deal with fraudulent schemes at this scale.

Related: The feds are coming for the metaverse — from Axie Infinity to Bored Apes

It appears inevitable that California, known to be a first mover in regulation and compliance, will create some form of crypto-specific compliance infrastructure in the name of consumer protection. If history is any indication, once California releases its framework, other states will follow.

Federal and state representatives have been attempting to draft legislation to establish financial standards for crypto with little luck to date. At the federal level, Senators Cory Booker, John Thune, Debbie Stabenow and John Boozman co-sponsored a bill to empower the Commodities Futures Trading Commission (CFTC) to serve as the regulatory body for crypto, while Senators Kirsten Gillibrand and Cynthia Lummis co-sponsored a bill to establish more clear guidance on digital assets and virtual currencies. Lawmakers have even reached out to tech luminaries such as Mark Zuckerberg to weigh in on crypto fraud.

Cryptocurrencies, California, CFTC, Legislation, Law, Scams, Fraud, Bitcoin Scams
Source: Chainalysis

None of these or other similarly crypto-focused bills are expected to pass in 2022, but this level of bipartisan cooperation has been unprecedented in recent times. The collaboration should reflect just the sheer magnitude of the need for a regulatory framework. Said another way, Democrats and Republicans speaking to one another about anything should stop the presses, but the fact that they are co-sponsoring multiple bills should tell us that there is a monumental requirement for guidance.

How should one approach investing in the crypto space if the government is not going to establish controls for crypto? There are a few general points that one should consider if they are presented with a crypto investment opportunity.

Related: GameFi developers could be facing big fines and hard time

When reviewing any opportunity, do your due diligence! Do not take anyone’s word without some level of substantive support. If crypto is not an area of expertise, reach out to professionals who do have qualified experience. Make sure to utilize crypto monitoring and blockchain analysis tools, if possible, as part of the vetting process.

A common strategy of fraudsters is putting undue pressure or artificial timelines on a potential close. Slow down the process and use any and all time necessary to make an investment decision.

If it sounds too good to be true, it probably is. As overplayed as the cliché may be, it does bring up a valid point. There have been instances of schemes offering to pay initial and ongoing dividends for any new investors that are brought in and for additional dividends to be paid from any investors that those new investors bring in. If this sounds like a pyramid or multi-level marketing scheme, that’s because it is. Terms like “No Risk Investment” get thrown around as well. Ultimately, if no one knows where the opportunity is coming from, beware.

While crypto can be a fun and electrifying topic with many legitimate opportunities, there are bad players who will take advantage of the lack of government oversight and the excitement of overenthusiastic or undereducated investors.

Zach Gordon is a certified public accountant (CPA) and vice president of crypto accounting for Propeller Industries, serving as fractional chief financial officer and adviser to a portfolio of crypto and Web3 clients. He has been named a Forty Under 40 CPA, sits on the Digital Assets Committee for the NYSSCPA and has been working with crypto clients in a variety of capacities since 2016.

This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts, and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

Go to Source

Continue Reading

Bit Coin

NFT space bridges passions for tennis legend Maria Sharapova

Published

on

NFT space bridges passions for tennis legend Maria Sharapova

Tennis legend Maria Sharapova appeared at the Binance Blockchain Week Paris 2022 to share her interest in nonfungible tokens (NFTs).

During an exclusive interview with Cointelegraph, Sharapova mentioned that “she is exposing herself to this new world of crypto and Web3,” noting that the sector will help her better engage with her fans. Sharapova was also one of the strategic investors behind MoonPay’s Series A financing round, yet she mentioned that she aims to bridge her personal experiences to the digital world moving forward.

Maria Sharapova (right) with Cointelegraph senior reporter Rachel Wolfson (left) at Binance Blockchain Week Paris 2022. Source: Rachel Wolfson

Cointelegraph: What are you doing here today at Binance Blockchain Week Paris?

Maria Sharapova: I’m crypto curious and would like to figure out how to bridge the incredible physical experiences that I’ve been able to have with my fans over so many years. I’m now finding ways to include experiences in the digital world, so that’s what I’m most excited about. Also, as a female entrepreneur, I believe it’s important to pave the way for other women to enter Web3. Money is a topic that I feel we don’t speak enough about as women.

CT: Do you have plans to launch an NFT project?

MS: I’ve been looking at this space for several months now, as I’m someone who is more in favor of opportunities for the long haul. When I saw the opportunity to bridge physical with digital experiences, I knew I wanted it to be a long-term experience for myself. Storytelling is very important and it’s a huge component of Web3. I think stories will be told better for both parties when thinking about a project long-term.

Recent: The Caribbean is pioneering CBDCs with mixed results amid banking difficulties

CT: Do you think NFTs can help create better fan engagement?

MS: Absolutely. NFTs are about finding ways to communicate with the right communities interested in what I’m doing within a different type of space. For example, I was seen on a television screen every week playing tennis for so many years, yet I no longer have that platform on a daily basis because I retired a couple of years ago. The Web3 experience has given me access to my fans in entirely new ways. I feel like I’m more engaged with them, as opposed to them just being engaged by watching me compete.

CT: As a female entrepreneur and former athlete, do you have plans to get more women involved in Web3?

MS: I want to allow women to have a space where they experiment with Web3. For example, I was 17 when I won my first grand slam and social media was in no way part of that experience. It took years for me to get comfortable with social media over time. I think Web3 is also an area where one has to get out there in order to learn and grow from it. As I mentioned earlier, the conversation about money, finance, crypto and blockchain is a taboo conversation. People may feel that unless they know about these topics, they shouldn’t speak up. But I think this should be the other way around — you learn a lot more if you ask questions and get involved.

CT: Why did you decide to invest in MoonPay?

MS: I want to diversify my portfolio. In the beginning, my investments were around consumer goods. For example, I invested in the sunscreen brand Supergoop early on. I am now exposing myself to an entirely new category.

CT: What do you think are the biggest challenges associated with Web3 and how can we overcome these?

MS: I’d love to see the quality of Web3 experiences come through a bit more and improve, specifically in the digital space.

Recent: Are decentralized digital identities the future or just a niche use case?

CT: Any additional comments?

MS: I’m really interested in the NFT space because it bridges my passion for fashion, interior design and creating spaces that are unique to individuals and communities. I’ve become more interested in this space because it has more of a design perspective. It’s also an entirely new revenue stream that both artists and women are discovering.

Go to Source

Continue Reading

Bit Coin

Bill Aims to Limit Crypto Mining in Kazakhstan Only to Registered Companies

Published

on

Bill Aims to Limit Crypto Mining in Kazakhstan Only to Registered Companies

Bill Aims to Limit Crypto Mining in Kazakhstan Only to Registered Companies

New legislation proposed in the parliament of Kazakhstan will allow only authorized miners to mint digital currency, if adopted. The draft has been designed to comprehensively regulate the industry and reduce what its sponsors label as uncontrolled consumption of electricity in the sector.

Lawmakers in Kazakhstan Submit Crypto Mining Law, Seek to Curb ‘Gray’ Mining

Members of the Mazhilis, the lower house of Kazakhstan’s parliament, have put forward a new bill introducing rules for the extraction of cryptocurrencies in the country. Under its provisions, only companies registered at the Astana International Financial Center (AIFC) or non-resident entities that have agreements with licensed data centers, will be permitted to mine digital coins.

Kazakhstan became a magnet for crypto miners following China’s crackdown on the industry and the influx of mining businesses has caused a growing power deficit. AIFC, the Central Asian nation’s financial hub, is in the focus of government efforts to place the country’s growing crypto sector under oversight. Earlier this year, exchanges registered there were allowed to open accounts with local banks.

The current procedure for notifying authorities of mining activities is voluntary, the crypto news outlet Forklog noted in a report on the legislative attempt. The process is regulated by an order issued by the minister of digital development. Only a third of all mining companies operating in Kazakhstan have registered, Member of Parliament Ekaterina Smyshlyaeva revealed.

“The uncontrolled use of electricity by ‘gray’ miners poses a threat to the energy security of Kazakhstan,” the lawmaker insisted. Smyshlyaeva added that the current legislation does not regulate the mechanism for the sale of the mined cryptocurrency or the role of local financial service providers and the circulation of digital assets. “The procedure for their production and the establishment of property rights to them are regulated only at sub-legislative level,” she explained.

According to Kazakhstan’s State Revenue Committee, the contributions of crypto mining entities to the state budget reached $1.5 million in the first quarter of 2022. In July, President Kassym-Jomart Tokayev signed into law a bill amending the country’s Tax Code to impose higher tax rates on crypto miners. The levies now depend on the amount and average price of electricity consumed for the minting of bitcoin and other cryptocurrencies.

Do you expect the new law to reduce the number of entities authorized to mine cryptocurrencies in Kazakhstan? Tell us in the comments section below.

Lubomir Tassev

Lubomir Tassev is a journalist from tech-savvy Eastern Europe who likes Hitchens’s quote: “Being a writer is what I am, rather than what I do.” Besides crypto, blockchain and fintech, international politics and economics are two other sources of inspiration.

Image Credits: Shutterstock, Pixabay, Wiki Commons

Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.

Go to Source

Continue Reading
Home | Latest News | Cryptocurrency | Bit Coin | Wallets like MetaMask need to become more user-friendly
a

Market

Trending