key to security on Ethereum

An adage that exists in the cryptocurrency ecosystem says: don’t trust, verify. However, so far, many users are blindly trusting the messages shown by their Ethereum wallets and, even if they do not understand them, they sign them to process their transactions. But this practice, which is confusing and unsafe for many, is what has motivated developers to simplify the syntax of the programming language to improve the usability and experience of those who interact with decentralized applications (dApps).

A new programming standard has been incorporated into the Ethereum Enhancement Proposals (EIP) repository. EIP 3224, introduced by developer Richard Moore, is a method for application developers to enable wallets generate human readable descriptions on what the smart contract claims is going to happen.

The new proposal was introduced in January of this year and, since then, it has been under development and discussion before being incorporated into the protocol. With it, Moore optimizes other similar proposals that in the past have also proposed displaying data in a structured and readable format in user signature requests.

Increased security for Ethereum users

The method is presented as a model to strengthen the security of users, who will be able to verify data by receiving accurate information before approving transactions. With its implementation, binary data strings displayed by dApps would no longer be signed before processing transactions on Ethereum.

ethereum update user access

ethereum update user access

Moore’s proposal is that users receive readable messages so that the parameters included in the smart contracts of the dApps are available. Source: EIP 3224 Document Capture /

To understand it better, let’s suppose that a user enters a decentralized exchange today to carry out a transaction. In doing so, you must sign an order associated with your portfolio address, but this order is nothing more than a hexadecimal string that is incomprehensible to those without technical knowledge. For this reason, most choose to blindly trust the data provided by the platforms in which they operate, without the possibility of verifying what they are signing.

By not being able to verify that the data of their operation corresponds to what was requested, many users run security risks. That way, they could be tricked into transferring all their ethers to malicious actor accounts. To avoid this, Moore proposes that users know exactly what they are signing.

The proposal itself is that users receive a detailed and readable message of what the smart contract of the dApps will process next. In this way, it will be possible to verify whether the address that will receive the funds, the address from which it operates, the amount to be transferred and the commission rate, correspond to the requested order. If so then we will proceed to sign to process the operation; otherwise, the signature must be aborted.

Moore’s proposal represents a great step for the security and usability of dApps and at the same time it is a sample of how the ecosystem evolves to be available to the majority. A similar step was taken in the past when the hexadecimal addresses used in the blockchain of the second most popular cryptocurrency on the market, became human-readable addresses. In this way, a service on the Ethereum network allows assigning domain names to wallet addresses, as specified in the guide prepared by CriptoNoticias.