-
Notifications
You must be signed in to change notification settings - Fork 5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Preview data and function #2847
Comments
I also would like to see this functionality, especially for basic things like token transfers. At the very least, there should be an option to see the actual bytes -- it's not that useful for most people, but it's better than nothing. At this point, users are forced to trust that the site they are using is going to send the transaction that they say they will. There's no reason for this -- you should only need to trust the signer and the contract you're sending to. Also, as far as I know, there's no way for the site to demonstrate that it is legitimate. If there was an option in the API to send a more information about the transaction in addition to the actual bytes, MetaMask could verify the bytes separately. Please let me know if this is already possible in some other way. Not sure if this would work, but maybe something like:
I'm not sure what the web3 standard says about including extra fields, or if metamask could use it as I suggested. Just a thought... |
@cjeria data can look like this: https://www.4byte.directory/signatures/?page=2 |
Data source as module: https://github.com/danfinlay/eth-method-registry |
Nice! Looks interesting @danfinlay , although I wonder if the client library should compute the hash of the returned method signature and verify it. It's a small extra step but removes the trust required between the signer (and therefore the end user) on the signature registry service. That way, you can safely use the fastest/most-reliable service and not worry about sticking with a "well-known" service that might be overloaded. |
@phiferd if you read the source of the used signature registry contract, you'll see that it already verifies hashes. I guess we could always verify again, wouldn't hurt.. |
It will be best if CryptoKitties gives all the information necessary to hash and sign into MetaMask, then MetaMask can show it to the user, hash and sign it. This is preferable to CryptoKitties hashing and giving to MetaMask and then MetaMask reverse engineering the hash, showing the reverse engineered hash to the user and signing. Reasons:
|
@fulldecent I think you are suggesting something along the lines of my earlier post? Is that right? Where the application calling MetaMask would provide the method signature in a readable/parsable form. I also prefer that approach because it puts the calling application in control and doesn't require registration with a 3rd party service. As you point out, and outage in that service could affect many apps. Also, the caller would typically have access to the ABI (or at least the portion they need) to construct the data field. However, I wasn't sure if that was feasible. @danfinlay how do you feel about the caller-provides-signature approach? There's actually no reason both could not be used if there was a benefit:
|
Here is my proposed work plan:
|
MetaMask would need to know the method name as well as the order and the types for each parameter. I suggest if that data is included in the call, it is simply a segment of the contract ABI or the complete ABI (although that's a lot of wasted data). e.g.
MetaMask can then use the built-in web3 classes/methods to construct the data parameter needed to make the call. Since an ABI is just an array of objects like the one listed above, MetaMask can use that input exactly as the ABI. Apps calling metamask can the just use |
I'm really glad to see so much enthusiasm coming out in support of better signing approval screens, I think it's a very important domain for us to grow in. It was actually the first topic I ever wrote about on joining the team (that blog isn't even up anymore). I'm going to separate the scope of this proposal to distinguish it from #1142, which is basically what I've been proposing, ie using
The current module I'm proposing using uses an on-chain registry, so if it's down, the network is unavailable, making it a pretty ideal source of this information, even without requesting it from the dapp interface. Note that issue is an MVP of rendering transaction data, which should hold us over until one of various much-better solutions. I'll leave this open so you can explore improved One discussion towards a much more readable transaction approval screen is in EIP 719: Trustless Signing Protocol, and I'd love to see that issue develop further, some of these ideas seem to be approaching those. |
@danfinlay Your on-chain solution does not work on my test network. |
@fulldecent two ways it could (it hasn't been done yet! nothing is set in stone!):
Again, what I'm proposing is a first, quick, MVP way of adding metadata to the approval screen. Over 99% of our usage is on the main Ethereum network, so I'd like to not prematurely optimize for your development environment. |
@danfinlay If we're only providing a preview of the data, does this mean it is only viewable from within the tx approval screen? Or can we link to external url to view it? |
Not sure what you mean by "only providing a preview". Ideally it's not just a preview, we're showing the actual tx info, like who the kitty is sending to.
If we could make it concise enough maybe it would be, but as it is, I think showing the receiving contract & time is already pretty good for a list view. We should have this data in the tx detail view, though. |
@danfinlay how's this look? |
@cjeria looks great! One suggestion -- if a human-readable version of the signature is found, I think it should be shown in place of "36 bytes". The text could still be linked to show the popup, but I doubt end users actually care how many bytes are being sent. The fact that method calls (or "commands", which might be a more meaningful term to non-technical users) are bundled together with the parameters and called the "data" is an implementation detail that is largely irrelevant to the approval process. |
Adding to the next sprint as a design task, we'd like at least one more design option, preferably that shows the method name on the main screen, not behind a tooltip. |
@danfinlay did we ever get a list of the top transaction types from Infura? |
@danfinlay will take another stab at this. Do we know who the user type (average vs technical) is requesting this type of data exposed in the approval screen? We should design for that user type while keeping in mind the other type as well. My concern with adding too much technical data front and center is that it may be overwhelming, even for some technical users. |
The approach I think makes sense is the one that @phiferd is suggesting but placing this somewhere below the high-level tx data with an "expand details" button. |
Also, has any progress been made on the list of human-readable signature/methods yet? Would be good to have some idea of how much area would need to be allocated for these methods strings. |
@danfinlay here's another option for displaying method data in our confirm UI. Collapsed and expanded views |
Looks clean. I like it. I think the "Hex Data" section could even be pushed down into a "more details" section under the function drop down, but I get it if you don't want too much nesting. Alternately, it could be hidden unless the user has the plugin set to "developer mode". The main issue is just that most users will have no idea what the hex data is so at best they will ignore it but more likely it will just confuse them. Using a developer mode option is probably better. Also, I'm assuming that's just dummy data in there -- otherwise I didn't understand why Function is "Transfer" and Text Signature is "convertibleTokenCount". How will the individual parameters be shown? E.g. for a token transfer, there's an address and an amount. Will the amount be shown in hex, in units of grains, or in units of tokens? Ideally, it would be shown in units of tokens because that's the only representation that is meaningful to an end user. |
I was going to say the same thing. If we were reluctant about a function name in the first place, then this hex data should really be tucked further away. I also think the function name should be higher up, maybe even above where the value ($20) is listed, because usually if there is a function called, ether isn't being sent!. This isn't a total rule, so we might want two mockups:
If the function is |
Bonus: Maybe the word |
Agreed, the HEX data (or transaction data) is addressing another issue we have open which is to add advanced developer mode settings which only shows hex data if user has turned it on in settings and also if the feature is used when sending a tx. See issue MetaMask/Design#2
A few questions regaring
|
I agree with this. The top bar could definitely say the function name instead.
There isn't really a limit on function names, so we should allow wrapping, or cutting off at a certain point, but most function names should fit in a single line.
I've asked Infura if they can give us a list of the most frequent method names so we can consider them more specifically. Beyond that, we can look at Etherscan and get a sense, but it's tedious. We can also look at 4byte.directory for a list of possible method names.
Each method name is associated with some parameters, but we don't know their names, so the data we have to work with looks like this:
|
this is now a feature in the new UI's updated Confirm screens |
@bdresser |
@ArsenKulikov we pull function names from parity's signature registry, here on Etherscan. If you add your function's signature it will appear when users call it via MetaMask. |
@bdresser |
I see "Data included: 36 bytes".
How can I inspect the 36 bytes that will be included?
The text was updated successfully, but these errors were encountered: