For most users, the "digital signature" full of cryptography is always elusive.In the context of cryptocurrency, where daily trading volume exceeds 10 million, and transaction volume reach billions of dollars, the significance of digital signatures becomes increasingly evident. It is not only a key role in cryptocurrency transactions, but also an important shield to protect assets.
However, as the signing landscape expands, so do the associated risks. Take the NFT theft incidents that emerged from OpenSea in 2022 as an example. Behind these incidents are often users who were hacked and phished after authorization, resulting in signature theft.
In blockchain transactions, it is not uncommon for authorization to be done inadvertently, resulting in signatures being stolen. In response to such risks, imToken launched a newly designed "signature experience" and enhanced the security risk control system, allowing users to achieve "what you see is what you sign" while ensuring security.
Brand new signing experience. What you see is what you‘re signing for.
"What you see is what you sign" means that what the user signs should be exactly the same as what he sees and expects. In order to implement this principle, imToken has carried out a comprehensive upgrade in every link involving signature, such as DApp login, transfers, token exchange or authorization, etc., so that users can easily understand every transaction. The following are optimization points for different scenarios:
1. Login: When logging in to a DApp, a message signature is required to verify identity or agree to the terms of service. imToken will clearly display all signature information, including login information, original data, wallet address, login website and its URL, and the DApp details.
2. Transfer: During the transfer process, imToken has added details to display, and a reminder will pop up when transferring money to a new address for the first time, prompting the user to verify the accuracy of the address. At the same time, a new payment address details page is added to view the historical interaction records with the address to help users better understand the usage of the address.
3. Authorization：When interacting with platforms such as Uniswap, it is often necessary to authorize the token transfer authority to the contract in order to automatically complete the transaction. imToken supports displaying details of two authorization methods, approve and permit, including authorization amount, time, token and contract details, etc. In addition, it also supports modifying the authorization amount and time directly by clicking "Edit"。
4. Contract interaction: On the interactive pages of platforms such as Uniswap, Tokenlon, OpenSea, and cross-chain bridges, imToken now shows the detailed changes in token quantities and contract details to help users judge whether the interaction meets expectations and is safe.
Enhanced risk control system for added security.
In the face of increasingly fierce malicious signatures in the market, imToken has upgraded and improved various signature scenarios and potential risk points in an all-round way, greatly strengthening the protection ability of the risk control system.
1. Professional targeted measures
- Unparseable signatures such as eth_sign: Set risk reminders while retaining the user's operational autonomy;
- Non-standard EIP-712 Type signature: if the format changes, set a clear reminder;
- ENS security risk control: Set clear reminders for possible zero-width characters.
2. Active security protection
- Mark risky tokens, ban risky addresses and DApps;
- When transferring funds to the contract address, a reminder will pop up to ensure that misoperation is avoided;
- When authorizing an ordinary account, a reminder pops up to reduce the risk of wrong authorization;
- In the token exchange process, a warning alert pops up if slippage is too high.
Be Cautious with Risky and Contract Addresses
We sincerely invite users to provide valuable suggestions and feedback to help us further optimize and improve, and provide a more intuitive and secure signature experience in the encryption ecosystem. At the same time, imToken will continue to explore and continue to bring you more new functions and scenarios in the future, so as to provide you with more comprehensive and safer services.
If you have more suggestions, feel free to share them with us.