After the long-awaited merger of Ethereum, it is an ideal time to think about how we can also improve smart contracts. Essentially applications that run on blockchains, smart contracts are an important part of our Web3 applications. But interacting with them is still quite dangerous, especially for non-developers. Many of the incidents where users lose their crypto holdings are caused by bugs or malicious smart contracts.
As a Web3 app developer, this is a challenge I think about often, especially as waves of new users continue to enter various blockchain applications. To fully trust a smart contract, a consumer needs to know exactly what it’s going to do when they do a transaction – because unlike the Web2 world, there’s no hotline to call and recover money if something goes wrong. But currently, it is almost impossible to know whether a smart contract is secure or reliable.
Related: Liquidity is the key to cross-chain security
One solution is to make the wallet itself better. For example, what if wallets could tell us if a smart contract is safe to interact with? It’s probably impossible to know with 100% certainty, but wallets could at least aggregate and show a lot of the signals developers are already looking for. This would make the process simpler and safer, especially for non-developers.
Here’s a deeper look at the pros and cons of smart contracts, why they seem like the Wild West right now, and how we could improve the UX of using them.
The Promise and Peril of Smart Contracts
For developers, using a smart contract as a support for their application has huge potential. It also increases the potential for errors and exploits. It’s great that developers can create smart contracts without asking anyone for permission, but it can also expose users to considerable risk. We now have hundreds of millions of dollars worth of programs with no security guarantees. As it stands, we simply have to trust that these programs are bug-free and deliver what they promise.
Many non-developers are not even aware of the security issues involved and do not take appropriate precautions when interacting with blockchain-based applications. A normal user might sign a transaction thinking it will do one thing, only to discover that the smart contract does something completely different. Therefore, malicious smart contracts are a primary attack curve for bad actors.
Why are smart contracts the wild west?
When a Web3 app makes a smart contract call, you don’t know exactly what the transaction will do until you actually do it. Will it enter your non-volatile token (NFT), or will it send your money and tokens to hackers? This unpredictability applies to any web application, of course, not just Web3 applications; predicting what code will do is very difficult. But it’s a bigger issue in the Web3 world where most of these programs are inherently high end (they’re built to handle your money), and there’s so little protection for consumers.
The App Store is largely secure due to Apple’s review process, but it is not in Web3. If an iOS app starts stealing users’ money, Apple will take it down immediately to cut losses and revoke its creator’s account.
Connected: Latin America is ready for crypto – Just integrate it with their payment system
On the other hand, malicious smart contracts cannot be taken down by anyone. There is also no way to recover stolen property. If a malicious deal drains your wallet, you can’t simply dispute the transaction with your credit card company. If the contractor is anonymous, as is generally the case with malicious contracts, there is often not even the possibility of taking legal action.
From a developer’s point of view, it is much better if the code for the smart contract is open source. Popular smart contracts usually publish their source code – a huge improvement over Web2 apps. But even then, it’s easy to miss what’s really going on. It can also be very difficult to predict how the code will run in all cases. (Consider this long, scary Twitter thread by an experienced developer who almost fell for a sophisticated phishing scam, even after reading the agreements involved. Only on a second closer inspection did he notice the abuse.)
Compounding these issues, people are often pressured to act quickly when interacting with smart contracts. Consider an NFT fallback presented by influencers: Consumers will worry that the portfolio will sell out quickly, so they will often try to make trades as fast as they can, ignoring any red flags they might encounter along the way.
In short, the same features that make smart contracts powerful for developers—such as permissionless issuance and programmable money—make them very dangerous for consumers.
I don’t think this system is fundamentally flawed. But there are tons of opportunities for Web3 developers like me to provide better handrails for consumers using wallets and smart contracts today.
Using wallets and smart contracts today
In many ways, wallets like MetaMask feel like they were created for developers. They show a lot of deep technical details and details in blockchain that are useful in building applications.
The problem with that is that non-developers are also using MetaMask – without understanding what it all means. No one expected Web3 to become this fast in general, and wallets haven’t quite caught up with the needs of the new user base.
Connected: Learn from Celsius – Stop wasting your money
MetaMask has has already done a great job of rebranding the “Memo” to “Secret” to prevent consumers from unwittingly sharing it with hackers. However, there is much more room for improvement.
Let’s take a look at MetaMask’s user interface (UI), followed by some mock-ups I created detailing some potential improvements that could lead consumers into the “pit of success. (By the way, MetaMask serves as a reference here since it’s widely used around the Web3 world, but these UI ideas should also apply to pretty much any wallet app.) Some of these design tweaks could be built today, while others may require technological advances on the contract side.
The image below shows what the current MetaMask smart contract trading window looks like.
We see the address of the smart contract we’re communicating with, the website that initiated the transaction, and then lots of information about the funds we’re sending to the contract. However, there is no indication what this contract call does or any indication that it is safe to communicate with.
Possible solutions to improve smart contracts
What we really want to see here are signals that help us as end users determine whether or not we trust these smart contracts. As an analogy, think of the small green or red lock in the address bar of a modern web browser, which indicates whether the connection is encrypted or not. This color-coded indicator helps steer novice users away from potential dangers, while power users can easily ignore it if they wish.
As a visual example, here are two quick user experience (UX) design simulations of a MetaMask transaction – one that is likely to be secure and one that is less certain.
Here are some of the tags in my mock-up:
- Is the contract source code published? Open source agreements are generally more trusted because any developer can read them to find bugs and malicious code. MetaMask already includes various links to Etherscan, so this would be a simple and convenient token to add.
- Audit level. Third-party review is another sign that can determine reliability. The main implementation question here is how to determine this level. Are there any accepted standards for this already? If not, a simple way could be to use Etherscan, which supports audit upload. MetaMask, in this example, may also maintain its own list of auditors, or rely on a list of third parties. (From what I can tell, MetaMask already does this for the NFT API and token analysis.) In the future, it’s easy to imagine a decentralized independent organization to determine audit levels in a more decentralized way.
- What can this business do? Can it call external contracts, and if so, which ones? This would be very hard to determine perfectly, but I wonder if a simple version for open source contracts would be feasible. There are already plenty of automated smart contract vulnerability scanners out there. If this is not possible for Solidity, I wonder if we could design a smart contract programming language that does allow this level of static analysis. Perhaps individual functions could declare the permissions they need and the compiler could ensure consistency.
- Safety advice and education. If a smart contract does not have many signs of authenticity (see mock-up above right), the user interface may recommend appropriate precautions to be taken, such as checking that the contract’s address is correct and using a different account. These are suggestions in the orange text, as opposed to red, where the lack of signs is not necessarily dangerous; here we simply recommend that users choose to be a little more cautious about their next steps.
Like many existing features in MetaMask, this proposed feature could be turned off in the settings.
Towards a safer future
In the future, many security-oriented tools will likely be based on the primitive components offered by blockchains. For example, it is likely that we will see insurance protocols that protect users from smart contracts being tampered with. (These already exist, but they’re still pretty niche.)
Connected: What will fuel the likely crypto bull run in 2024?
However, consumers are already using Web3 applications, even in these early days, so I’d love to see the developer community add more protections for them now. Simple wallet improvements could go a long way. Some of the above ideas would help protect inexperienced users while streamlining the business process for Web3 veterans.
From my perspective, anything short of trading crypto assets on Coinbase (or other majors) is still far too risky for the average consumer. When friends and family ask about setting up a self-custodial crypto wallet to use a Web3 application (let’s face it – usually, to buy NFTs), always start by warning them of the risks. This deters some, but those who are more determined still want to use them. When our wallets are smarter, we’ll feel much better about joining the next wave of new users on the Web3.
Devin Abbott (@dvnabbott) is the founder of Deco, a startup that has been acquired by Airbnb. He specializes in design and development tools, React and Web3 applications, most recently with The Graph.
This article is for general informational purposes and is not intended and should not be construed as legal or investment advice. The views, thoughts and opinions expressed herein are those of the authors alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.
Mail Bonus – #Wallets #MetaMask #user #friendly