You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When players transact in-world, they run a risk of getting scammed. Metamask is very bad at clarifying what you’re about to sign/transact. By showing an explorer-level warning screen with information about the transaction they’re about to do, we can prevent many of these scams and improve the trust people have when using the platform.
Need
Players run a risk of being scammed when they transact in-world. This risk has always been there, but now it’s a lot worse if they’re transacting on L2. The interface exposed by Metamask for meta-transactions is useless, this is what it looks like:
Here you’re supposedly buying a wearable for 1 MANA, but you could very well be signing to give away everything you own and publicly endorse racism on-chain.
Ultimately it’s an issue of trusting the creator of the content. It’s one thing to transact with a scene from Decentral Games, and another with a random anonymous single-parcel scene you stumbled upon. We need to at least warn new players who don’t even understand who they’re putting their trust on.
Eventually when we have portable experiences, it will get even trickier. Because today when you interact with something in a scene, you know that at least that content is from the scene you’re standing on, but if you have a portable experience open, that content could belong to the portable experience too.
We don’t want people to think of Decentraland as a shady scammy place where if you don’t look out you’ll get mugged. We can’t prevent all scams, some gullible players will fall for cheap tricks, but we can at least add tools for conscientious players to trust.
A concrete short-term example: Bence recently built a really nice interactive wardrobe for buying wearables on L2, the idea is to open-source it so other creators can add it to their scenes. The problem is that creators could easily replace the contract being called there and just send the money to their account, and the wardrobe would “look official” because it will look just like the one we put in some official place. The person interacting with that copied scene might think “Decentraland wouldn’t scam me”, without knowing this is from a random hacker, and the Metamask notification doesn’t provide any readable information when doing the transaction.
Approach
Just like we have a warning screen when a scene wants to take you to an external link, we could have a warning screen telling you that you’re about to do a transaction, before Metamask opens for signing it.
This screen could have:
A high-level warning that transacting with a scene has risks
The address of the person that deployed the content that triggered this transaction (scene or smart item). Even better: the DCL name if they have one.
What transaction exactly is taking place, or at least how much MANA the player is agreeing to give away.
A “don’t warn me again” tickbox, to avoid it getting tedious if you shop in-world a lot.
Since this screen would be made on Unity, it wouldn’t be easily fakeable, it would look different from any fake screen done with the SDK UI.
This is especially useful for L2 transactions, but it could also help a lot with mainnet transactions.
Benefit
Newbie players would at least know they’re exposing themselves to risk, that makes it less bad if they do get scammed, it also frees us from some liability from that.
It also prevents a lot of possible scams, or at least makes it a lot harder.
Trustlessness in theory is a fundamental part of why the blockchain is useful, but as we add complex layers of obfuscation over what you’re doing, people are once again forced to trust in whom they’re transacting with. If we can expose some more clear information about your actions, we’re reducing the required level of trust.
We want in-world stores to become an important part of Decentraland in the future, but people should feel safe when using these.
Competition (alternatives)
Make Metamask improve their UI.
Beyond our control I suppose
Recommend some alternatives to Metamask with better UI.
Are there any better options?
Add a rating system to scenes so that players who got scammed can at least give a scene a bad review?
This would be a good thing to have too, in any case. But that’s another story. The bad thing is that it’s a reactive approach, people already got scammed by the time the bad reviews are out. Also it can get tricky with smart items, as mentioned above… did you get scammed by the scene or by the smart item you were carrying?
Instead of showing the screen for all transactions, expose an SDK function that makes "verified transactions"
This function could handle communicating with the explorer to expose this UI, AND use the same arguments to communicate with the web3 client.
Creators could choose to use this or not, but if they use it they'll have more users trusting to interact with them.
The downside is that not all scenes will use this.
Non-goals
What are you not attempting to do? What is this proposal not about?
Key Dependencies and Open Questions
Is the information about the content creator & the transaction info available to the explorer to show?
If not, is it viable to make an SDK function that both handles a transaction and handles the UI, from the same inputs. Is that approach safe enough?
How can we prevent scene creators from opening a fake UI popup that shows fake information about the transaction?
Is there any way to show that a scene is not a scam? Maybe with the POI? Can we have some sort of verified hash or entityId? I’m not sure that we can prevent someone with those meta transactions. The only verified thing is to check the contract being called. Like check if the address is the correct one. At least we must do something to identify Decentraland scenes from creator scenes to give users confidence
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Abstract:
When players transact in-world, they run a risk of getting scammed. Metamask is very bad at clarifying what you’re about to sign/transact. By showing an explorer-level warning screen with information about the transaction they’re about to do, we can prevent many of these scams and improve the trust people have when using the platform.
Need
Players run a risk of being scammed when they transact in-world. This risk has always been there, but now it’s a lot worse if they’re transacting on L2. The interface exposed by Metamask for meta-transactions is useless, this is what it looks like:
Here you’re supposedly buying a wearable for 1 MANA, but you could very well be signing to give away everything you own and publicly endorse racism on-chain.
Ultimately it’s an issue of trusting the creator of the content. It’s one thing to transact with a scene from Decentral Games, and another with a random anonymous single-parcel scene you stumbled upon. We need to at least warn new players who don’t even understand who they’re putting their trust on.
Eventually when we have portable experiences, it will get even trickier. Because today when you interact with something in a scene, you know that at least that content is from the scene you’re standing on, but if you have a portable experience open, that content could belong to the portable experience too.
We don’t want people to think of Decentraland as a shady scammy place where if you don’t look out you’ll get mugged. We can’t prevent all scams, some gullible players will fall for cheap tricks, but we can at least add tools for conscientious players to trust.
A concrete short-term example: Bence recently built a really nice interactive wardrobe for buying wearables on L2, the idea is to open-source it so other creators can add it to their scenes. The problem is that creators could easily replace the contract being called there and just send the money to their account, and the wardrobe would “look official” because it will look just like the one we put in some official place. The person interacting with that copied scene might think “Decentraland wouldn’t scam me”, without knowing this is from a random hacker, and the Metamask notification doesn’t provide any readable information when doing the transaction.
Approach
Just like we have a warning screen when a scene wants to take you to an external link, we could have a warning screen telling you that you’re about to do a transaction, before Metamask opens for signing it.
This screen could have:
A high-level warning that transacting with a scene has risks
The address of the person that deployed the content that triggered this transaction (scene or smart item). Even better: the DCL name if they have one.
What transaction exactly is taking place, or at least how much MANA the player is agreeing to give away.
A “don’t warn me again” tickbox, to avoid it getting tedious if you shop in-world a lot.
Since this screen would be made on Unity, it wouldn’t be easily fakeable, it would look different from any fake screen done with the SDK UI.
This is especially useful for L2 transactions, but it could also help a lot with mainnet transactions.
Benefit
Newbie players would at least know they’re exposing themselves to risk, that makes it less bad if they do get scammed, it also frees us from some liability from that.
It also prevents a lot of possible scams, or at least makes it a lot harder.
Trustlessness in theory is a fundamental part of why the blockchain is useful, but as we add complex layers of obfuscation over what you’re doing, people are once again forced to trust in whom they’re transacting with. If we can expose some more clear information about your actions, we’re reducing the required level of trust.
We want in-world stores to become an important part of Decentraland in the future, but people should feel safe when using these.
Competition (alternatives)
Beyond our control I suppose
Are there any better options?
This would be a good thing to have too, in any case. But that’s another story. The bad thing is that it’s a reactive approach, people already got scammed by the time the bad reviews are out. Also it can get tricky with smart items, as mentioned above… did you get scammed by the scene or by the smart item you were carrying?
This function could handle communicating with the explorer to expose this UI, AND use the same arguments to communicate with the web3 client.
Creators could choose to use this or not, but if they use it they'll have more users trusting to interact with them.
The downside is that not all scenes will use this.
Non-goals
What are you not attempting to do? What is this proposal not about?
Key Dependencies and Open Questions
Beta Was this translation helpful? Give feedback.
All reactions