Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[LSP0] Improve LSP0 Anti-Phishing by Adding Transfer Delay #195

Open
YamenMerhi opened this issue Mar 17, 2023 · 3 comments
Open

[LSP0] Improve LSP0 Anti-Phishing by Adding Transfer Delay #195

YamenMerhi opened this issue Mar 17, 2023 · 3 comments

Comments

@YamenMerhi
Copy link
Member

Issue Description

LSP0 relies on LSP14 for ownership management, which is beneficial in preventing accidental ownership transfers by mitigating common mistakes such as typos in addresses. However, LSP14 does not provide protection against phishing attacks.

Currently, LSP14 allows attackers to trick users into signing a transferOwnership transaction, which can then be accepted by the attacker as soon as it's mined. This single-step process is vulnerable to phishing attacks.

In contrast, the renounceOwnership process in LSP14 requires two steps and enforces a delay between them. This delay helps reduce the risk of successful phishing attacks since the attacker cannot immediately request the user to sign the subsequent transaction.

Proposed Solution

To enhance the phishing protection in LSP0, we suggest implementing a similar mechanism to the renounceOwnership process for transferOwnership:

After a user initiates a transferOwnership transaction, the recipient address cannot accept ownership until a predefined delay period has passed.
If the new owner does not accept ownership within the limited time window, the transfer is invalidated.
By adding this delay, interfaces can display warnings or notifications to the user regarding the ownership transfer, giving them a chance to rectify any mistakes. Additionally, integration with mobile, email, or SMS services can alert users of ownership transfers, allowing them to take quick action if needed, similar to receiving notifications when someone logs into their Google account.

This proposed solution strengthens LSP0 against phishing attacks, providing a more robust protection mechanism for ownership transfers.

@CJ42
Copy link
Member

CJ42 commented Mar 20, 2023

I think it is an excellent idea and I would push this proposal further.

@skimaharvey @samuel-videau wdyt?

@samuel-videau
Copy link
Contributor

So if I understand well, there would be a only an interval when you can accept the ownership?
E.g.
17:00 - transferOwnership
17:05 - acceptOwnership open
17:15 - acceptOwnership close

@YamenMerhi
Copy link
Member Author

We could have an interval like @samuel-videau mentioned, or we agree on a simplest version where:

  • 17:00 - transferOwnership
  • 17:05 - acceptOwnership open

Just to do the purpose of this issue, which is having 2 steps, and a delay where in case the transferOwnership happened by mistake or by an attacker, a user will have time to do some stuff, like revoking the access, etc ..

And the idea is to allow this effect of delay after the deployment of the UP by like 100 block, so when deployed the UP can be setup (transferOwnership to another contract) without a delay, like we do with lsp-factory/relayer.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

3 participants