WingNews logo WingNews
top | item 31760325

(no title)

spinny | 3 years ago

the wallet in question is probably metamask, a browser extension. it injects a web3 provider in `window.ethereum`. connecting the wallet is done by calling `window.ethereum.enable()`, this pops up a dialog asking you to connect an address to the website. it just tels the extension that the website is allowed to interact with the extension

This article is about phishing in the context of cryptos.

Silent signing doesn't happen (unless there is some kind of bug in metamask). the user is always presented with the contract address and call data (the args to the contract call)

discuss

order

mrep|3 years ago

I have a CS degree and have worked at FAANG for 6 years and that was straight gibberish to me. I guess maybe because I have only worked at FAANG using traditional tech and not crypto startups?

AgentME|3 years ago

I think that explanation was just a little too jargony.

If you have the Metamask browser extension (or another compatible web3 extension) and press its browser button to enable it while on a webpage, then the webpage can see your wallet address and suggest transactions for you to make. When that happens, the browser extension then shows a window under its own control explaining the transaction and allows you to choose to sign or reject the transaction.

The webpage never sees anything about your wallet if you don't activate the extension on the page specifically, it never sees your private keys, and it can never silently sign a transaction from you.

xwolfi|3 years ago

I work in a 100yo investment bank and am quite familiar with how it all works and yet, even if I didnt just work in a technical-centric company like you but a business and finance-centric one at that, I still think it's gibberish.

Worse, I learned to decode what they refer to talking like that and I still dont see a point: to the gibberrish or to the whole concept.

justsomeguy123|3 years ago

I bet a whole lot of your day to day technical and administrative work is gibberish. Your yearly evaluation alone probably would require training for an outside person to understand.

Which is to say... don't assume jargon is pointless.

Yeahsureok|3 years ago

Some js code makes a popup window appear for user to enter a transaction address (like bank details) so they can clicky click on it. Then it shows those details to confirm.

Is that simple enough for a senior FAANG engineer?