Customer Success: Metacash: Building Confidence in Blockchain

PREVENTING PHISHING ATTACKS

AGAINST SMART CONTRACTS IN BLOCKCHAIN APPLICATIONS

Blockchain Adoption Challenges:
Price Fluctuation and Transaction Fees

Cryptocurrencies have been slow in their goal to reach mass adoption, in part due to the inherent price fluctuations to the underlying crypto assets. It is easy to see why someone may not want to spend their currency on goods and services if they think the value of the currency will rise by simply waiting.

To combat this, blockchain platforms have converged around the concept of stable coins as a means of exchange. These tokens are mapped 1-to-1 with a stable national currency like the US dollar through various technical mechanisms. This allows users to achieve the benefits of conducting business on a blockchain platform, such as lower fees and the minimization of rent-seeking middlemen, without the risk of holding on to an unstable form of money.

The Ethereum blockchain is the most popular public smart contract platform at the time of writing and has many stable coins built on top of its network. Unfortunately, due to the design of the system, all transactions that are made to the blockchain must pay a small transaction fee in the blockchain’s native currency, Ether. This presents a conundrum for mass adoption. Users that want to achieve simple, fast, low-friction payments without needing to understand any of the underlying blockchain techs can send stable coins easily over the Ethereum network; however, they must still purchase Ether to cover the cost of fees, increasing the friction for onboarding new users.

Blockchain Adoption Solutions:
Stable Coins and Relay Networks

Metacash is a project that aims to solve this problem by creating a network of relayers that will pay your transaction fees for you. By signing a message authorizing a stable coin transaction, a relayer can submit a transaction to the Ethereum network on behalf of the user that transfers the stable coin from that user’s Metacash wallet for them. With this system, the relayer can pay all the transaction fees using their personal Ether and collect small payments from the user’s wallet in their stable coin.

Signing a transaction or message with the user’s private key is the only way to move funds from their wallet. If relayers become unavailable or act malicious, the user will still have full control of their funds. This allows users to interact with the growing blockchain ecosystem in a safe manner, using only stable coins and not exposing themselves to volatility or confusion when dealing with other crypto assets.

Security Innovation Assessment:
Phishing Threats to Message Signing

Security Innovation approached Metacash shortly after the initial release of their beta contract after identifying a possible threat to their design. Due to the way many Ethereum wallets sign messages (using the eth_sign web3.js function), it is difficult for users to verify what their signed message does or ensure that the message is only used in the intended smart contract. By default, wallet interfaces will just display a blob of hex data to be signed with no context whatsoever.

Example UX of signing a message with “eth_sign”
source: http://eips.ethereum.org/EIPS/eip-712

This issue presented a unique challenge for Metacash. Let’s assume there is a malicious DApp (Decentralized application that interacts with a smart contract) called CryptoBullDogs. This DApp might have a feature that requires a user to sign a message with their wallet in order to perform a standard operation, such as registering or authenticating to the DApp. Despite seeing potential warnings, a user is likely to sign the random hex data if this is the user experience that they are used to with other DApps.

This issue is similar in nature to the risk of self-signed certificates in web 2.0 applications. If a user becomes accustomed to clicking past the warnings for their internal company tool, they are more likely to ignore the warning in a legitimate Man-in-the-Middle attack.