namada icon indicating copy to clipboard operation
namada copied to clipboard
verified publisher icon anoma

Improve MASP fee payment UX

Open grarco opened this issue 1 year ago • 2 comments

Some suggestions coming from https://github.com/anoma/namada/issues/3961#issuecomment-2447810438 (thanks @Rigorously).

The implementation of masp fee payment in the client (as of #3959) has some flaws:

  • The client always require to pass in a gas-spending-key when using disposable-gas-payer. We could actually imply the usage of the --source and allow the second arg to be optionally used when we want to use a different key for the fees
  • Using --gas-payer (or --signing-keys) when the source of a transfer is the MASP is still allowed but it's unsafe because it leaks information. In this case we should always use a new disposable address and unshield the funds from the pool. We should prevent the usage of that argument in these cases or at least limit it to dev/testing scenarios
  • Because of the previous two points we might be able to just remove the disposable-gas-payer argument altogether

grarco avatar Oct 31 '24 16:10 grarco

Another thing to consider: we currently return "insufficient funds" errors from some sdk calls, which are inaccurate. The underlying errors are due to the MASP fee payment gas limit protocol parameter being exceeded. This is likely related to https://github.com/anoma/namada/issues/3961#issuecomment-2457144586.

sug0 avatar Nov 05 '24 13:11 sug0

Regarding the second point we might still allow paying fees transparently but we'll put the option behind some unsafe flag and display a message to the user explaining the information leakage.

cc @brentstone

grarco avatar Feb 14 '25 15:02 grarco