TEPs icon indicating copy to clipboard operation
TEPs copied to clipboard

Published 20 hours ago verified publisher icon ton-blockchain

TEP: Wallet registry for dapps

Open talkol opened this issue 2 years ago • 4 comments

This standard defines an on-chain registry to hold a list of wallet providers (such as TonKeeper and TonHub) and allows TON dapp clients to query this list before displaying the "Connect Wallet" screen.

talkol avatar Sep 11 '22 22:09 talkol

I don't see how this registry could be completely decentralized: Right now one of the wallets for TON uses our (Tonhub) sources in violation of its license, and they would be able to put themselves into a list with a legitimate wallets.

This is the same reason why Metamask changed their license to kill copycats. I have experience in the past with other opensource products, and they all are under constant threat of phishing wallets. Ledger is another excellent example - there are so many fake apps that are just a fork of a ledger app that asks for a seed phrase.

Pretty much the issue is the same as a lot of fake "USDC(T)" coins in virtually any network.

ex3ndr avatar Sep 12 '22 10:09 ex3ndr

@ex3ndr I understand your concern about fraudulent wallets. I'm personally fine with any of these alternatives:

  1. Giving the foundation a master key that will allow the foundation to delete a fraudulent wallet from the registry in extreme scenarios (the deposit of this wallet will not be returned to discourage them from registering)
  2. Moving the registry from a contract to a foundation hosted JSON file (like global.config.json) that contains the list of domains of all wallets - this is a bit more centralized but still works and achieves most goals
  3. Ignoring the problem and saying that it should be resolved off-chain by taking legal action against the fraudulent wallet in the real world. This may be similar to some entity registering a TON DNS name that has a trademark and using it for phishing - like binance.ton or coinbase.ton - TON DNS does not attempt to resolve this issue on-chain

I wonder what @EmelyanenkoK @tolya-yanot think

talkol avatar Sep 12 '22 16:09 talkol

If the registration fee for a wallet is too large, only the largest wallets will afford it, which will lead to a situation similar to a Metamask. If the registration fee is too low, attackers will be able to register malicious wallets and some users will download them.

Also, it's not good to rely on solutions in which everything will be controlled by one organization (for example, TON Foundation), because this is essentially centralization, and it will add a lot of extra work to them like checking wallets for security.

Gusarich avatar Sep 26 '22 12:09 Gusarich

Why there are different ways to connect wallet? I thought that Ton Connect 2.0 unified everything under ton:// url 🫠

SupinePandora43 avatar Mar 29 '23 17:03 SupinePandora43