[ERTP, Zoe] How does ERTP/Zoe/UIs address social attacks related to displaying amounts? #589

DavidBruant · 2020-02-21T09:27:55Z

I'm creating a separate issue to discuss what started in another issue : #521 (comment)

I'm concerned that there is a social attack here where a user will simply look at the data and see that it matches, but it is actually a different object identity.

I don't understand a specific attack scenario, so it's not clear to me what ERTP/Zoe/UIs is defending against nor whether it's doing a good job at protecting against it

katelynsills · 2020-02-21T17:54:10Z

Thanks for making this issue!

katelynsills · 2020-08-12T01:08:48Z

Closing this because we have a wallet that can display non-fungible amounts, so the display issues are no longer theoretical.

katelynsills added ERTP package: ERTP Zoe package: Zoe labels Feb 21, 2020

katelynsills changed the title ~~How does ERTP/Zoe/UIs address social attacks related to displaying amounts?~~ [ERTP, Zoe] How does ERTP/Zoe/UIs address social attacks related to displaying amounts? Feb 21, 2020

katelynsills added hackathon-release and removed hackathon-release labels Mar 30, 2020

erights added the security label Apr 19, 2020

katelynsills closed this as completed Aug 12, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[ERTP, Zoe] How does ERTP/Zoe/UIs address social attacks related to displaying amounts? #589

[ERTP, Zoe] How does ERTP/Zoe/UIs address social attacks related to displaying amounts? #589

DavidBruant commented Feb 21, 2020

katelynsills commented Feb 21, 2020

katelynsills commented Aug 12, 2020

[ERTP, Zoe] How does ERTP/Zoe/UIs address social attacks related to displaying amounts? #589

[ERTP, Zoe] How does ERTP/Zoe/UIs address social attacks related to displaying amounts? #589

Comments

DavidBruant commented Feb 21, 2020

katelynsills commented Feb 21, 2020

katelynsills commented Aug 12, 2020