-
Notifications
You must be signed in to change notification settings - Fork 143
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
proposal to restrict ethereum address on NEAR #492
Merged
Merged
Changes from all commits
Commits
Show all changes
5 commits
Select commit
Hold shift + click to select a range
bcbc6dc
proposal to restrict ethereum address on NEAR
bowenwang1996 d452196
update the proposal to restrict top level accounts
bowenwang1996 fe0bd15
Merge branch 'master' into restrict-ethereum-address
frol 8a3594f
Update neps/nep-0492.md
frol e6acabc
Merge branch 'master' into restrict-ethereum-address
frol File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,74 @@ | ||
--- | ||
NEP: 492 | ||
Title: Restrict creation of Ethereum Addresses | ||
Authors: Bowen Wang <[email protected]> | ||
Status: Final | ||
DiscussionsTo: https://github.com/near/NEPs/pull/492 | ||
Type: Protocol | ||
Version: 0.0.0 | ||
Created: 2023-07-27 | ||
LastUpdated: 2023-07-27 | ||
--- | ||
|
||
## Summary | ||
|
||
This proposal aims to restrict the creation of top level accounts (other than implicit accounts) on NEAR to both prevent loss of funds due to careless user behaviors and scams | ||
and create possibilities for future interopability solutions. | ||
|
||
## Motivation | ||
|
||
Today an [Ethereum address](https://ethereum.org/en/developers/docs/accounts/) such as "0x32400084c286cf3e17e7b677ea9583e60a000324" is a valid account on NEAR and because it is longer than 32 characters, | ||
anyone can create such an account. This has unfortunately caused a few incidents where users lose their funds due to either a scam or careless behaviors. | ||
For example, when a user withdraw USDT from an exchange to their NEAR account, it is possible that they think they withdraw to Ethereum and therefore enter their Eth address. | ||
If this address exists on NEAR, then the user would lose their fund. A malicious actor could exploit this can create known Eth smart contract addresses on NEAR to trick users to send tokens to those addresses. With the proliferation of BOS gateways, including Ethereum ones, such exploits may become more common as users switch between NEAR wallets and Ethereum wallets (mainly metamask). | ||
|
||
In addition to prevent loss of funds for users, this change allows the possibility of Ethereum wallets supporting NEAR transactions, which could enable much more adoption of NEAR. The exact details of how that would be done is outside the scope of this proposal. | ||
|
||
There are currently ~5000 Ethereum addresses already created on NEAR. It is also outside the scope of this proposal to discuss what to do with them. | ||
|
||
## Specification | ||
|
||
The proposed change is quite simple. Only the protocol registrar account can create top-level accounts that are not implicit accounts | ||
|
||
## Reference Implementation | ||
|
||
The implementation roughly looks as follows: | ||
|
||
```Rust | ||
fn action_create_account(...) { | ||
... | ||
if account_id.is_top_level() && !account_id.is_implicit() | ||
&& predecessor_id != &account_creation_config.registrar_account_id | ||
{ | ||
// Top level accounts that are not implicit can only be created by registrar | ||
result.result = Err(ActionErrorKind::CreateAccountOnlyByRegistrar { | ||
account_id: account_id.clone(), | ||
registrar_account_id: account_creation_config.registrar_account_id.clone(), | ||
predecessor_id: predecessor_id.clone(), | ||
} | ||
.into()); | ||
return; | ||
} | ||
... | ||
} | ||
``` | ||
|
||
## Alternatives | ||
|
||
There does not appear to be a good alternative for this problem. | ||
|
||
## Future possibilities | ||
|
||
Ethereum wallets such as Metamask could potentially support NEAR transactions through meta transactions. | ||
|
||
## Consequences | ||
|
||
In the short term, no new top-level accounts would be allowed to be created, but this change would not create any problem for users. | ||
|
||
### Backwards Compatibility | ||
|
||
For Ethereum addresses specifically, there are ~5000 existing ones, but this proposal per se do not deal with existing accounts. | ||
|
||
## Copyright | ||
|
||
Copyright and related rights waived via [CC0](https://creativecommons.org/publicdomain/zero/1.0/). |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What about other non-Ethereum-like top level accounts whos creation would have been restricted by this proposal?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are a total of 11423 accounts on mainnet that are top-level accounts longer than 32 characters and that are not implicit accounts. I don't think there is a clear pattern that people use top-level accounts longer than 32 characters for.