-
Notifications
You must be signed in to change notification settings - Fork 140
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
proposal to restrict ethereum address on NEAR
- Loading branch information
1 parent
4886221
commit db338c1
Showing
1 changed file
with
74 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,74 @@ | ||
--- | ||
NEP: 0 | ||
Title: Restrict creation of Ethereum Addresses | ||
Authors: Bowen Wang<[email protected]> | ||
Status: Draft | ||
DiscussionsTo: https://github.com/nearprotocol/neps/pull/0000 | ||
Type: Protocol | ||
Version: 0.0.0 | ||
Created: 2023-07-27 | ||
LastUpdated: 2023-07-27 | ||
--- | ||
|
||
## Summary | ||
|
||
This proposal aims to restrict the creation of Ethereum addresses on NEAR to both prevent loss of funds due to careless user behaviors and scams | ||
and create possibilities for future interopability solutions. | ||
|
||
## Motivation | ||
|
||
Today an [Ethereum address](https://ethereum.org/en/developers/docs/accounts/) such as "0x32400084c286cf3e17e7b677ea9583e60a000324" is a valid account on NEAR and because it is longer than 32 characters, | ||
anyone can create such an account. This has unfortunately caused a few incidents where users lose their funds due to either a scam or careless behaviors. | ||
For example, when a user withdraw USDT from an exchange to their NEAR account, it is possible that they think they withdraw to Ethereum and therefore enter their Eth address. | ||
If this address exists on NEAR, then the user would lose their fund. A malicious actor could exploit this can create known Eth smart contract addresses on NEAR to trick users to send tokens to those addresses. With the proliferation of BOS gateways, including Ethereum ones, such exploits may become more common as users switch between NEAR wallets and Ethereum wallets (mainly metamask). | ||
|
||
In addition to prevent loss of funds for users, this change allows the possibility of Ethereum wallets supporting NEAR transactions, which could enable much more adoption of NEAR. The exact details of how that would be done is outside the scope of this proposal. | ||
|
||
There are currently ~5000 Ethereum addresses already created on NEAR. It is also outside the scope of this proposal to discuss what to do with them. | ||
|
||
## Specification | ||
|
||
The proposed change is quite simple. Only the protocol registrar account (which can create top-level accounts <= 32 bytes) can create Ethereum addresses. | ||
|
||
## Reference Implementation | ||
|
||
The implementation roughly looks as follows: | ||
|
||
```Rust | ||
fn action_create_account(...) { | ||
... | ||
if account_id.is_ethereum_address() | ||
&& predecessor_id != &account_creation_config.registrar_account_id | ||
{ | ||
// An Ethereum address can only be created by the registrar account | ||
result.result = Err(ActionErrorKind::CreateAccountOnlyByRegistrar { | ||
account_id: account_id.clone(), | ||
registrar_account_id: account_creation_config.registrar_account_id.clone(), | ||
predecessor_id: predecessor_id.clone(), | ||
} | ||
.into()); | ||
return; | ||
} | ||
... | ||
} | ||
``` | ||
|
||
## Alternatives | ||
|
||
There does not appear to be a good alternative for this problem. | ||
|
||
## Future possibilities | ||
|
||
Ethereum wallets such as Metamask could potentially support NEAR transactions through meta transactions. | ||
|
||
## Consequences | ||
|
||
In the short term, no Ethereum addresses would be allowed to be created, but this change would not create any problem for users. | ||
|
||
### Backwards Compatibility | ||
|
||
There is no backwards compatibility concern. | ||
|
||
## Copyright | ||
|
||
Copyright and related rights waived via [CC0](https://creativecommons.org/publicdomain/zero/1.0/). |