What does a user see? How should a user investigate a transaction to check what it does? Is there any good automated explanation/visualization of the effect of a transaction?
When a site initiates a transaction, you can see the address you're interacting with. You should then look up the address on etherscan to see if it has public code and a lot of transactions. Then you should search that address in google and see if the main site links to it. A lot of projects have a list of addresses in their github. You can also inspect the function code. Once you're comfortable, you should add it to your saved addresses on your wallet and next time you'll see the name of the address.
Also you can create a new throw away address, transfer just a little bit of coins to it and interact with the contract. If it does what you think it should do, then you can create a new account and do it again.
It's not perfect. It could be a proxy, so you're not guaranteed the contract you're interacting with.
There's no easy way to "see what a transaction does". You just need to do risk management.
> When a site initiates a transaction, you can see the address you're interacting with. You should then look up the address on etherscan to see if it has public code and a lot of transactions. Then you should search that address in google and see if the main site links to it. A lot of projects have a list of addresses in their github. You can also inspect the function code. Once you're comfortable, you should add it to your saved addresses on your wallet and next time you'll see the name of the address
> Also you can create a new throw away address, transfer just a little bit of coins to it and interact with the contract. If it does what you think it should do, then you can create a new account and do it again.
How much money would you be spending on this scheme (in transaction fees)?
Any suggestions for how this could be scaled up to the general public (the vast majority of whom aren't comfortable reading code and have no idea what github is)?
There may be a public repo of known addresses. Of course it would be centralized and carefully curated, but I think that would be a good start.
I wish wallets made it easier to create a burner throw away account or there were some trusted contracts that would create an account, do something and then transfer back to another account. I don't know if anything like that exists or even if the workflow is generalizable enough
I'm currently building in the ability to inspect a transaction's effects before it is run directly into MetaMask. So... we'll alleviate some of the problem Soon (TM)
There is nothing about crypto that prevents scams.
But in the regular banking system we have decades of experience in how to mitigate the impacts of them e.g. account insurance, MFA for any new transfers or over a certain limit, auditing by independent regulators.
Crypto attracts a lot of statements like this and it's so ridiculous when you think about it because usually the statement applies so generally as to be virtually irrelevant. Almost every invention or new thing solves a problem that was solved already, and yet they often find success and may even become more popular than whichever way people were using to solve that problem before.
The tech community should be keenly aware of this because there are new apps, new languages, new libraries, new plugins, etc all the time, which solve a problem that was pretty much solved already.
You might counter that new things usually have to have some value proposition to gain a footing, like cheaper, faster, more reliable, etc. For one, that's not always true, but also crypto does have a value proposition like that. It's immutable, trustless, and can be anonymous. And it is even cheaper and faster than the regular banking system in some circumstances, depending on the sum being sent and where it goes.
When a site initiates a transaction, you can see the address you're interacting with. You should then look up the address on etherscan to see if it has public code and a lot of transactions. Then you should search that address in google and see if the main site links to it. A lot of projects have a list of addresses in their github. You can also inspect the function code. Once you're comfortable, you should add it to your saved addresses on your wallet and next time you'll see the name of the address.
Also you can create a new throw away address, transfer just a little bit of coins to it and interact with the contract. If it does what you think it should do, then you can create a new account and do it again.
It's not perfect. It could be a proxy, so you're not guaranteed the contract you're interacting with.
There's no easy way to "see what a transaction does". You just need to do risk management.