YearnAllowList as a security control against DNS hijacking

Discussion around the Yearn AllowList as a security control against DNS hijacking.

End Goal
To implement security controls to warn users if the domain they are on is potentially compromised and is prompting them to sign a transaction with ill-intent.

Friction Points

  • Dapp developers need to pay transaction costs to own their ENS records through DNSSEC.
  • Dapp developers need to maintain Solidity contracts to ensure their allowlist rulesets are up-to-date with the dapp interface
  • This whole process requires expertise

If a transaction meets the allowlist ruleset, no UI changes will occur, there won’t be anything to indicate “this is a regular safe transaction”. The only UI changes will occur if;

  • A Dapp has set up an allowlist
  • The transaction does not meet the allowlist ruleset