Discussion around the Yearn AllowList as a security control against DNS hijacking.
End Goal
To implement security controls to warn users if the domain they are on is potentially compromised and is prompting them to sign a transaction with ill-intent.
Friction Points
- Dapp developers need to pay transaction costs to own their ENS records through DNSSEC.
- Dapp developers need to maintain Solidity contracts to ensure their allowlist rulesets are up-to-date with the dapp interface
- This whole process requires expertise
UI
If a transaction meets the allowlist ruleset, no UI changes will occur, there won’t be anything to indicate “this is a regular safe transaction”. The only UI changes will occur if;
- A Dapp has set up an allowlist
- The transaction does not meet the allowlist ruleset