I had a particularly painful experience using Status to pay for lunch today, and thought about a way it could have been avoided. It was the payment provider’s fault AND my own fault, but Status could help prevent such a mistake from happening again.
A restaurant here implemented crypto payments. But since crypto is not legal tender, they do it by finalizing the actual bill with fiat, and then generating a new one on a separate crypto POS which generates a QR code after the waiter manually inputs the bill ID and amount. Now, this is clumsy, but it’s nothing compared to what follows.
In order to pay, the customer now needs to scan this QR code, which is only an address, and manually enter the amount into the app (they didn’t use QR codes with amounts). So I ended up inputting a number that’s an order of magnitude greater than what I had to pay. I am now the Ethereum pizza guy.
So this happened to me in an app I use every day (Status), with a currency I use every day for development and commerce (Eth), in an ecosystem I’m intimately familiar with (blockchain). I fatfingered my way into paying 1 eth for a pizza.
A system should be designed with the idiot user in mind. If a power user like myself can have this happen to them on a familiar turf, then what’s in store for Mr. John “First time blockchain user” Doe?
My recommendation on how to implement a preventative measure for this:
- add a contact settings screen for contacts you’ve added
- this settings screen should contain (among other fields like “note” and “name”) a field “transfer limit [X] in [DROPDOWN]”. This is how much maximum can be sent to the address from within Status in the selected currency in the dropdown. So a setting like “transfer limit 5 in DAI” means one can send only 5 DAI worth of ANY currency in a single transaction. For conversion rates, read Uniswap’s contract so you don’t depend on an oracle or third party web service.
- default all non-added addresses or freshly added addresses to something like 20 DAI worth in a single transaction.
- Protect all users from having their account hijacked and drained.
- Protect users from clumsy payment gateway implementations by maxing out an amount they can send to a specific address.
I realize there’s a lot of implementing to be done here to make it possible: custom contact details, wallet send-amount limitations Status-wide, uniswap reading etc. but maybe something to think about for the long term to also make Status a safe-from-users wallet, not just safe-from-governments and safe-from-hacks.