Block.one, a Cayman Islands-registered open-source software publishing firm that raised a record-setting amount of $4 billion through its fundraising rounds of 2017 and 2018, has stated that a “critical component of user security is preventing phishing attacks or bait and switch attacks which trick users into agreeing to something that isn’t actually going to happen as a result of their agreement.”
Indeed, phishing attacks have led to huge financial losses for users, as they’ve allowed malicious entities to gain access to people’s private keys, passwords, and seed phrases – all of which were associated with cryptocurrency wallets.
Block.one Explains How Hackers Employ Various Phishing Attack Vectors
Explaining how hackers employ manipulative tactics when exploiting blockchain-based platforms, Block.one notes in a blog post published April 12th, 2019 that “in blockchain, this can occur when a website or application indicates to a user that they are approving one action, but present a different transaction to the key management application (i.e. Authenticator or wallet).”
In other words, the fraudulent websites that users visit might “say one thing, but [actually] issue something else to the blockchain,” Block.one writes. For instance, an unsuspecting user may be tricked into thinking that they are transferring a small amount of cryptocurrency to a digital asset exchange. However, they may be sending all their funds to a scammer, the blockchain development firm’s blog states.
“Pillar Of EOSIO’s Usability: Support For Defining Ricardian Contracts”
The post by Block.one also mentions that “a pillar of EOSIO’s usability since its dawn has been support for defining Ricardian Contracts.” These contracts are integrated with conventional smart contracts in order to “serve as human readable representations” of an “action’s intent” in natural languages that people understand, such as English.
Elaborating on the importance of “code being transparent and auditable,” the software publisher’s blog confirms that the “blockchain actions are often irreversible.” The Block.one blog further notes that before the introduction of Ricardian Contracts, it was “near impossible” for the regular user to “understand or be expected to understand exactly what actions they were signing in a Smart Contract.”
“Not Rendering” Ricardian Contracts In A Manner That “Cultivates Understanding”
The software developer’s post also mentions that “existing Authenticators (wallets) that present transactions to users for signing with their private keys are often not equipped to render Ricardian Contracts in a way that cultivates understanding.”
Moreover, existing software programs depend on application-specific features to explain to users what a smart contract states through the front-end interface, but “without any auditable association to the actions” being registered on a blockchain.
Here’s What’s Featured In Latest Software Release By Block.one
In its latest release, Block.one has included two key features for Ricardian Contracts which aim to “create consistency and transparency” in how the data is shown or displayed to end users in Authenticators that require them to sign digital currency or blockchain-based transactions.
The Ricardian Contract specification document and codebase define a JSON-based template language for integrating metadata, which in this case, is essentially a “subset of Markdown/CommonMark” for formatting purposes.
Ricardian Template Toolkit Now Available
The templates also include Handlebars to allow for variable substitution while writing code. Block.one further explains in its blog that smart contract programmers can follow the specs which allow them to “richly format Ricardian Contracts to cultivate understanding for their users.”
The developers at Block.one have also “built the Ricardian Template Toolkit, which is an implementation of a renderer for the Ricardian Contract Specification that demonstrates how Ricardian Contracts built to the new specification can be displayed.”
This proprietary Toolkit can be “used by Authenticator developers to consistently render Ricardian Contracts and by Smart Contract developers as an authoring and testing tool,” the software publisher’s blog explains.