Security for dashboard

I noticed there has been more than one case of someone having their ONE undelegated by someone other than themselves. The cause of it most likely from user error but can be very costly.

I’d like to see an option added to the dashboard to be able to get email notifications whenever they undelegate or collect rewards. This will give long term holders added security that don’t check into their dashboard often. If you’re notified soon enough, you can still take action against possible hackers.

Just an idea I had, let me know your thoughts. Thank you :pray::blue_heart:

4 Likes

This sounds like a great option to have for delegates…

2 Likes

I love this! My only “concern” would be how to implement this in a way that doesn’t allow the hacker to turn off the “email notification” option. Since the hacker has access to your wallet, then he also has access to your wallet’s email settings.

1 Like

The idea is good. But on the one hand, if your wallet gets compromised it’s hard to fight the attacker even if you get the notification.

On the other hand, I don’t think that could be easily done with the current dashboard. As the staking portal is just a dApp that provides an interface to the staking website. If you want to receive emails you would need to have a seperate server that that listens for undelegations and delegations, a mailserver that sends out the mails and a database to manage subscriptions and sends out notifications accordingly.

Furthermore there are privacy concerns as the host running that server can link your email to your wallet address.

@Rutilant_Hub this concern could be tackled by requireing email verification of the change.

Edit: But it could be done, and it could even be done by anybody. E.g. a validator offers this as a service to his delegators.

2 Likes

You would have another system for alerts… It would mean that the ‘hacker’ would have to have both to be sure… Maybe even 2FA for email would help…

3 Likes

Thanks for your replies, @Severin & @Maffaz

Now that I’ve thought a little bit more about this, perhaps having this feature in the staking dashboard is not the best of ideas. Also, having emails involved opens up a new flank for phishing attempts.

In the community we already have telegram bots that do exactly this, right? If not, I don’t think it would be too difficult to add that functionality. What would be left is to inform delegators that there are these tools available for them.

3 Likes

Thank you for your replies everyone!

I understand now why it’s not a good idea on the dashboard. Validators being able to provide this service would definitely a good idea though, thank you. Just let delegators have the option to sign up for it. I’ll do some more looking into getting alerts setup. I appreciate your input! :blue_heart::v::love_you_gesture:

2 Likes