Last Update from 22.03.2019:
full medium article (draft) is here:
Dapplets (part 1): introduce new Dapp architecture for better UX and security
Any comments and critic are welcome!
1. Look at current dapp ux critically:
We will see multiple drawbacks:
Wallet is unable to present all the information required for signer to make a solid accept/reject decision. The WYSIWYS principle (WhatYouSee-is-WhatYouSign) is broken now.
We are unable to reach web2 (legacy) sites because they do not implement any web3 logic. This is one of reasons why we are trying to reinvent wheels like twitter and facebook from scratch.
The root cause is in the Dapp architecture we have adopted from very beginning. We inject
web3 for transaction processing into the website (Dapp) which is inherently unsafe environment with very limited chances for audit. That is why we use now wallets for Tx verification, running in more secure environment than Dapps.
Dapp Architecture based on
web3 injection doesn’t support wallets properly. Lets try re-invent it.
2. Let us imagine better UX.
- We can let Wallet present exact we would like to sign. Make WYSIWYS great again
- Because we handle Tx processing in Wallet and not in the Dapp, we can reach legacy sites like twitter now. Not all, but many of them: we need create a
control injectorfor that.
3. How it could work?
We need let wallets load and render small Dapps (let us call it Dapplets) depending on current context and action. A Dapplet containter will make necessary security checks and audit status. More over it will present more info about Tx and Dapplet in the Header and Footer for better security.
We will probably reuse some extended version of WalletConnect
There are security challenges here, but I believe they can be solved.
PoC based on Metamask is mostly implemented. Architecture and Security is still a hot topic.
If you have any critic, please let me know. I love fail-fast.
We will come to Paris for Council, Hackathon and EthCC.
let us talk in details.