WalletUnCon

The existing interactions in the Ethereum ecosystem often resemble risky gambles, exposing users to possible theft and deception, such as losing valuable NFTs to phishing attacks. This paper dissects the structural problems in Ethereum's architecture and the inherent lack of transparency in transaction confirmations, leading to a pervasive sense of insecurity for users. Examples of transaction confirmation screens in MetaMask demonstrate the opaqueness of the current system. The study reveals that wallets often fall short of adequately representing the real impact of transactions, thus offering phishers the chance to deceive users. While current efforts to mitigate these risks are outlined, they are shown to be inadequate. The paper then proposes a comprehensive solution through the cooperative efforts of smart contracts, interfaces, and wallets. Key strategies include contract-provided interfaces, site-proposed metadata, standardized interfaces, and object capability models, such as MetaMask's Delegatable. These strategies aim to maximize coherent and safe interactions, moving away from libertarian or hard paternalistic nudges to a more soft paternalistic approach, thereby enhancing user understanding of actions and risks. The paper also emphasizes the importance of gradual adoption to avoid user resistance or warning fatigue. This approach, paired with Large Language Models for localization, is posited as a pathway to a more transparent and secure Ethereum ecosystem, where actions are comprehensible and users are always informed before taking a potentially dangerous action.