Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

⚠️ UX Problem: Incorrect Address Format Acceptance and Fund Loss #1529

Open
yamancan opened this issue Dec 2, 2024 · 2 comments
Open

⚠️ UX Problem: Incorrect Address Format Acceptance and Fund Loss #1529

yamancan opened this issue Dec 2, 2024 · 2 comments
Labels
bug Something isn't working Feedback

Comments

@yamancan
Copy link

yamancan commented Dec 2, 2024

⚠️ Problem: Incorrect Address Format Acceptance and Fund Loss

I encountered a critical UX issue while using the Flow native wallet on Flow EVM. The wallet accepts Flow Cadence Network addresses (18 characters, e.g., 0x000000000001234) while on the EVM network. Instead of rejecting the transaction or warning the user, the tokens are redirected to a burn address (0x0000000000000000000000010000000000000000), causing fund loss.

Steps to Reproduce

1.	Open the wallet in Flow EVM mode.
2.	Attempt to send funds to a Flow Cadence Network address (e.g., 0x000000000001234).
3.	The transaction appears to be processed successfully, but the tokens are sent to a burn address instead of the intended recipient.

Acceptance Criteria

•	The wallet should validate address formats and lengths based on the active network (Flow vs. Flow EVM).
•	The extension UI should clearly indicate the active network (e.g., through color coding or icons).
•	Transactions with incorrect address formats should be blocked, and users should see a clear error message.
•	If a user attempts to send funds to an incompatible address, the wallet should suggest switching to the appropriate network. (+ for better ux: offering bridging to the other network)

Context

While exploring the Flow ecosystem, I attempted to send funds from Flow EVM to a Flow Cadence Network address. When the wallet accepted the transfer, I assumed I was on the Flow Cadence Network. This issue caused unintended loss of my funds ($ XXXX FLOW) and has the potential to affect other users.

Standard UX practices for EVM Wallets should be implemented, and preventive solutions must be developed to mitigate such errors.

PS: I am happy to provide my transaction details and video recording as evidence for potential reimbursements.
@yamancan yamancan added bug Something isn't working Feedback labels Dec 2, 2024
@bertankofon
Copy link

no worries :)

@yamancan
Copy link
Author

yamancan commented Dec 2, 2024
edited by franklywatson
Loading

nice try scammer ¯_(ツ)_/¯

Hello @yamancan Thanks for your observations, this will be reviewed on pull request and resolve. Use the official website to initiate a chat with the support team for further information and get reimbursed if necessary. Regards

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working Feedback
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yamancan @bertankofon