Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Include spender and contract address on Approve screen #5087

Closed
rsmylskibc opened this issue Aug 17, 2018 · 2 comments
Closed

Include spender and contract address on Approve screen #5087

rsmylskibc opened this issue Aug 17, 2018 · 2 comments
Labels
area-transactions area-UI Relating to the user interface. type-enhancement

Comments

@rsmylskibc
Copy link

When using the new Metamask UI - when you make a token approve call, when Metamask pops up, the To Address is the spender address, not the ERC20 token contract address.

This is misleading because once the transaction has processed, and is in your transactions list, the To address of that transaction shows as the ERC20 token contract address (as expected, as that's where it was sent)

This has caused considerable confusion for users of the new version of our product with no clear way to reconcile. Metamask's UI presents a window that says it is about to send "to" address spender, then immediately after presents the transaction list with address token, on the surface leading some of our users to ask if the product was compromised ("why did it send to a different address?").

To Reproduce
Steps to reproduce the behavior:

  1. Make an approve call to an ERC20 token contract
  2. Observe the various addresses shown in Metamask
  3. Confirm the transaction
  4. Observe that the To address in the transaction that is in the transactions list shows a different address than what was shown in the Confirm Transaction popup.

Expected behavior
The To address in Metamask should match with the To address of the processed transaction.

Improved UX/UI to better indicate the nature of an approve transaction is great, but should be a lot more straightforward and done in a way that isn't misleading or that could indicate to a less experienced user as possibly being hacked/having their transaction compromised.

Screenshots
confirmtransactionpopup
transactionhistory

Browser details (please complete the following information):

  • OS: OS X
  • Browser: chrome
  • MetaMask Version: 4.9.3
  • New / Beta UI?
@bdresser
Copy link
Contributor

Thanks for the feedback @rsmylskibc. We've started showing the spender since it's the address that will be able to actually spend the user's tokens - but you're right, this doesn't match what's shown in Etherscan and I get why your users are concerned.

We should probably show the contract address the To field, then include the spender address in a separate UI element (or as part of the warning message).

Sorry for the confusion this has caused your users - we're continually iterating on this particular screen to make sure folks are informed and the implications of their actions are clear.

@bdresser bdresser changed the title Token Approve UI is misleading Include spender and contract address on Approve screen Aug 20, 2018
@bdresser bdresser added type-enhancement area-UI Relating to the user interface. labels Aug 20, 2018
@bdresser bdresser mentioned this issue Sep 12, 2018
Closed
@bschorchit
Copy link

Closing as this has been fixed since.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area-transactions area-UI Relating to the user interface. type-enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@bdresser @Gudahtt @rsmylskibc @bschorchit