Is your feature request related to a problem? Please describe.
If an user borrows an asset which has the ISSUER MAY TRANSFER ASSET BACK TO HIMSELF permissions/flags enabled, then there is a possibility that after borrowing the asset that the funds are transferred back, followed by the user potentially losing the collateral if they fail to reclaim the tokens.
This could perhaps be because the borrowed funds were stolen by the lender, or perhaps by a malicious asset creator.
Describe the solution you'd like
Currently there's no link to the asset the user is about to borrow, only the description in a popup modal.
The simplest solution would be to include a link to the asset being borrowed, perhaps within the modal, then the user can make their own mind up about the risks associated with entering the credit offer deal.
More intrusive could be directly including warnings in the borrow confirmation modal when this permission/flag is enabled.
Describe alternatives you've considered
Write blog posts educating users on risks of social engineering.
Reporting accounts of malicious credit offers for on-chain committee blocklist.
Warn users if the lender is on the on-chain blocklist, or filter their entries from the credit offer page.
Additional context
The ability to transfer asset back to ones self is legitimate, it's an integral part of running an EBA for security, and it can prevent lent assets being burned in exchange for the collateral (if entirely on-chain). Just the presence of this flag/permission isn't enough to condemn, however it does indicate theoretical risk to a borrower.
Is your feature request related to a problem? Please describe.
If an user borrows an asset which has the
ISSUER MAY TRANSFER ASSET BACK TO HIMSELFpermissions/flags enabled, then there is a possibility that after borrowing the asset that the funds are transferred back, followed by the user potentially losing the collateral if they fail to reclaim the tokens.This could perhaps be because the borrowed funds were stolen by the lender, or perhaps by a malicious asset creator.
Describe the solution you'd like
Currently there's no link to the asset the user is about to borrow, only the description in a popup modal.
The simplest solution would be to include a link to the asset being borrowed, perhaps within the modal, then the user can make their own mind up about the risks associated with entering the credit offer deal.
More intrusive could be directly including warnings in the borrow confirmation modal when this permission/flag is enabled.
Describe alternatives you've considered
Write blog posts educating users on risks of social engineering.
Reporting accounts of malicious credit offers for on-chain committee blocklist.
Warn users if the lender is on the on-chain blocklist, or filter their entries from the credit offer page.
Additional context
The ability to transfer asset back to ones self is legitimate, it's an integral part of running an EBA for security, and it can prevent lent assets being burned in exchange for the collateral (if entirely on-chain). Just the presence of this flag/permission isn't enough to condemn, however it does indicate theoretical risk to a borrower.