"--memo" attribute is misleading

[serge1peshcoff]

Summary

cosmos-sdk has the--memo attribute and its description doesn't describe it's public and anyone can see it. There are number of people who put their mnemonics there, exposing their wallets, probably because they though you should put a mnemonic here. See https://wasmywalletleaked.com/ and https://medium.com/frogvpn-ecosystem/how-we-found-exposed-wallets-in-cosmos-based-blockchains-a91f0ad5bb62

Problem Definition

See above.

Proposal

Two things can be done:

1. updating the --memo description, explicitly stating memo is public
2. renaming the --memo CLI option to something else (like --note)

---

For Admin Use

• Not duplicate issue
• Appropriate labels applied
• Appropriate contributors tagged
• Contributor assigned/self-assigned

[aaronc]

Wow, sounds terrible. We should definitely address this. At a minimum, we can patch the CLI to say --note or --comment.

In the next version, we should probably make a rename at the protocol layer. Any thoughts @alexanderbez @alessio ?

[alessio]

This smells to me more of a UX issue than a security vulnerability. Thus I agree on changing the CLI options names and yet I don't think this issue warrants a change in the protocol.

[serge1peshcoff]

This smells to me more of a UX issue than a security vulnerability.

I agree, it's not like the core problem of the Cosmos blockchain, it's more like of a parameter that can be unknowingly used in a wrong way.

[anilcse]

Yes a UX issue. Renaming the client facing flags should fix the issue. May be wallets (and exchanges?) should also rename this. cc @dogemos

[dogemos]

I agree that it is an issue. Something like 'destination tag' (a la XRP) could also work. 'note' and 'comment' are definitely non-typical as most other networks still call it 'memo'

That being said, we would prefer still have to show something like Note (prev. memo) as most exchanges will ask for a 'memo' and not showing that the 'note' just the 'memo' feature renamed could confuse users.

[amaury1093]

Fixed by #9134

[aaronc]

I don't actually think just changing this in the CLI is sufficient. It's likely a bigger issue in user interfaces and I think we need to make this more clear to UI designers. Adding the Docs label. What I would propose is:

• comments in TxBody that the memo field should not be called memo in UIs
• maybe some comments in other parts of docs.cosmos.network warning about this

[xlab]

There are number of people who put their mnemonics there

Ah, they are wrong. They should put good memes there! 🙈

On a serious side, this fix should've about documentation and

description doesn't describe it's public and anyone can see it.

description improvement.

Now there is a lot of scripts and manuals will be outdated for no reason. Also some protocols like Secret Network uses memo as part of their business logic. Note or Comment looks like it is not interpreted by app logic, but a comment that sender leaves for fun.

[xlab]

I just wanted to be compatible with 0.43's Rosetta API and keys, not renaming memes all over the docs.