Yeah, I had the same response. As a retailer, allowing users to pay in whatever they want but receiving Dai is pretty desirable, but forcing users to pay with Metamask isn't going to work. I'm hoping this is something they plan to fix.
It is also possible to use the widget with hardware wallets like Trezor and Ledger. Experiencing is quite seamless with signing done on the hardware.
There is going to be barrier to entry, but this gives the option for end users the option to safeguard their own private keys to swap tokens. Which in some occasion or cases more desirable than depositing into an exchange.
I noticed the option to paste in a private key and have it sign for you. If that goes to a server, that seems really dangerous. And, copy and paste on Android is really dangerous as well. Is that not an issue somehow with Trezor? Is there a way to use a hardware wallet and avoid sharing your private key while still getting the benefits of solutions like Kyber?
Copy paste private key is probably the lowest common denominator and not the most ideal option in most cases.
As for Trezor case the private key does not leave the device. I would imagine that the integration would be like most cases where the data gets sent to the hardware wallet to be sent. Signed in the wallet and it spits out the payload to be broadcasted.
As such by using hardware wallets, you shouldn't be exposing private keys outside of ththe device at all.
One of the parent comments said signing happens client side. Another comment said private key never leaves the device.
Which is it? Are both possible?
I really think the option to paste in the private key should be removed. It's dangerous to ask for that when there are so many Android apps that by default get access to paste buffer and can grab that key easily. If I were writing malware that would be my number one focus.
If you have a hardware wallet.
You will pass the intent message (sending money, swap, etc) to Trezor. Trezor holds your private key. Signs the message with your private key.
Hands the payload back to the client to be broadcasted to the network.
This way your private key stays in the hardware wallet, and protected from a compromised computer.
If you use metamask instead. The private key here resides in the browser or your computer rather.
I am unsure exactly where the signing happens but it will have to happen within the domain of your computer (at metamask or js) because that is where the key is. Gets back payload to be broadcasted.
Copy pasting private key (totally not recommended) is for cases where say you dont have a metamask or a hardware wallet. The signing is done probably using the js library included by the widget to obtain payload for broadcast.
Nothing should be passed on to a server.
Only the signed message needs broadcasting into the ethereum network for the transaction to be included into a block.
The hardware buttons act like the ultimate OK/Cancel button.
You can review the transaction address, id, etc on the hardware screen to confirm that you are not getting phished and such. (vs. on the software)
