"--memo" attribute is misleading

[serge1peshcoff]

Summary

cosmos-sdk has the--memo attribute and its description doesn't describe it's public and anyone can see it. There are number of people who put their mnemonics there, exposing their wallets, probably because they though you should put a mnemonic here. See https://wasmywalletleaked.com/ and https://medium.com/frogvpn-ecosystem/how-we-found-exposed-wallets-in-cosmos-based-blockchains-a91f0ad5bb62

Problem Definition

See above.

Proposal

Two things can be done:

1. updating the --memo description, explicitly stating memo is public
2. renaming the --memo CLI option to something else (like --note)

---

For Admin Use

• Not duplicate issue
• Appropriate labels applied
• Appropriate contributors tagged
• Contributor assigned/self-assigned

[aaronc]

Wow, sounds terrible. We should definitely address this. At a minimum, we can patch the CLI to say --note or --comment.

In the next version, we should probably make a rename at the protocol layer. Any thoughts @alexanderbez @alessio ?

[alessio]

This smells to me more of a UX issue than a security vulnerability. Thus I agree on changing the CLI options names and yet I don't think this issue warrants a change in the protocol.

[serge1peshcoff]

This smells to me more of a UX issue than a security vulnerability.

I agree, it's not like the core problem of the Cosmos blockchain, it's more like of a parameter that can be unknowingly used in a wrong way.

[anilcse]

Yes a UX issue. Renaming the client facing flags should fix the issue. May be wallets (and exchanges?) should also rename this. cc @dogemos

[dogemos]

I agree that it is an issue. Something like 'destination tag' (a la XRP) could also work. 'note' and 'comment' are definitely non-typical as most other networks still call it 'memo'

That being said, we would prefer still have to show something like Note (prev. memo) as most exchanges will ask for a 'memo' and not showing that the 'note' just the 'memo' feature renamed could confuse users.