From bcbc6dc47e8775190751014df8a36765c55c5c9d Mon Sep 17 00:00:00 2001
From: Bowen Wang <bowen@near.org>
Date: Thu, 27 Jul 2023 15:26:28 -0700
Subject: [PATCH 1/3] proposal to restrict ethereum address on NEAR

---
 neps/nep-0492.md | 74 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 74 insertions(+)
 create mode 100644 neps/nep-0492.md

diff --git a/neps/nep-0492.md b/neps/nep-0492.md
new file mode 100644
index 000000000..89a21360c
--- /dev/null
+++ b/neps/nep-0492.md
@@ -0,0 +1,74 @@
+---
+NEP: 492
+Title: Restrict creation of Ethereum Addresses
+Authors: Bowen Wang<bowen@near.org>
+Status: Draft
+DiscussionsTo: https://github.com/near/NEPs/pull/492
+Type: Protocol
+Version: 0.0.0
+Created: 2023-07-27
+LastUpdated: 2023-07-27
+---
+
+## Summary
+
+This proposal aims to restrict the creation of Ethereum addresses on NEAR to both prevent loss of funds due to careless user behaviors and scams
+and create possibilities for future interopability solutions.
+
+## Motivation
+
+Today an [Ethereum address](https://ethereum.org/en/developers/docs/accounts/) such as "0x32400084c286cf3e17e7b677ea9583e60a000324" is a valid account on NEAR and because it is longer than 32 characters,
+anyone can create such an account. This has unfortunately caused a few incidents where users lose their funds due to either a scam or careless behaviors.
+For example, when a user withdraw USDT from an exchange to their NEAR account, it is possible that they think they withdraw to Ethereum and therefore enter their Eth address.
+If this address exists on NEAR, then the user would lose their fund. A malicious actor could exploit this can create known Eth smart contract addresses on NEAR to trick users to send tokens to those addresses. With the proliferation of BOS gateways, including Ethereum ones, such exploits may become more common as users switch between NEAR wallets and Ethereum wallets (mainly metamask).
+
+In addition to prevent loss of funds for users, this change allows the possibility of Ethereum wallets supporting NEAR transactions, which could enable much more adoption of NEAR. The exact details of how that would be done is outside the scope of this proposal.
+
+There are currently ~5000 Ethereum addresses already created on NEAR. It is also outside the scope of this proposal to discuss what to do with them. 
+
+## Specification
+
+The proposed change is quite simple. Only the protocol registrar account (which can create top-level accounts <= 32 bytes) can create Ethereum addresses.
+
+## Reference Implementation
+
+The implementation roughly looks as follows:
+
+```Rust
+fn action_create_account(...) {
+    ...
+    if account_id.is_ethereum_address()
+                && predecessor_id != &account_creation_config.registrar_account_id
+            {
+                // An Ethereum address can only be created by the registrar account
+                result.result = Err(ActionErrorKind::CreateAccountOnlyByRegistrar {
+                    account_id: account_id.clone(),
+                    registrar_account_id: account_creation_config.registrar_account_id.clone(),
+                    predecessor_id: predecessor_id.clone(),
+                }
+                .into());
+                return;
+            }
+    ...
+}
+```
+
+## Alternatives
+
+There does not appear to be a good alternative for this problem.
+
+## Future possibilities
+
+Ethereum wallets such as Metamask could potentially support NEAR transactions through meta transactions.
+
+## Consequences
+
+In the short term, no Ethereum addresses would be allowed to be created, but this change would not create any problem for users.
+
+### Backwards Compatibility
+
+There is no backwards compatibility concern.
+
+## Copyright
+
+Copyright and related rights waived via [CC0](https://creativecommons.org/publicdomain/zero/1.0/).

From d45219691d779c422b2e4dae9c3315aa46226bae Mon Sep 17 00:00:00 2001
From: Bowen Wang <bowen@near.org>
Date: Mon, 31 Jul 2023 11:37:02 -0700
Subject: [PATCH 2/3] update the proposal to restrict top level accounts

---
 neps/nep-0492.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/neps/nep-0492.md b/neps/nep-0492.md
index 89a21360c..a014a95f9 100644
--- a/neps/nep-0492.md
+++ b/neps/nep-0492.md
@@ -12,7 +12,7 @@ LastUpdated: 2023-07-27
 
 ## Summary
 
-This proposal aims to restrict the creation of Ethereum addresses on NEAR to both prevent loss of funds due to careless user behaviors and scams
+This proposal aims to restrict the creation of top level accounts (other than implicit accounts) on NEAR to both prevent loss of funds due to careless user behaviors and scams
 and create possibilities for future interopability solutions.
 
 ## Motivation
@@ -28,7 +28,7 @@ There are currently ~5000 Ethereum addresses already created on NEAR. It is also
 
 ## Specification
 
-The proposed change is quite simple. Only the protocol registrar account (which can create top-level accounts <= 32 bytes) can create Ethereum addresses.
+The proposed change is quite simple. Only the protocol registrar account can create top-level accounts that are not implicit accounts
 
 ## Reference Implementation
 
@@ -37,10 +37,10 @@ The implementation roughly looks as follows:
 ```Rust
 fn action_create_account(...) {
     ...
-    if account_id.is_ethereum_address()
+    if account_id.is_top_level() && !account_id.is_implicit()
                 && predecessor_id != &account_creation_config.registrar_account_id
             {
-                // An Ethereum address can only be created by the registrar account
+                // Top level accounts that are not implicit can only be created by registrar
                 result.result = Err(ActionErrorKind::CreateAccountOnlyByRegistrar {
                     account_id: account_id.clone(),
                     registrar_account_id: account_creation_config.registrar_account_id.clone(),
@@ -63,11 +63,11 @@ Ethereum wallets such as Metamask could potentially support NEAR transactions th
 
 ## Consequences
 
-In the short term, no Ethereum addresses would be allowed to be created, but this change would not create any problem for users.
+In the short term, no new top-level accounts would be allowed to be created, but this change would not create any problem for users.
 
 ### Backwards Compatibility
 
-There is no backwards compatibility concern.
+For Ethereum addresses specifically, there are ~5000 existing ones, but this proposal per se do not deal with existing accounts.
 
 ## Copyright
 

From 8a3594fe33e8781da08ab7ac854257872b971289 Mon Sep 17 00:00:00 2001
From: Vlad Frolov <frolvlad@gmail.com>
Date: Thu, 16 Nov 2023 20:17:46 +0100
Subject: [PATCH 3/3] Update neps/nep-0492.md

---
 neps/nep-0492.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/neps/nep-0492.md b/neps/nep-0492.md
index a014a95f9..a6dfd434f 100644
--- a/neps/nep-0492.md
+++ b/neps/nep-0492.md
@@ -1,8 +1,8 @@
 ---
 NEP: 492
 Title: Restrict creation of Ethereum Addresses
-Authors: Bowen Wang<bowen@near.org>
-Status: Draft
+Authors: Bowen Wang <bowen@near.org>
+Status: Final
 DiscussionsTo: https://github.com/near/NEPs/pull/492
 Type: Protocol
 Version: 0.0.0