usePollDetails --> When there is a risk of snapshotting potentially volatile voting details, accessing the voting information becomes unreliable, and it may lead to a potential crash of the shared kernel. about lens-sdk HOT 7 CLOSED

Hi @jingledongding thank you for reporting this.

Can I please ask you some clarifications?

When there is a risk of snapshotting potentially volatile voting details, accessing the voting information becomes unreliable, and it may lead to a potential crash of the shared kernel.

Can you please expand on what you mean by "there is a risk of snapshotting potentially volatile voting details"?

What makes it volatile? Was the proposal definition amended while you where testing the hook?

from lens-sdk.

When I access https://snapshot.org/#/lido-snapshot.eth/proposal/0xbf00c00a2e9c009e9d014e1ed4885d2b77d525ffb1c7495479f750a915f30f2e, the snapshot doesn't redirect to the correct page, which results in the hook not receiving the correct response.

from lens-sdk.

I've noticed the same warning on the Snapshot UI... never seen it before.
Seems a spam prevention feature of Snapshot UI itself.

Is the Snapshot URL correct? Is this a legitimate Proposal?

In order to integrate with Snapshot the Lens SDK hook does not access the same HTML page you open with the browser but instead extracts the Proposal Id and Space Id and uses Snapshot GQL APIs to retrieve the relevant details.

from lens-sdk.

Is the Snapshot URL correct?
this url is from @lensprotocol/react, so I think it's correct
Is this a legitimate Proposal?
It's possible that only someone with access to the snapshot would know this, but based on the information available, the proposal appears to be sensitive."

from lens-sdk.

Ah I see. I thought it was a Snapshot Proposal you tried to use in a publication content. Instead if I understood correctly it kinda landed on you because it made your code crash.

The Lens SDK itself does not have any specific Snapshot Proposal URLs in it. Ultimately this comes from the content of a publication that you happened to have fetched with the Lens SDK.

Unfortunately it's content we don't have control over, so the only thing we can do is being robust to "odd things".

The reason I am asking about the legitimacy of this specific Snapshot Proposal is that the Snapshot UI that warns about it is a first red flag.

A second red flag is the fact the proposal is a Single Voting choice but only provides a Yes choice.

So from a Snapshot vote perspective it's either one votes yes or they abstain. This is ultimately the cause of the error you see, in the SDK we assumed only legitimately configured Snapshot Proposal.

The link in the description and the Space ID is also suspicious.

I am going to plan a fix that if possible silently ignores these misconfigurations.

Thank you for taking the time to explain the background of this issue to me. Will ping you when a fix is available.

from lens-sdk.

Fix coming soon: #456

from lens-sdk.

This is now available in:

• @lens-protocol/react@next
• @lens-protocol/react-web@next
• @lens-protocol/client@next

It will be released 1.3 stable next week.

from lens-sdk.