Review display of chain in signing approval popup #844
Labels
audit-fixes
Fixes for complying with feedback from Chaintroopers' Audit
Comments
chidg
added
the
audit-fixes
|
Still relevant, need to improve |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In the Chaintroopers audit they identified that we may not be fully compatible with EIP 3326
wallet_switchEthereumChain. This EIP expects that wallets which have a concept of an 'active chain' should display a confirmation to the user when the active chain is changed by thewallet_switchEthereumChainmethod.This is not fully relevant to Talisman because we allow each dapp to have its own active chain. This means a dapp can't change the active chain for another dapp at a different domain, and thus mitigates the risk of a dapp changing the network maliciously or by accident. However, if a dapp calls the
wallet_switchEthereumChainmethod, and then requests approval to sign a transaction, the user could potentially be mislead to sign a transaction on a network they didn't expect.In order to mitigate this risk we should ensure that the current network is displayed prominently in any signing approval popups on EVM, without the user needing to click into 'details' or any other sub menu. Please review current UI and make updates if necessary.
The text was updated successfully, but these errors were encountered: