Wrong account connected might confuse users and is potentionally dangerous

ackvf commented 5 months ago

What is this about?

I am not sure if something changed, but for the past two years we did not observe this issue until recently.

When user changes to a different account from within MetaMask, our app will NOT receive that information and continues functioning with the previously connected account.

In the following screenshot, notice that I remain connected to CXIP #1, but I switched to CXIP #2 in MetaMask.

0) With all accounts disconnected 1) Initiate connection from within the App by clicking on button [CONNECT WALLET] and connect with Account #1 2) In MetaMask, switch to Account #2 3) Observe that nothing happens, no event is emmited and user keeps connected with Account #1, despite seeing Account #2 in their MetaMask extension 4) For further detail, I present you the connect/disconnect option within MetaMask, where you can see that Account #1 is still Active. 5) Only after pressing the highlighted Connect, only then the App receives an event and is allowed to handle the change. metamask-switch-disconnect

On this third attachment notice the potential dangerous situation where the user THINKS they are on Account #2, but they are in fact signing transactions with Account #1 with no clear clue other than the account name, which can easily be missed, especially if the user choses poor names.

Unlike in this situation, where it did show a very subtle information, which is so subtle that it's almost useless too anyway. And I don't even know what the circumstances were to see this.

"Is this the correct account? It's different from the currently selected account in your wallet"

Compare the two:

Scenario

GIVEN a user has two disconnected accounts WHEN user connects with one account from within the web App AND then switches to a second account in MetaMask THEN the App does not receive an event remains connected to account#1, while the user thinks they are using account#2 already

Screenshots added in main description.

Design

No response

Technical Details

No response

Threat Modeling Framework

No response

Acceptance Criteria

No response

Stakeholder review needed before the work gets merged

[ ] Engineering (needed in most cases)
[ ] Design
[ ] Product
[ ] QA (automation tests are required to pass before merging PRs but not all changes are covered by automation tests - please review if QA is needed beyond automation tests)
[ ] Security
[ ] Legal
[ ] Marketing
[ ] Management (please specify)
[ ] Other (please specify)

References

No response

ackvf commented 5 months ago

Related: AccountsChanged didn't fired when switching to a disconnected account #13825

ackvf commented 5 months ago

One account connected - nothing happens metamask-switch-one-connected

Both accounts connected - event is emitted metamask-switch-two-connected

MetaMask / metamask-extension