Trezor feature persists previous trezor Xpub

[danfinlay]

If I have two trezors, with two different mnemonics Then connect trezor A, use it. Connect trezor B, select "connect hardware wallet",

MetaMask shows me the old Trezor's account list.

[brunobar79]

@danfinlay wow. Good find!

[brunobar79]

Ok, so the deal is that we're caching the XPUB unless you click Forget this device

I have no way of making sure the device is different / same unless I go to the device and ask for the xpub key, which means there's gonna be a popup from Trezor, asking for your approval.

I guess we have to make the decision of: Should we stop caching the XPUB and ask for confirmation every time you plug in your wallet?

This is definitely more secure and will solve the issue that you reported but:

• You won't be able to see your hw wallet accounts without plugin in your wallet anymore
• We're gonna make every user go to through the Trezor popup flow every time

An important point is that there's already a workaround which is to use the "Forget this device" feature, which will prevent the issue.

Maybe the solution it's just to add better info about how the feature works and what the "Forget this device" feature does.

WDYT?

cc: @bdresser @cjeria

[bdresser]

Hey, four months later :)

I think the double-trezor case is rare enough that we shouldn't change the basic flow to solve this. Going to move to icebox and see if this comes up again.

We could always add a disclaimer towards the bottom like "seeing stale data? forget this device and reconnect"

[tmashuang]

The initial implementation took into account caching but I personally agree with that clicking Connect with a HW wallet would ideally act like a new connection everytime.