Open pedrouid opened 5 years ago
I think that permission should be divided into a few basic categories:
eth_getBalance
) but without account disclosure (like MetaMask with EIP-1102).personal_sign
and eth_signTypedData
(but without eth_sign
).eth_sign
(which can be used to trick the user into signing transaction).Also, it should be possible to add additional permissions on-demand.
When a Dapp initiates a session request, it would be useful to include a set of permissions associated with a session to be approved by the Wallet.
This would include a more restricted read-only mode that would only disclose accounts and chainId plus other read methods like (eth_getBalance and eth_call) and the regular read-write mode which would allow the dapp to also request signing messages and transactions with the private key.
Finally it would be possible to include a more advanced set of special permissions like auto-signing with a specific scope of methods to support Layer 2 solutions like State Channels and Plasma Chains without prompting the user every time it needs to counter-sign messages that for example include receiving or withdrawing amounts.