search

chainapsis / keplr-wallet

The most powerful wallet for the Cosmos ecosystem and the Interchain
https://www.keplr.app
Other
774 stars 463 forks source link

Approval of One Wallet Address Affects All Others on Website Connection #1087

Closed Bamiboygraphics closed 8 months ago

Bamiboygraphics commented 8 months ago

Description

When using the Kelpr wallet Chrome web browser extension on Windows 11, I encountered a critical issue related to wallet address approval on websites. Upon approving one wallet address to a website, all other wallet addresses also get approved. Additionally, when switching between wallet addresses, the approval on the website also switches to the corresponding wallet address, which is not the expected behavior.

Steps to Reproduce:

  1. Install the Kelpr wallet Chrome extension on a Windows 11 system.
  2. Log in to the extension and add multiple wallet addresses.
  3. Navigate to a website that requires wallet address approval.
  4. Approve one of the wallet addresses for the website.
  5. Switch to another wallet address within the Kelpr extension.
  6. Observe that the approval on the website automatically switches to the newly selected wallet address.

Expected Behavior:

When approving a wallet address to a website, only the selected wallet address should be approved, and switching between wallet addresses within the Kelpr extension should not affect the approval status on the website. Each wallet address should maintain its connection to the respective website it was approved for.

Actual Behavior:

All wallet addresses get approved for the website simultaneously, and switching between wallet addresses results in the approval status on the website also switching accordingly. This behavior leads to confusion and potential damages as it does not accurately reflect the intended connection between wallet addresses and websites.

Additional Information:

Proposed Solution:

Implement a fix that ensures only the selected wallet address is approved for a website, and switching between wallet addresses within the Kelpr extension does not affect the approval status on websites. This may involve updating the extension's logic for managing wallet address approvals and maintaining separate connections for each wallet address.

Priority:

This issue should be treated as high priority due to its potential impact on users' financial security and the integrity of their wallet connections.

Thank you for addressing this critical issue promptly.

dogemos commented 8 months ago

Hi @Bamiboygraphics,

This is by design, and an intentional design decision we have made with consideration of the tradeoffs that exist.

We believe that the norm of approving websites on a per-account basis in the Ethereum world is poor UX. Allowing users to interact with the 'connect wallet' once, and not every single time, is a big win for crypto UX.

It allows for Keplr to develop new wallet API features which can allow dApps to be seamlessly be multichain and multiaccount (i.e. managing portfolio views across multiple addresses, requesting transaction approval to different addresses without the users having to manually switch).

The team will consider allowing users to opt-out of this design, but as of now, it's not marked as a high-priority task. If users wish, they may use Chrome profiles as an alternative.

Best regards,

Bamiboygraphics commented 8 months ago

@dogemos

Thank you for taking the time to provide such a comprehensive response. I understand the considerations behind your design decision and the benefits it brings to user experience within the Ethereum ecosystem. While I appreciate the convenience of signing in once and avoiding repetitive interactions with the "connect wallet" feature, I still have some lingering concerns regarding security and user control.

Given the sensitive nature of assets and liquidity in the crypto space, the potential risk of inadvertently granting access to all accounts when switching addresses is a valid concern. Although I trust in the security measures implemented by Keplr, as a user, having more transparency and control over which accounts are connected to a website would provide added peace of mind. From a UX perspective, I agree that minimizing extra clicks is generally favorable, but in cases involving financial assets, exceptions should be made to prioritize user control and security. A potential solution could be adopting a similar approach to MetaMask's initial connection process, where users are prompted to select which accounts they want to grant access to for a specific website. This way, users maintain agency over their connections, ensuring they are aware of and intentional about the access granted.

I understand that this may not currently be a high-priority task for your team, but I believe offering users the option to opt-out of the default connection behavior would enhance the flexibility and security of the Keplr wallet.

Thank you once again for your insightful response and for considering my feedback. I appreciate the transparency and dialogue around this issue. Best regards.