Open talentlessguy opened 4 weeks ago
@talentlessguy I'm also able to reproduce this with Wagmi (npm create wagmi@latest).
I don't think this is a RainbowKit specific issue. If this is a security concern, then it's better to raise a PR for Wagmi here.
@talentlessguy I'm also able to reproduce this with Wagmi (npm create wagmi@latest).
I don't think this is a RainbowKit specific issue. If this is a security concern, then it's better to raise a PR for Wagmi here.
From what I understand this happens only with a Rainbow connector in wagmi. Seems like that's where the issue is happening.
@talentlessguy I'll look at it again and report back 👍
This happens exclusively with rainbow connector because it initializes WC
Is there any solution for this? I don't want walletconnect and definitely don't want it opening up a websocket connection
@floticerus I think if you have an injected connector it won't initialize WC at all
@floticerus There isn't a way to do this unless you don't use wallets that use WC. Like @talentlessguy said you can use injected connector (injectedWallet
) for now, but we're going to work on lazy loading the connectors soon.
Is there an existing issue for this?
RainbowKit Version
2.1.2
wagmi Version
2.9.8
Current Behavior
Even if you're not using WalletConnect anywhere in your app, it still gets initialized. When it's initialized, it makes a few requests to the relay, which is used in WalletConnect analytics service. Basically it's spyware imposed on anyone who uses RainbowKit in their app, even if they don't opt in to it. I think this is a huge security hole, because WalletConnect gathers users' data without consent without even using their wallet lib.
WalletConnect shouldn't initialize before connecting to WC. This is specific to RainbowKit, as wagmi doesn't do that.
Expected Behavior
WalletConnect not being enabled if not imported. Only enable it if you import it explicitly.
Steps To Reproduce
Link to Minimal Reproducible Example (CodeSandbox, StackBlitz, etc.)
https://stackblitz.com/edit/vitejs-vite-rbsdea?file=src%2Fconfig.ts
Anything else?
No response