Comments (13)
This is a breaking change (can at least break TypeScript in dapps) but I think it's important to make.
from wallet-adapter.
Whether or not they remove the feature, they should definitely remove the info from their adapter and most importantly the wallet shouldn't expose that info.
Can you reach their team with this? Hopefully we get a fix asap, as these scams seem to be more common by the day.
from wallet-adapter.
The adapter only exposes the state of the wallet. If a dapp wants to abuse autoApprove, they can detect it from the wallet extension directly anyway.
I agree generally that wallets should remove this feature. The limited purposes it solves for traders on trusted dapps is not worth average users losing funds to scams.
I'll check in with the wallet providers that have this feature, as I believe some of them are already phasing it out.
from wallet-adapter.
Yeah, I figured so, but both cases were using the adapter and decided to start here.
I thought that wallets could still auto-approve without telling the app it is auto-approving?
I'm against removing the feature, but it shouldn't be easily accessible to people who don't know what they're doing. Beyond the UX question, my issue really is the apps being able to know if the wallet is doing auto or not, and then having different behaviors trying to force the user to use auto approval.
from wallet-adapter.
I thought that wallets could still auto-approve without telling the app it is auto-approving?
Maybe they can, but the ones that have the feature expose it on their interface.
I'm against removing the feature
I'm not, and wallet providers seemingly aren't. It's likely to be removed because it encourages a broken security practice.
from wallet-adapter.
The use of this pattern derives from https://github.com/project-serum/sol-wallet-adapter/blob/be3fb1414425dc8ae64d67599d677f9acc09fe4c/src/index.ts#L163-L165
Most wallets don't actually have this feature, and we don't think it's a good idea, so we should drop it.
from wallet-adapter.
Its a move in the right direction, should prevent things like this from happening
from wallet-adapter.
Yikes, is that real code from one of these malicious dapps?
from wallet-adapter.
Yes. Another was doing even worse, with specific prompts to ask the user to refresh and select auto-approve.
from wallet-adapter.
Woof. Thanks for that. So they are actually just detecting it on window.solana
which means they aren't checking the adapter state at all then.
I'm all for removing this once we have buy in to hide it from Phantom at least.
from wallet-adapter.
I'm in contact with Phantom and Solflare and I'm working on removing it from wallet-adapter now.
from wallet-adapter.
Cool. Thank you
from wallet-adapter.
Published:
- @solana/[email protected]
- @solana/[email protected]
- @solana/[email protected]
- @solana/[email protected]
- @solana/[email protected]
- @solana/[email protected]
- @solana/[email protected]
- @solana/[email protected]
- @solana/[email protected]
- @solana/[email protected]
- @solana/[email protected]
- @solana/[email protected]
- @solana/[email protected]
- @solana/[email protected]
- @solana/[email protected]
- @solana/[email protected]
- @solana/[email protected]
- @solana/[email protected]
- @solana/[email protected]
- @solana/[email protected]
- @solana/[email protected]
- @solana/[email protected]
from wallet-adapter.
Related Issues (20)
- sendTransaction doesn't work with String data HOT 1
- Sending SPL token using getOrCreateAssociatedTokenAccount wallets without the token doesn't work HOT 2
- Request blocked Warning from phantom wallet HOT 1
- I can't get the wallet to open to initiate a transaction. HOT 5
- Error: Hydration failed because the initial UI does not match what was rendered on the server. HOT 2
- WalletSignTransactionError: Reached end of buffer unexpectedly HOT 1
- Detailed error messages on transaction sending HOT 2
- TrustWallet - Cannot read properties of undefined (reading "serialize") HOT 1
- 500 ERROR When selecting wallet on ios mobile devices HOT 1
- Feature: disable auto-detect for wallets HOT 2
- Wallet -adapter issue for Math wallet
- Add OKX wallet adapter HOT 12
- error :./scripts/cargo-install-all.sh . HOT 1
- More hooks HOT 5
- Phantom wallet cannot be detected
- When any wallet is not installed, users can be guided to install it
- onAccountChange is not able to listen when phantom wallet account changed HOT 1
- Coinabase Wallet transaction on Solana DevNet is failing
- Idk
- Documentation on how to unit test with creating a mock wallet provider.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from wallet-adapter.