CAIPs icon indicating copy to clipboard operation
CAIPs copied to clipboard
verified publisher icon ChainAgnostic

[CAIP-27] Corner-cases around accounts assumptions

Open bumblefudge opened this issue 2 years ago • 1 comments

Some methods implicitly or explicitly assume exactly one account. If multiple accounts have been authorized by CAIP-25, but none "selected"/set-as-default/etc, calling said methods via CAIP-27 might produce unexpected or, worse, insecure behavior. Some mitigations that have been floated so far include:

  • CAIP-25 caveats/permissions/etc that would select a "default"/preference explicitly at time of provider authorization
  • CAIP-27 failure response with specific error message in case of ambiguity between accounts
  • CAIP-27 failure response with specific error message in case of zero accounts authorized for that chain

But maybe what's more needed is a use case (so far no CAIPs have a ## Use Cases section!), or a good, meaty example of a corner case where this happen? Do people know of EIPs that explicitly or implicitly define a method assuming exactly one account?

(Moved out of CAIP-27 Discussion)

bumblefudge avatar Jan 18 '23 15:01 bumblefudge

Can you give exact examples for these?

WalletConnect v2.0 is now in production which is compatible with both CAIP-25 and CAIP-27

We haven’t found any of these corner cases for both EVM and non-EVM chains

pedrouid avatar Jul 06 '23 22:07 pedrouid