Written by: Mundus Security Compiled by: Deep Tide TechFlow
The recently proposed EIP-6963 aims to resolve conflicting issues that arise when users try to use multiple wallet providers within a single web browser. In this case, these conflict issues can lead to a degraded user experience, hinder users from controlling their Ethereum interface, and complicate the process of interacting with dApps.
Introduction to the problem
Currently, wallet providers offering browser extensions must inject their ethereum provider (per the EIP-1193 standard) into the browser's ethereum object. This mechanism creates a problem for users who have installed multiple browser extensions. Browser extensions are loaded into web pages in an unpredictable and erratic order, making it impossible for users to choose their own Ethereum wallet in the ethereum object. Usually, the last wallet to load is the one that pops up the control page.
EIP-6963: Proposed solution
To address this, EIP-6963 proposes an existing mechanism to replace ethereum's EIP-1193 provider. The proposal introduces a set of window events to enable a two-way communication protocol between Ethereum libraries and injected scripts provided by browser extensions. This solution optimizes interoperability between multiple wallet providers, lowers the barrier to entry for new wallet providers, and improves user experience on the Ethereum network.
The proposal outlines a standardized provider information interface (EIP6963ProviderInfo), which is essential for populating the wallet selection popup. It also highlights the importance of declaring the provider interface (EIP6963ProviderDetail), which leaves the EIP-1193 provider interface unchanged for backward compatibility.
Key properties in the provider information interface include:
walletId: Globally unique identifier of the wallet provider (for example, io.dopewallet.extension or awesomewallet).
**uuid: **UUID v4.0 compliant locally unique identifier for the wallet provider.
name: Human-readable name of the wallet provider (for example, DopeWalletExtension or Awesome).
icon: A URI pointing to an image, should be a square with a minimum resolution of 96x96px. PNG and WebP or vector image formats such as SVG are recommended. The proposal team strongly discourages the use of lossy formats like JPG/JPEG.
In terms of triggering events, both the Ethereum library and the wallet provider use the dispatchEvent function to emit events and addEventListener to observe events. When the Ethereum library initializes, it emits an "eip6963:requestProvider" event, and the wallet provider emits an "eip6963:announceProvider" event, along with details of its provider interface and information.
Impact of EIP-6963
According to optimistic estimates, the acceptance and implementation of EIP-6963 may take about three to six months. This development could lead to a new wallet story by the end of the year, potentially breaking the hegemony of leading wallet providers like Metamask and creating a more competitive environment among providers.
Wallets such as Coin98, Coinbase Wallet, Trust Wallet, Phantom, Taho, Rabby, Frame, XDEFI, Rainbow, Zerion, Spot, Frontier, MEW, Dawn Wallet, Blockwallet, Bitski, SafePal, BitKeep, and MathWallet are poised to benefit from this development .
pros and cons:
EIP-6963 raises some security issues to consider.
advantage:
NO SINGLE POINT OF FAILURE: By allowing multiple wallet providers, we have eliminated the problem of a single point of failure. This is beneficial in terms of security, as it means that if one wallet provider suffers an attack or technical failure, users have alternatives available.
Reduce reliance on a single provider: Currently, the Ethereum community relies heavily on one provider, MetaMask. This poses a potential risk because if MetaMask is compromised, most Ethereum users will be affected. By supporting multiple wallets, EIP-6963 spreads risk.
Enhanced User Control: The ability to choose multiple wallet providers gives users greater control over their security. Users can choose a wallet provider that matches their personal security preferences and level of trust.
shortcoming:
** Increased attack surface: ** Implementing EIP-6963 increases the attack surface. This is due to the increased number of wallet providers that can be attacked by malicious actors. Every wallet provider should adhere to high security standards to minimize this risk.
**Potential risks of SVG image utilization: **EIP-6963 proposes to use SVG images as icons for wallet providers. However, SVG images may contain Java code, which may present a cross-site scripting (XSS) risk. While the EIP does specify that SVG images should be rendered using tags to prevent Java execution, this recommendation can only be verified by third parties or auditors of each implementation.
Impact of replacing ethereum: While EIP does not directly disrupt existing applications by replacing ethereum, it suggests doing so after users choose a wallet. This recommendation can only be verified in each implementation by a 3rd party or auditor.
in conclusion
EIP-6963 aims to enhance interoperability between multiple wallet providers, lower barriers to entry for new providers, and improve user experience on the Ethereum network. At the same time, the impact on security is complex.
Users, wallet providers, and Ethereum library developers must adhere to best practices to ensure the Ethereum ecosystem remains secure.
By implementing this proposal, the Ethereum ecosystem can evolve towards a more user-friendly and competitive environment, benefiting both wallet providers and their users.
View Original
The content is for reference only, not a solicitation or offer. No investment, tax, or legal advice provided. See Disclaimer for more risks disclosure.
Analysis of multi-wallet conflict resolution EIP-6963
Written by: Mundus Security Compiled by: Deep Tide TechFlow
The recently proposed EIP-6963 aims to resolve conflicting issues that arise when users try to use multiple wallet providers within a single web browser. In this case, these conflict issues can lead to a degraded user experience, hinder users from controlling their Ethereum interface, and complicate the process of interacting with dApps.
Introduction to the problem
Currently, wallet providers offering browser extensions must inject their ethereum provider (per the EIP-1193 standard) into the browser's ethereum object. This mechanism creates a problem for users who have installed multiple browser extensions. Browser extensions are loaded into web pages in an unpredictable and erratic order, making it impossible for users to choose their own Ethereum wallet in the ethereum object. Usually, the last wallet to load is the one that pops up the control page.
EIP-6963: Proposed solution
To address this, EIP-6963 proposes an existing mechanism to replace ethereum's EIP-1193 provider. The proposal introduces a set of window events to enable a two-way communication protocol between Ethereum libraries and injected scripts provided by browser extensions. This solution optimizes interoperability between multiple wallet providers, lowers the barrier to entry for new wallet providers, and improves user experience on the Ethereum network.
The proposal outlines a standardized provider information interface (EIP6963ProviderInfo), which is essential for populating the wallet selection popup. It also highlights the importance of declaring the provider interface (EIP6963ProviderDetail), which leaves the EIP-1193 provider interface unchanged for backward compatibility.
Key properties in the provider information interface include:
In terms of triggering events, both the Ethereum library and the wallet provider use the dispatchEvent function to emit events and addEventListener to observe events. When the Ethereum library initializes, it emits an "eip6963:requestProvider" event, and the wallet provider emits an "eip6963:announceProvider" event, along with details of its provider interface and information.
Impact of EIP-6963
According to optimistic estimates, the acceptance and implementation of EIP-6963 may take about three to six months. This development could lead to a new wallet story by the end of the year, potentially breaking the hegemony of leading wallet providers like Metamask and creating a more competitive environment among providers.
Wallets such as Coin98, Coinbase Wallet, Trust Wallet, Phantom, Taho, Rabby, Frame, XDEFI, Rainbow, Zerion, Spot, Frontier, MEW, Dawn Wallet, Blockwallet, Bitski, SafePal, BitKeep, and MathWallet are poised to benefit from this development .
pros and cons:
EIP-6963 raises some security issues to consider.
advantage:
shortcoming:
in conclusion
EIP-6963 aims to enhance interoperability between multiple wallet providers, lower barriers to entry for new providers, and improve user experience on the Ethereum network. At the same time, the impact on security is complex.
Users, wallet providers, and Ethereum library developers must adhere to best practices to ensure the Ethereum ecosystem remains secure.
By implementing this proposal, the Ethereum ecosystem can evolve towards a more user-friendly and competitive environment, benefiting both wallet providers and their users.