Speaking for MetaMask, we’re more amenable to this proposal and are reviewing it internally. Thanks @pedrouid for driving, and to everyone who contributed!
On the postMessage vs. dispatchEvent discussion, we believe that dispatchEvent is a good solution for the specific problem this EIP aims to solve, i.e. window.ethereum clobbering. We also agree that there’s a need for a more generic messaging protocol, however:
This EIP does not seem like the right place for it.
If we’re talking browser extensions, such a protocol should use the externally_connectable permission, which recently became possible after the Chrome team fixed this bug originally filed by @MicahZoltu.
I agree with @rekmarks feedback that the need for a more generalized communication protocol is important but this EIP is not the place for this as it only focuses on EIP-1193 provider discovery which dispatchEvent suffices
That being said a protocol with externally_connectable is on my radar and that would be part of a bigger scope of work which would address both provider discovery and interface
To the extent that we should concern ourselves with a browser that has less than 3% global market share, fair enough. Regardless, it shouldn’t be difficult to create a postMessage-based version of a protocol written for externally_connectable. Come to think of it, the standard should probably consist of a transport-agnostic message protocol with extensions for specific transports.
I know there are some significant drawbacks to this option, but I wanted to get a formal write-up of using scheme handlers for wallet discovery up just so we can discuss it more broadly.
Understood, Its a great alternative way for EIP-5749
I have been implementing a wallet standard for EVM chains which is based on the Wallet standard
I myself was working on this problem, previously I was trying to solve this by assigning each wallet their own “namespace” in the browser, something like window.wallets.metamask and window.wallets.backpack, but then quickly realised it will not be adopted by wallets as it requires a lot of work and also that anybody can update the data from window
Will integrate this in ethereum wallet adapter, how is the adoption like, any wallets integrating currently?
True… an attacker can override or proxy the payloads for dispatchEvent
But it’s better to take that risk than breaking compatibility with EIP-1193
My take is that we only get one take to break compatibility with EIP-1193 and if we are going to do it then the best candidate is CAIP-25
It’s a massive task to update all wallets and libraries to support an alternative provider interface (like EIP-1193) so this EIP-6963 is only tackling provider discovery
@pedrouid can you expand a bit further on why you think we only get one opportunity to break compatibility? Internet protocols have never followed that approach. Look at iterations on some of the following examples.
HTTP v1.0 / v1.1/ v1.2 / v2.0
TLS v1.0 / v1.1 / v1.2 / v1.3
SSL v1 / v2 / v3
OAuth v1 / v2.0 / v2.1
SAML v1.0 / v1.1 / v2.0
In every one of those cases there’s multiple iterations that occurred at various points of success with various degrees of adoption. I’m not following your line of reasoning that we only get one take to break compatibility. Similarly, isn’t the reason this is so contentious is because we are already breaking compatibility of the discovery mechanism portion of the protocol? Given the protocol encompasses more than just how messages are passed (window.ethereum → Event messaging) and what the interface looks like (EIP-1193 → CAIP-25) such as what failure states occur, what RPC methods are supported, what happens if we need to support multiple interfaces, etc can you expand more on why you believe keeping EIP-1193 is necessary versus adding CAIP-25 interface now?
True… an attacker can override or proxy the payloads for dispatchEvent
Uh that seems like a showstopper to me. A malicious third party iframe such as an advertisement on a DApp being able to MITM the message in order to modify the to address in a swap seems rather dangerous doesn’t it?
If an iframe is capable of modifying the window object in the way I described, we’re already screwed because the ethereum object lives on the window as well.
I can’t speak for @pedrouid, but breaking changes are painful, and we should make them judiciously.
I am curious, why are we not using window.evmproviders , coupled with a great frontend library, EIP5749 can be a better solution
Adding to what Pedro said, the initial idea of using events was to make sure no wallet was left behind since there might be a delay until the injection happens. This is currently managed by individual wallet events or a setTimeout (which isn’t ideal).
I also agree that evmproviders seems more fragile and easier to break. Regarding the iframe security concern, I think we could add an advise on the security considerations section about sandboxing any iframe used in the website. At least on the dapp side the issue will persist whether we use events, window.ethereum, postMessage or anything that’s attached to the window object.
If I’m not mistaken, sandboxing the iframe, as long as the allow-same-origin flag is not there, will prevent the iframe from overwriting the window object.
Hey everyone, me and Boidushya from WalletConnect collaborated on an example dapp that supports EIP-6963
It will detect any EIP-6963 compatible browser wallet and display them. Plus you can connect multiple in parallel and it will display the chain and the accounts
But since there aren’t any in production, we added a button to “emulate” window.ethereum as EIP-6963 provider by wrapping it into an announceProvider event
Also the word “wallet” should not be used in the standard. the assumption that every crypto browser extension is wrong. blockchain based account systems can be anything but a wallet. See UniversalProfiles for example. Yes it can be a wallet, but it’s a lot more than that.