You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The general idea would be for the wallet to remember certain eth signatures (perhaps the ones explicitly requested by the user, with a "remember this signature" prompt on every signature popup)
Then, if a connection of the same domain name requests a signature we already have in-memory, the wallet can automatically reply without user interaction.
The main goal here would be to improve UX of websites that, for better or worse, constantly ask you to sign the same thing as a login mechanism (mirror.xyz and gitcoin come to mind, I personally had this pain a few times)
Security considerations:
We need a safer mechanism for proving the domain a connection belongs to. The current approach is very naive, and would be easy to spoof here (it was never meant for verification, just informational)
Can we somehow distinguish signatures that are plaintext messages versus ones that would that could be used by other parties for malicious purposes (e.g.: perhaps we don't want to remember ERC-2612 signatures and other similar ones)
The text was updated successfully, but these errors were encountered:
This would probably be an experimental feature at first, due to security considerations.
See this thread (props to @wmitsuda, idea came from him)
The general idea would be for the wallet to remember certain eth signatures (perhaps the ones explicitly requested by the user, with a "remember this signature" prompt on every signature popup)
Then, if a connection of the same domain name requests a signature we already have in-memory, the wallet can automatically reply without user interaction.
The main goal here would be to improve UX of websites that, for better or worse, constantly ask you to sign the same thing as a login mechanism (mirror.xyz and gitcoin come to mind, I personally had this pain a few times)
Security considerations:
The text was updated successfully, but these errors were encountered: