Overview of EIP-6963: How to Resolve Disputes Between a Single Network Browser and Multiple Wallet Providers?

EIP-6963: Resolving Disputes Between Network Browser and Multiple Wallet Providers

EIP-6963 aims to enhance interoperability among multiple wallet providers, reduce barriers to entry for new providers, and improve user experience on the Ethereum network. Mundus Security provides an overview of the standard’s definition, impact, and pros and cons.

Currently, wallet providers who offer browser extensions must inject the browser window.ethereum object according to the EIP-1193 standard. This mechanism poses challenges for users who have installed multiple browser extension programs. To address this issue, EIP-6963 proposes an alternative discovery mechanism for window.ethereum for EIP-1193 providers. This mechanism suggests introducing a set of window events that allow for bidirectional communication protocol between the Ethereum library and the injection scripts provided by browser extensions. This solution optimizes the interoperability of multiple wallet providers and reduces barriers to entry for new wallet providers.

The advantages of EIP-6963 include: 1) No single point of failure: the elimination of a single point of failure by allowing multiple wallet providers; 2) Reduced reliance on a single provider: the Ethereum community currently heavily relies on MetaMask, which poses a potential risk if MetaMask suffers an attack, as a large portion of users will be affected; 3) Users have greater control over their security and can choose wallet providers that align with their personal security preferences and trust.

The risks of EIP-6963 include: 1) Increased attack surface: more wallet providers may become targets of malicious actors; 2) EIP-6963 suggests using SVG images as wallet provider icons, but SVG images may contain JavaScript code, which may pose cross-site scripting (XSS) risks; 3) Although the EIP does not directly disrupt existing applications by replacing window.ethereum, it suggests doing so after the user chooses a wallet, which should be verified by a third party or auditor in each implementation.

Reference: https://mundus.dev/tpost/76iu0k1ot1-overview-of-eip-6963-a-possible-solution