Skip to content

feat: wallet SDK better flow, mitm protection #19477

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
AztecBot merged 1 commit into from
Jan 13, 2026
Merged

feat: wallet SDK better flow, mitm protection #19477

AztecBot merged 1 commit into from
Jan 13, 2026

Conversation

@Thunkar
Copy link
Contributor

@Thunkar Thunkar commented Jan 9, 2026

Improved discovery on the SDK:

  • Avoid "connect" messages and handle everything on the discovery
  • Hash the derived shared key and expose it (independently) at the app and extension levels, so the user can visually inspect they're connected to the expected wallet

@Thunkar Thunkar self-assigned this Jan 9, 2026
nventuro
nventuro approved these changes Jan 12, 2026
View reviewed changes
yarn-project/wallet-sdk/src/providers/extension/extension_provider.ts
sharedKey,
});
} catch {
// Failed to derive key, skip this wallet
Copy link
Contributor

@nventuro nventuro Jan 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Logs?

Copy link
Contributor Author

@Thunkar Thunkar Jan 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

console.log is forbidden by the linter and I'm reluctant to add an opinionated logger here (we have a lot of that as it is...)

yarn-project/wallet-sdk/src/crypto.ts
Comment on lines +290 to +293
const EMOJI_ALPHABET = [
'🔵',
'🟢',
'🔴',
Copy link
Contributor

@nventuro nventuro Jan 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

wow

Copy link
Contributor Author

@Thunkar Thunkar Jan 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You'll love it

yarn-project/wallet-sdk/README.md
# Wallet SDK Integration Guide for Third-Party Wallet Developers

This guide explains how to integrate your wallet with the Aztec Wallet SDK, enabling dApps to discover and interact with your wallet implementation.

Copy link
Contributor

@nventuro nventuro Jan 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks claude

@Thunkar
feat: wallet SDK better flow, mitm protection
49a5954 
Improved discovery on the SDK:

* Avoid "connect" messages and handle everything on the discovery
* Hash the derived shared key and expose it (independently) at the app and extension levels, so the user can visually inspect they're connected to the expected wallet

Co-authored-by: thunkar <gregojquiros@gmail.com>
@AztecBot AztecBot force-pushed the gj/extension_wallet_simplification_verification branch from 1d85840 to 49a5954 Compare January 13, 2026 05:34
@AztecBot AztecBot enabled auto-merge January 13, 2026 05:34
@AztecBot AztecBot added this pull request to the merge queue Jan 13, 2026
@AztecBot
Copy link
Collaborator

AztecBot commented Jan 13, 2026
edited
Loading

Flakey Tests

🤖 says: This CI run detected 2 tests that failed, but were tolerated due to a .test_patterns.yml entry.

\033FLAKED\033 (8;;http://ci.aztec-labs.com/d23d0119e1f4445c�d23d0119e1f4445c8;;�): yarn-project/end-to-end/scripts/run_test.sh web3signer src/composed/web3signer/e2e_multi_validator_node_key_store.test.ts (36s) (code: 1) (\033Aztec Bot\033: feat: wallet SDK better flow, mitm protection (#19477))
\033FLAKED\033 (8;;http://ci.aztec-labs.com/c23cba1d7651d9af�c23cba1d7651d9af8;;�):  yarn-project/end-to-end/scripts/run_test.sh simple src/e2e_p2p/gossip_network.test.ts (438s) (code: 1) group:e2e-p2p-epoch-flakes (\033Aztec Bot\033: feat: wallet SDK better flow, mitm protection (#19477))

Merged via the queue into next with commit 7e7fe92 Jan 13, 2026
17 checks passed
@AztecBot AztecBot deleted the gj/extension_wallet_simplification_verification branch January 13, 2026 06:10
github-actions bot pushed a commit that referenced this pull request Jan 13, 2026
@Thunkar
feat: wallet SDK better flow, mitm protection (#19477)
f7599c8 
Improved discovery on the SDK:

* Avoid "connect" messages and handle everything on the discovery
* Hash the derived shared key and expose it (independently) at the app
and extension levels, so the user can visually inspect they're connected
to the expected wallet
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nventuro nventuro nventuro approved these changes

@sirasistant sirasistant Awaiting requested review from sirasistant

Assignees

@Thunkar Thunkar

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Thunkar @AztecBot @nventuro