-
Notifications
You must be signed in to change notification settings - Fork 211
CAIP-372 - Wallet Information Metadata Standard #372
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
pedrouid
wants to merge
4
commits into
ChainAgnostic:main
Choose a base branch
from
pedrouid:caip372-wallet-info
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from all commits
Commits
Show all changes
4 commits
Select commit
Hold shift + click to select a range
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,130 @@ | ||
| --- | ||
| caip: 372 | ||
| title: Wallet Information Metadata Standard | ||
| author: Pedro Gomes (@pedrouid) | ||
| discussions-to: https://github.com/ChainAgnostic/CAIPs/pull/372 | ||
| status: Draft | ||
| type: Standard | ||
| created: 2025-08-11 | ||
| --- | ||
|
|
||
| ## Simple Summary | ||
|
|
||
| This CAIP defines a standard `WalletInfo` metadata object to identify and validate the wallet provider that a client application is interacting with. | ||
| It can be used across RPC methods, APIs, and protocols to provide consistent, cross-chain wallet identification. | ||
|
|
||
| ## Abstract | ||
|
|
||
| The `WalletInfo` object provides a minimal, standardized set of fields that uniquely identify a wallet provider and allow dApps to confirm they are connected to the intended wallet. | ||
| The object is designed for use in [CAIP-25] session properties, [CAIP-282] messages, and other API contexts. | ||
| The definition includes a UUIDv4 identifier, human-readable name, icon URI, and reverse-DNS string to support clear and reliable wallet identification. | ||
|
|
||
| ## Motivation | ||
|
|
||
| Wallet providers often expose their brand, capabilities, or identity inconsistently across blockchains and APIs. | ||
| This creates friction for dApps attempting to present clear wallet branding or confirm that the connection is genuine. | ||
|
|
||
| By standardizing `WalletInfo`, wallet providers can: | ||
|
|
||
| - Ensure a consistent presentation across dApps and chains. | ||
| - Reduce risk of misidentification or spoofing by unverified wallets. | ||
| - Facilitate richer integrations in protocols like CAIP-25 and CAIP-282. | ||
|
|
||
| For dApps, this enables: | ||
|
|
||
| - Trust signals to the user (correct wallet branding and identity). | ||
| - Improved debugging and support workflows. | ||
| - Safer handling of wallet interactions across chains. | ||
|
|
||
| ## Specification | ||
|
|
||
| A `WalletInfo` object MUST contain the following fields: | ||
|
|
||
| - **uuid**: A globally unique identifier (UUIDv4) generated by the wallet provider to uniquely distinguish different wallet provider sessions that have otherwise matching properties.The cryptographic uniqueness of UUIDv4 ensures separate identification of independent sessions. | ||
| - **name**: A human-readable name or alias of the wallet provider, suitable for display to the user (e.g., "Example Wallet Extension" or "Awesome Example Wallet"). | ||
| - **icon**: A URI pointing to an image asset representing the wallet. The image SHOULD be square, with a minimum resolution of 96×96px. SVG or PNG formats are recommended. The asset SHOULD be optimized for display on both light and dark backgrounds. | ||
| - **rdns**: The reverse domain name string identifying the wallet provider (e.g., `com.example.wallet`). This is expected to remain stable throughout the lifetime of the wallet product. dApps MUST be prepared to handle values that are unknown, invalid, or potentially misleading, similar to handling user agent strings in web browsers. | ||
|
|
||
| Wallet providers SHOULD generate and maintain the same `uuid` only for the lifetime of a given page/session context, not permanently across user devices, to avoid unnecessary tracking while preserving identification during the session. | ||
|
|
||
| ## Examples | ||
|
|
||
| ### Example in CAIP-25 RPC Response | ||
|
|
||
| ```jsonc | ||
| { | ||
| "id": 1, | ||
| "jsonrpc": "2.0", | ||
| "result": { | ||
| "sessionId": "0xdeadbeef", | ||
| "wallet": { | ||
| "methods": ["wallet_pay"], | ||
| "notifications": [], | ||
| "info": { | ||
| "uuid": "350670db-19fa-4704-a166-e52e178b59d2", | ||
| "name": "Example Wallet", | ||
| "icon": "data:image/svg+xml,<svg xmlns='http://www.w3.org/2000/svg'/>", | ||
| "rdns": "com.example.wallet" | ||
| }, | ||
| "capabilities": { | ||
| "walletService": "https://wallet-service.example.com/rpc" | ||
| } | ||
| } | ||
| } | ||
| } | ||
| ``` | ||
|
|
||
| ### Example in CAIP-282 `wallet_announce` Message | ||
|
|
||
| ```typescript | ||
| // for "wallet_announce" method | ||
| interface WalletAnnounceParams { | ||
| info: WalletInfo; | ||
| scopes?: AuthorizationScopes; | ||
| } | ||
| ``` | ||
|
|
||
| Example payload: | ||
|
|
||
| ```json | ||
| { | ||
| "method": "wallet_announce", | ||
| "params": { | ||
| "info": { | ||
| "uuid": "350670db-19fa-4704-a166-e52e178b59d2", | ||
| "name": "Example Wallet", | ||
| "icon": "https://example.com/icon.png", | ||
| "rdns": "com.example.wallet" | ||
| }, | ||
| "scopes": { | ||
| "eip155:1": ["eth_sendTransaction"] | ||
| } | ||
| } | ||
| } | ||
| ``` | ||
|
|
||
| ## Rationale | ||
|
|
||
| Standardizing wallet identification metadata: | ||
|
|
||
| - Reduces dApp logic required for wallet detection. | ||
| - Creates a consistent user experience for wallet branding. | ||
| - Minimizes risk of spoofing by enforcing a predictable set of fields. | ||
| - Works across chains and protocols (CAIP-25, CAIP-282, and beyond). | ||
|
|
||
| The `uuid` field is ephemeral enough to avoid unnecessary tracking while still providing strong uniqueness during the session lifecycle. | ||
|
|
||
| ## Backwards Compatibility | ||
|
|
||
| This CAIP is additive and backward compatible. | ||
| dApps and wallets that do not recognize or provide `WalletInfo` can continue to function without changes. | ||
| Implementations MAY omit or ignore unknown fields without causing errors. | ||
|
|
||
| ## References | ||
|
|
||
| - [CAIP-25: Create Session](https://github.com/ChainAgnostic/CAIPs/blob/main/CAIPs/caip-25.md) | ||
| - [CAIP-282: Wallet Communication](https://github.com/ChainAgnostic/CAIPs/pull/282) | ||
|
|
||
| ## Copyright | ||
|
|
||
| Copyright and related rights waived via [CC0](https://creativecommons.org/publicdomain/zero/1.0/). | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
tbh i got a little confused by whether you meant properties of a caip-25 session or sessionProperties specifically... and then went down the rabbithole of what situations would justify dapps sending the WalletInfo object to a wallet (tell me if you're not this wallet? correct this if you've upgraded since last session?)
Uh oh!
There was an error while loading. Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@pedrouid reviewing this again a month later, I think i want the informational/privacy assumptions more clearly defined in ## Motivation ? happy to hash them out together on a call, it just makes it a little hard to review/approve without constraints on when to use this and when not to use this... would feel better about requesting review from people if the privacy assumptions (ideally including where NOT to use this or what NOT to share) were spelled out