When a user goes to a crypto-related website (like Pancakeswap for example), the website asks the user to connect their wallet (eg Metamask, Binance Chain Wallet). I have several questions:
-
What exactly happens when the user connects their wallet? Is there a transaction that records this "connection" on the blockchain, or is the fact that the wallet is connected to this site somehow stored locally on the user's machine? How does the website know that the user agreed to connect their wallet at some point in the past? I suspect this has something to do with web3.js somehow being injected, but I'm not sure.
-
If I run a site locally (on localhost), is it safe to connect my wallet to localhost? Or does this create security risks?
Best Answer
Connecting your wallet doesn't really do much: it doesn't send any transactions. About all it does it gives your wallet's public address to the website and the possibility for the website to request actions from the wallet - actions which you, as a user, need to accept manually.
In theory, everything would be smoother and more user friendly if your wallet automatically connected to a site whenever needed. But the connection is not automatic for security reasons: by auto-connecting (or even just by telling the site that you have a wallet) you would give too much information to the website. A malicious website might try to detect whether a user has a wallet, and if does, then the site could start various crypto scams / phishing attacks. If the website has no idea whether you even have a wallet (as is the case) unless you connect your wallet, the website has no idea whether it's worth it to even try some sort of nasty stuff.
So if you run code you are familiar with (or trust), you can safely connect your wallet locally. Also in general connecting your wallet to any website isn't a big security risk, but it's simply better to not connect unless you have a need for it.