WalletConnect Security.

The security properties and known weak points of the WalletConnect open protocol, which lets dApps pair with mobile and hardware wallets over a relay network using QR codes or deep links to exchange signed messages. 它属于网络安全的 Web3 与区块链 分类。

The security properties and known weak points of the WalletConnect open protocol, which lets dApps pair with mobile and hardware wallets over a relay network using QR codes or deep links to exchange signed messages.

WalletConnect is the dominant open protocol (v2 is the current generation, by Reown) for pairing decentralized applications with mobile and hardware wallets. The dApp displays a QR code or deep link encoding a pairing URI; the wallet scans or opens it, derives a shared session key, and from then on the two parties exchange JSON-RPC messages over a public relay network. The wallet remains in custody of all keys; the dApp can only request signatures, which the wallet displays for explicit user approval. Security properties depend on three things working: end-to-end encryption between dApp and wallet through the relay (so the relay sees only opaque payloads), strict scoping of the session's methods and chains (a session approved for `eth_sendTransaction` shouldn't be able to sneak in `personal_sign`), and the wallet's UI clearly rendering what is being signed. Known weak points include fake pairing pages that capture the QR-code URI and replay it against the user's wallet, session-hijack research, and phishing dApps that exploit weak signing-display in older wallets. Defenses: always pair from inside the wallet (not by typing a URI), verify the dApp's displayed domain, and prefer wallets with strong EIP-712 display.

针对 WalletConnect Security 的防御通常结合技术控制与运营实践,详见上方完整定义。

常见的别称包括: WalletConnect v2, Reown protocol。