Merge pull request #19 from lukasrosario/lukas/atomicity-feedback

update security consideration section
ethereum · Jan 22, 2025 · 379a2f3 · 379a2f3
2 parents 30c907f + 5f5d026
commit 379a2f3
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/EIPS/eip-5792.md b/EIPS/eip-5792.md
@@ -324,7 +324,11 @@ Wallets that do not support the methods defined here SHOULD return error respons
 
 ## Security Considerations
 
-App developers MUST treat each call in a batch as if the call were an independent transaction. In other words, there may be additional untrusted transactions between any of the calls in a batch. The calls in the batch MAY also be included in separate, non-contiguous blocks. There is no constraint over how long it will take all the calls in a batch to be included. Apps MUST encode deadlines and timeout behaviors in the smart contract calls, just as they do today for transactions, including ones otherwise bundled. App developers MUST NOT assume that all calls will be sent in a single transaction.
+App developers MUST NOT assume that all calls will be sent in a single transaction if they were submitted to a wallet with a capability defining how to execute the calls non-atomically. The exact behavior of non-atomically executed calls is to be defined in separate ERCs.
+
+Wallets MUST ensure that batch identifiers returned by `wallet_sendCalls` are unpredictable to prevent malicious apps from inferring information about other users' transactions.
+
+Wallets MUST NOT leak sensitive information in `wallet_getCallsStatus` `capabilities` responses.
 
 ### Privacy Considerations