Skip to content

[BUG] Trezu - Disconnect: Wallet can be disconnected without wallet-side confirmation #129

New issue
New issue
Open
Bug
Open
[BUG] Trezu - Disconnect: Wallet can be disconnected without wallet-side confirmation#129
Bug
Labels
bugSomething isn't working
Milestone
04-System UX / Nav
@rknearn-qa

Description

@rknearn-qa
rknearn-qa
opened on Feb 2, 2026

Summary

The Trezu application allows a user to disconnect their wallet without any wallet-side confirmation or transaction approval. Closing the wallet modal after initiating the disconnect action immediately disconnects the wallet, bypassing explicit user confirmation from the wallet provider.

Preconditions:

Steps To Reproduce

  1. Open Trezu with an already connected wallet.
  2. Click on the user profile / wallet menu.
  3. Select Disconnect.
  4. When the wallet modal opens, close the modal without approving or confirming any action.

Actual Result:

  • Wallet is disconnected immediately.
  • No wallet-side confirmation or approval is required.
  • Disconnect action completes even though the wallet interaction was not confirmed.
Disconnect.webm

Expected Result:

  • Disconnecting a wallet should require explicit user confirmation, either:

    • Through a wallet-side confirmation step, or
    • Via a clear in-app confirmation dialog before disconnecting.

  • Closing the wallet modal without confirmation should cancel the disconnect action.

  • Wallet connection state should remain unchanged unless explicitly confirmed.

Special Notes:

Possible Root Causes:

- Disconnect flow is handled purely on the frontend without wallet confirmation
- Wallet modal close event is treated as a successful disconnect
- Missing confirmation guard before clearing wallet session data
- Disconnect logic is executed optimistically before wallet response

Workarounds:

None.

Repro Rate:

Always (10/10)

Setup - OS - Browser - Environment

Windows 11 (x64, 1366x768)
Motorola G23 (Android 14, 1600 x 720)

Reproduced in:
Chrome 144.0.7559.97
Mozilla Firefox 144.0
staging

Resources & Additional Notes

Impact:

  • User:

    • Accidental wallet disconnection without clear intent
    • Confusing UX due to lack of confirmation

  • System:

    • Wallet connection state can be altered without explicit user approval

  • Business / Release Risk:

    • Low functional risk, but degrades trust and perceived security
    • Inconsistent wallet interaction behavior compared to industry standards

QA Verdict:

While technically not a blockchain-critical issue, this is a UX and security-consistency defect. Wallet connection state changes should always be intentional and explicitly confirmed to align with user expectations and Web3 best practices.

Relates to #110

Priority

🟠 P1 : High

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    Bug

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions