The metamask documentation has this code: https://docs.metamask.io/guide/getting-started.html#basic-considerations
const ethereumButton = document.querySelector('.enableEthereumButton'); const showAccount = document.querySelector('.showAccount');
ethereumButton.addEventListener('click', () => { getAccount(); });
async function getAccount() { const accounts = await ethereum.request({ method: 'eth_requestAccounts' }); const account = accounts[0]; showAccount.innerHTML = account; }
Which allows the user to sign in with their metamask password to give access to their ethereum wallet addresses.
This is helpful because in my react application, if they have metamask installed and sign in like the process above requires, I get access to their wallet. with this address i can now check through an api to see the stuff like nfts and such they have in their wallet.
My application requires for any user to sign in with their wallet and interact with my application with NFTS they own.
My biggest concern is, how do I ensure with metamask that the person using my application is the owner of the wallet address? In theory, anyone who knows anyones public wallet address could change a react component state with the copy and pasted address, and then could see all potential info, or even worse: claim accounts inside my application with the wallet address.
How do I ensure this is not the case?
