Skip to content

Fix: Initialize Web3 with injected provider when MetaMask is available #89

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Rav1Chauhan wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fix: Initialize Web3 with injected provider when MetaMask is available #89

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 17 additions & 12 deletions djed-sdk/src/web3.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,15 +1,20 @@
import Web3 from "web3";

export const getWeb3 = (BLOCKCHAIN_URI) =>
new Promise((resolve, reject) => {
if (window.ethereum) {
try {
const web3 = new Web3(BLOCKCHAIN_URI);
resolve(web3);
} catch (error) {
reject(error);
}
} else {
reject("Please install Metamask");
export const getWeb3 = async (URI) => {
if (typeof window !== "undefined" && window.ethereum) {
try {
const web3 = new Web3(window.ethereum);

// Request account access (important)
await window.ethereum.request({ method: "eth_requestAccounts" });

return web3;
} catch (error) {
console.error("User denied account access", error);
throw error;
Comment on lines +12 to +14
Copy link

@coderabbitai coderabbitai bot Feb 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Catch-all error message misleadingly implies the error is always a user denial.

"User denied account access" is only accurate for the EIP-1193 user-rejection code (4001). The same catch block fires for any runtime error (e.g., window.ethereum.request missing, unexpected provider failures). Either narrow the message or inspect the error code before logging.

🛡️ Suggested fix 
-      console.error("User denied account access", error);
+      console.error("Failed to request account access", error);

Or, if you want to preserve the specific message for user rejections:

     } catch (error) {
+      if (error.code === 4001) {
+        console.error("User denied account access", error);
+      } else {
         console.error("User denied account access", error);
+      }
       throw error;
     }

Simplified:

-      console.error("User denied account access", error);
+      const msg = error?.code === 4001
+        ? "User denied account access"
+        : "Failed to initialize wallet provider";
+      console.error(msg, error);
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
} catch (error) {
console.error("User denied account access", error);
throw error;
} catch (error) {
const msg = error?.code === 4001
? "User denied account access"
: "Failed to initialize wallet provider";
console.error(msg, error);
throw error;
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@djed-sdk/src/web3.js` around lines 12 - 14, The catch block currently logs a
hardcoded "User denied account access" for all errors; update the catch to
inspect the error (e.g., check error.code === 4001) and only log the
user-rejection message when that code is present, otherwise log a generic or the
actual error (include error.message or error) to avoid misleading output; locate
the catch around the window.ethereum.request (or provider request) call and
replace the unconditional console.error("User denied account access", error)
with a conditional log based on error.code.

}
});
}

// Fallback to RPC
return new Web3(new Web3.providers.HttpProvider(URI));
Comment on lines +3 to +19
Copy link

@coderabbitai coderabbitai bot Feb 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# 1. Check if djed-sdk/dist files are tracked by git
echo "=== Checking if djed-sdk/dist files are tracked by git ==="
git -C djed-sdk ls-files dist/ 2>/dev/null | head -20

# 2. Confirm what entrypoints package.json exposes
echo ""
echo "=== Checking djed-sdk/package.json entrypoints ==="
fd "package.json" djed-sdk --max-depth 2 --exec cat {}

# 3. Show the stale provider logic still in dist
echo ""
echo "=== Searching for BLOCKCHAIN_URI or old Web3 logic in dist ==="
rg -n "BLOCKCHAIN_URI\|new Web3\(BLOCKCHAIN_URI" djed-sdk/dist/ 2>/dev/null || echo "No matches found"

Repository: DjedAlliance/StablePay

Length of output: 836

🏁 Script executed:

#!/bin/bash
# Check the actual content of dist files to see if they're truly stale
echo "=== Content of dist/esm/index.js ==="
cat djed-sdk/dist/esm/index.js

echo ""
echo "=== Content of dist/umd/index.js ==="
cat djed-sdk/dist/umd/index.js

# Also check git history to see when dist was last updated
echo ""
echo "=== Recent git commits touching dist files ==="
git log --oneline -n 10 -- djed-sdk/dist/

Repository: DjedAlliance/StablePay

Length of output: 50378

Dist bundles in djed-sdk/dist/ are stale and ship the old broken implementation.

The dist files (djed-sdk/dist/esm/index.js and djed-sdk/dist/umd/index.js) still contain the original broken getWeb3 implementation that directly passes BLOCKCHAIN_URI to Web3(BLOCKCHAIN_URI), whereas the fixed source code properly requests account access and uses window.ethereum. Since package.json points to these dist files as the main entrypoints ("main": "dist/umd/index.js", "module": "dist/esm/index.js"), consumers will receive the broken code from the published package regardless of this source fix.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@djed-sdk/src/web3.js` around lines 3 - 19, The published bundle still
contains the old getWeb3 implementation, so rebuild and overwrite the dist
artifacts with the fixed source: run the project build step (so
dist/esm/index.js and dist/umd/index.js are regenerated) ensuring the exported
getWeb3 function in the dist matches the source that uses window.ethereum and
eth_requestAccounts; verify package.json's "main" and "module" still point to
dist/umd/index.js and dist/esm/index.js and then commit the regenerated files
(or update the build/publish pipeline to run the build before publishing) so
consumers receive the corrected implementation.

Copy link

@coderabbitai coderabbitai bot Feb 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

URI is not validated before being passed to HttpProvider.

If a caller invokes getWeb3() without a URI argument and window.ethereum is absent, new Web3.providers.HttpProvider(undefined) is constructed silently. All subsequent RPC calls will fail with opaque provider-level errors rather than a clear early-rejection.

🛡️ Suggested guard 
+  if (!URI) {
+    throw new Error("No injected provider found and no fallback URI supplied.");
+  }
   // Fallback to RPC
   return new Web3(new Web3.providers.HttpProvider(URI));
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
return new Web3(new Web3.providers.HttpProvider(URI));
if (!URI) {
throw new Error("No injected provider found and no fallback URI supplied.");
}
// Fallback to RPC
return new Web3(new Web3.providers.HttpProvider(URI));
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@djed-sdk/src/web3.js` at line 19, The getWeb3 function currently constructs
new Web3.providers.HttpProvider(URI) without validating URI, which can pass
undefined and produce opaque provider errors; update getWeb3 to validate the URI
parameter (ensure it's a non-empty string and a valid URL scheme like
http/https) before creating a new HttpProvider, and if invalid or missing (and
window.ethereum is absent) throw or return a clear error (e.g., throw new
Error('Missing or invalid RPC URI')) so callers get an immediate, descriptive
failure instead of opaque provider-level errors; locate the check around
getWeb3, the URI variable, and the Web3.providers.HttpProvider instantiation to
implement this guard.

};
1 change: 1 addition & 0 deletions stablepay-sdk/.gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,3 +4,4 @@
# macOS specific files
.DS_Store

dist/
1 change: 0 additions & 1 deletion stablepay-sdk/dist/umd/index.js.map
View file
Open in desktop

This file was deleted.

28 changes: 28 additions & 0 deletions stablepay-sdk/dist/umd/test.html
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
<!DOCTYPE html>
<html>
<head>
<title>StablePay Test</title>
<script src="./index.js"></script>
</head>
<body>
<h2>Test Web3 Init</h2>
<button onclick="testWeb3()">Connect Wallet</button>

<script>
async function testWeb3() {
if (typeof window.ethereum === "undefined") {
alert("MetaMask not installed");
return;
}

try {
const web3 = await StablePay.getWeb3("https://mainnet.infura.io/v3/YOUR_KEY");
console.log("Web3 instance:", web3);
alert("Connected! Check console.");
} catch (err) {
console.error(err);
}
}
</script>
</body>
</html>
4 changes: 2 additions & 2 deletions stablepay-sdk/package-lock.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.