Conversation
…ularity and integration
![aikido-pr-checks[bot]](https://avatars.githubusercontent.com/in/898896?s=60&v=4){kind=small}
| @@ -0,0 +1,3 @@ | |||
| VITE_OPENSEA_API_KEY=ee7460014fda4f58804f25c29a27df35 | |||
There was a problem hiding this comment.
Exposed secret in examples/nft-checkout/.env - high severity
Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
Reply @AikidoSec ignore: [REASON] to ignore this issue.
More Info
|
|
||
| export const App = () => { | ||
| const pathnameParams = window.location.pathname.substring(1).split('/') | ||
| const IFRAME_PROVIDERS = [ |
There was a problem hiding this comment.
IFRAME_PROVIDERS is a module-level array created at import time (calls EthereumProvider()). Avoid instantiating providers at module scope because instances may cache connection/request-specific state across usages; construct them inside the component or a factory instead.
Details
✨ AI Reasoning
A new top-level array named IFRAME_PROVIDERS is created at module load time and populated by calling EthereumProvider(). Module-level variables persist for the lifetime of the imported module. If provider instances carry connection- or request-specific state, creating them at import-time causes that state to be shared across different consumers or requests. This can lead to stale or cross-user state leaking between usages in environments where the module is reused (SSR, server-side rendering, long-running processes). The change introduced this global by moving provider instantiation out of a component or factory and into module scope, increasing risk of unintended shared state.
🔧 How do I fix it?
Avoid storing request-specific data in module-level variables. Use request-scoped variables or explicitly mark shared caches as intentional.
Reply @AikidoSec feedback: [FEEDBACK] to get better review comments in the future.
Reply @AikidoSec ignore: [REASON] to ignore this issue.
More info
1 participant
Which Jira task is linked to this PR?
Why was it implemented this way?
Explain the reasoning behind the implementation. Were there alternative approaches? Why was this solution chosen?
Visual showcase (Screenshots or Videos)
If applicable, attach screenshots, GIFs, or videos to showcase the functionality, UI changes, or bug fixes.
Checklist before requesting a review