[Feature Request] UI and cross-chain tooling to revoke compromised passkey owners and backup singers SPs #162
Description
Description
Currently, when recovering a Coinbase Smart Wallet and generating a new passkey, the old passkey remains an active owner on the contract. There is no user-facing interface to revoke compromised or obsolete owners.
The Problem
If a passkey was generated in a password manager that later becomes compromised, the user's funds are at immediate risk. Revoking the compromised key on-chain is currently a significant UX hurdle:
- There is no UI to call
removeOwnerAtIndex. - Attempting this manually via a block explorer (e.g., BaseScan) yields the error:
"Self calls are not allowed by the base app signing dialog."
- The workaround requires exporting the underlying signer to a standard EOA wallet to interact with the block explorer.
- Because the wallet is multi-chain, the user must manually replay the removal transaction across every supported network (Base, Optimism, Arbitrum, etc.) to fully secure their assets.
Proposed Solution
Short-term
Provide an official open-source script or developer guide to securely execute and broadcast removeOwnerAtIndex across all networks simultaneously.
Long-term
Implement a "Manage Devices / Keys" dashboard within the Smart Wallet UI that allows users to seamlessly revoke old owners and automatically handles cross-chain signature replay.