Author: Darren, Everest Ventures Group
What are MetaMask Snaps?
MetaMask Snaps is a new feature (plugin) of the MetaMask wallet that aims to create an unlicensed ecosystem where developers can extend MetaMask in any way they want. It is an open-source wallet extension development and a good way for end-users with different needs to get diverse and personalized solutions. According to public information, MetaMask is the only wallet provider that supports custom plugins so far.
User Process:
1. First, download the MetaMask Flask on this website;
- Interpreting Fetch.AI: An Intelligent Open Infrastructure Based on Cosmos
- Deep dive into Sui Lutris to uncover the secrets behind the high-performance of Sui Network.
- It was Coinbase who first took action in the regulatory struggle with the SEC.
Note: Currently, the project is still in the developer testing phase, and there will be a risk prompt when downloading Flask:
2. After downloading Flask, you can start downloading the Snaps you want to use. Here, we will take AA Snap as an example (because the project is still in the developer testing phase, this article will use the developer’s video screenshots):
1) Connect the MetaMask wallet to the AA Snap official website, and then a window requesting connection will pop up in MetaMask. Click Connect;
2) Approve & Install;
3) Then connect your contact wallet here;
4) Then you can see your EOA wallet and account abstract wallet. The account abstract wallet is a contract wallet, so its address is determined and generated automatically after connecting to MetaMask;
5) Next, we can try to send 0.1$MATIC to the contract wallet: Copy the contract wallet address and send it directly like sending tokens to other EOA wallet addresses as usual;
Wait for a while and you can see the $MATIC sent to the contract wallet arrive;
6) Then we try to send 0.05$MATIC from the contract wallet to the EOA wallet;
Then confirm the transaction “sign”, and after a while you can see that the token has been sent successfully;
7) Finally, you can go to polygonscan to check whether the contract account has been deployed successfully (you can see that it has been deployed successfully);
Above is a simple user tutorial. Through this tutorial, we can also understand that we still need to learn how to use MetaMask before using MetaMask Snaps. Therefore, the appearance of MetaMask Snaps actually does not reduce the user’s usage threshold, but provides better experience and more functions for the current stock of users.
Progress and Projects of MetaMask Snaps
Currently, MetaMask Snaps is still in a relatively early stage of development. Existing Snaps are being continuously developed and tested, and the MetaMask team is also encouraging more developers to build Snaps on MetaMask in multiple ways. Currently, the following two methods are mainly used:
1. MetaMask Grants DAO: This is an experimental employee-led program sponsored by ConsenSys, aimed at providing grants to external developers worldwide to build influential experiences in the MetaMask ecosystem. In Grants DAO, the community can initiate proposals and decide whether to grant a Snap project if the proposal receives a certain percentage of support votes.
2. Hosting sponsored hackathon events: In addition, MetaMask has also sponsored multiple hackathon events to attract more developers to develop Snaps.
So far, many developers have shown keen interest in the development of Snaps and have actively participated in it. At the same time, there are already a large number of Snaps projects under development and testing. This article will analyze several Snaps projects that have won in hackathon events or have received high levels of support in Grants DAO.
- MPC Snap: Integrating multi-factor authentication into MetaMask
MPC Snap integrates MPC technology into Metamask, allowing users to use MPC technology for private key management. When using MPC Snap, users can set up two-factor authentication (2FA) to access the MetaMask wallet. Subsequently, whenever the user is ready to sign a transaction, the MPC SDK of MPC Snap will perform threshold ECDSA signature. This is done by splitting the private key into two parts: one part is shared in a local snapshot, and the other part is shared on the signing server. After several rounds of communication, the signing server and Snap can jointly sign Ethereum transactions and obtain confirmation on the Goerli network.
In addition, unlike the mnemonic, this setting does not cause irreversible key loss due to a single point of failure. If the user’s laptop is hacked or the signing server is invaded, the user will not lose their private key.
- CoinChoice Snap: Recharge Gas with any currency
In some users who plan to perform wallet operations, it is likely that there is not enough Ethereum in the wallet to pay for gas, especially when it comes to claiming airdrop tokens or selling tokens. In the past, solving this problem required withdrawal from a centralized exchange or fund extraction from another wallet. However, both of these methods can cause a lot of trouble when multiple wallets need to be operated and the blockchain network is congested.
CoinChoice Snap aims to solve this problem. It is a tool that exists in the user’s MetaMask extension browser and provides the ability to manage gas according to user needs for each transaction. If the user prefers to hold USDC instead of ETH, they can use USDC to pay for gas. This way, users can choose to use the currency they want to pay for the gas required for the transaction.
Invisible Keys Snap: Multi-cloud private key storage
Invisible Keys Snap, similar to MPC Snap, aims to improve the way users manage their private keys. The multi-cloud wallet of Invisible Keys stores the user’s private keys in two or more cloud storage services (such as Google Drive, Dropbox, etc.), and even if one of them is leaked, the private key will never be exposed.
- Smart Account Session Snap: Automatic Game Dapp Approval
In Web3, user experience in financialized games (GameFi) is a fairly common issue. When experiencing GameFi, users often need to sign multiple times to continue playing. The goal of Smart Account Session Snap is to create a seamless user experience for game dapps and provide them with a secure way to auto-approve.
Here is the user’s usage process:
1. Connect your EOA and install the Smart account session snap.
2. Enable smart accounts above the MetaMask address. The MetaMask EOA will become the controller of the smart account.
3. Enable the session module on your smart account. The module enables additional access control logic for your Smart Safe account. Essentially, each smart account is controlled in two ways. Optional modules with their own custom access logic and signed by the MetaMask account owner using their signing key.
4. Create a session.
5. This will create a temporary session key on your smart account, which is authorized to transact on your wallet through the module. Sessions can have parameters such as start time, end time, and permissions for custom actions on Dapp contracts.
6. Use the above session key to send auto-approved transactions, without the need for MetaMask pop-ups to get gas or signatures.
- Blackbelt Snap: Real-time Self-defense against Scams
In web3, security has always been a very common but serious issue. Attackers can take advantage of front-end vulnerabilities to inject malicious contracts into the user interface without the user’s knowledge, causing the user to interact with the contract and lose funds involved in the protocol interaction. The goal of Blackbelt Snap is to address this issue. Users can view real-time security assessments of data through Blackbelt Snap. If a user finds a protocol with a low security score while using it, they can report it to Blackbelt Snap. Afterwards, other users will be able to see the number of times the protocol has been reported before interacting with it.
Through Blackbelt Snap, users can better understand the security of the protocol and collectively participate in protecting the community from malicious activity. This reporting mechanism can increase user awareness and reduce the risk exposure to unsafe protocols.
- UniBlockingss Smart Contract Wallet MetaMask Snap: Social recovery feature with email-based functionality
The goal of this Snap is to introduce the smart contract wallet functionality with account abstraction built by UniBlockings into MetaMask. The project will first add the social recovery feature to eliminate the need for seed phrase management by users. Seed phrase management has been one of the main issues and security risks when using external account wallets such as MetaMask. Subsequently, the project will gradually add other features such as gas extraction and batch transaction payment using ERC-20 tokens, greatly reducing the difficulty of operations and improving the user experience.
The potential of social recovery systems is well-known, however, as of now, social recovery functionality has not been implemented within MetaMask internally, while some other wallets in the market such as Argent have already offered similar functionality for quite some time. UniBlockings is able to realize this vision well because they have already launched seedless and gasless wallets widely used for gaming dapps in the market. In addition to utilizing the functionality of smart contract wallets through account abstraction and multi-party computation (MPC), UniBlockings also utilizes DKIM email protocol to securely authenticate and authorize guardians for transactions through domain key-generated signatures. This is a significant improvement over existing solutions such as Argent, which requires guardians to hold their own encrypted wallets, making any trusted party with a wallet able to act as a user’s guardian.
- Forta Snap: Decentralized camera and alarm system for Web3
Forta was launched in October 2021, and some well-known DeFi projects such as Lido, Compound, Aave, MakerDAO, Balancer, dYdX, and UMA are using it to monitor critical aspects of their protocols. Forta is incubated by OpenZeppelin and supported by a16z, Blockchain Capital, Coinbase Ventures, and other companies. It is a real-time detection network for security and operational monitoring of blockchain activities. Forta real-time detects threats and anomalies on DeFi, NFT, governance, cross-chain bridges, and other Web3 systems. With timely and relevant alerts, protocols and investors can react quickly to eliminate threats and prevent or minimize fund losses.
It is well known that Web3 is rife with cases of users being phished and scammed. In the first half of 2022, scammers and hackers stole over $2 billion through phishing and other vulnerabilities. However, Web3 security is still in its infancy, and so far, most of the focus has been on protecting DeFi protocols through audits, formal verification, and bug bounties. However, security stacks like Forta have not been widely adopted by most users, but many common attacks such as phishing and unrestricted token approvals and scams are primarily aimed at unprotected everyday users. Therefore, the goal of the Forta Snap is to build end-user protection security features within MetaMask, utilizing the detection functionality of Forta’s bots to help more users prevent scams and phishing attacks. Once the project is successful, MetaMask users will have enhanced chain-based fraud and phishing prevention in their wallet experience, enhancing existing URL-based protection mechanisms.
- Safeheron Multi Blockingrty Compute (MPC) key sharding Snap: Account and Key Management
Safeheron is an open-source, transparent digital asset self-custody service platform, founded in 2019 and based in Singapore. Based on secure multi-party computation (MPC) and trusted execution environment (TEE) technology, Safeheron provides institutional clients with a one-stop, comprehensive digital asset self-custody solution, enabling customers to fully control private keys and asset control, and enhancing asset security and management efficiency. This Snap, developed by Safeheron in collaboration with MetaMask, focuses on improving MetaMask’s key management experience, particularly helping users manage their secret recovery phrases (SRP) to reduce phishing attacks and reduce the risk of key loss.
Due to the underlying multi-party computation (MPC) algorithm, private keys are never fully stored on a single device, meaning that the likelihood of attackers obtaining these private keys and stealing user funds is greatly reduced. In addition, if a user loses one of their three devices, they can use the remaining two devices to issue new key fragments to a new device to maintain their security. If this project is successful, the MetaMask team will be able to verify the MetaMask snap as an innovative accelerator for the new key management experience, greatly reducing the risk of single-point failures related to user key loss, hacker attacks, and phishing.
- StarkNet Snap: Integrating StarkWare into the pioneering ZK-Rollup Snap
To date, StarkNet has not been directly compatible with MetaMask due to its use of addresses and account formats that differ from Ethereum, in other words, it is not EVM-compatible. The StarkNet Snap allows users to create a StarkNet account based on their original MetaMask secret recovery phrase (SRP) to manage assets on StarkNet. The StarkNet snap also allows developers to deploy StarkNet accounts, transact on StarkNet, and interact with StarkNet smart contracts. It can connect to any dapp to access StarkNet, and developers can try integrating their dapps with this snap.
In addition, if StarkNet Snap is accidentally deleted, users do not need to worry, as deleting the snap does not delete users’ StarkNet accounts or transaction histories. And the StarkNet Snap recovery uses MetaMask’s secret recovery phrase directly, so users’ existing accounts will be automatically recovered when they restore their MetaMask account and install the StarkNet snap.
- Snap Directory: A web directory for adding, searching, discovering, and installing Snaps.
In the future, it is anticipated that there will be a large number of Snaps available for MetaMask users to choose from, each with different functions, permissions, and security information. Users would have to spend a lot of time searching for this information, which would severely impact user experience and hinder the fast development of MetaMask Snaps to some extent.
The goal of Snap Directory is to create a website where users can quickly find Snaps and verify their information and security risks. All data on the website will be transparent and can be externally audited by the community. Developers can also be verified and add their snapshots to the Snap directory.
Main Impact
From the above reading, we can see that the impact of MetaMask Snaps is significant. It is anticipated that if the development of MetaMask Snaps goes well, the following impacts may occur:
- MetaMask Snaps will further consolidate MetaMask’s leading position in the wallet track. MetaMask Snaps will be very helpful for existing MetaMask users, providing them with a better web3 experience.
- MetaMask Snaps can be seen as a breakthrough in the web3 ecosystem. It turns a simple Ethereum wallet into a complete web3 management tool, enabling us to customize and enhance users’ web3 experience, which other wallet projects have not achieved.
- MetaMask Snaps may attract more web2 developers into the web3 field. It makes complex Web3 technology easier for developers to understand and apply, and will significantly promote the integration of traditional Web2 applications with Web3.
Possible Issues and Risks
1. Security:
As observed from the above reading, MetaMask Snaps is similar to Google Chrome extensions. In terms of security, Google Chrome scans every extension submitted to the Google Web Store, but this step is not rigorous enough, and there are inevitably some loopholes. As a result, there have been many incidents of information leakage for Google Chrome extensions over the years.
In MetaMask Snaps, the Snap Directory project mentioned above can help users evaluate the security of Snaps to some extent. However, this is still not enough. Unlike Google Chrome, wallets store a large amount of user funds, so higher security standards are required. It is conceivable that security is a key point that must be ensured for MetaMask Snaps. This may be a potential risk in the development of MetaMask Snaps. Therefore, more improvements and security measures are needed in the development of MetaMask Snaps to ensure that users can use them with confidence.
2. Threshold:
Before learning how to use MetaMask Snaps, users must first learn how to use the MetaMask wallet, which is an EOA wallet that requires knowledge of how to use private keys, mnemonic phrases, etc. This is not user-friendly for those who have never encountered web3. The appearance of MetaMask Snaps has not lowered the threshold for use, but rather provides services and assistance to existing users who are familiar with using MetaMask.
However, we can speculate that a new round of bull market will require a large influx of fresh blood into the web3 field. Currently, the threshold for entering web3 is still relatively high, so reducing the threshold is very important. Similarly, web3 wallets with lower thresholds may be more attractive to new users. We know that many low-threshold web3 wallets have already appeared, some of which can be directly bound and logged in to the wallet with one click on Twitter, some can be logged in with email or mobile phone, and even some only require face recognition to log in to the wallet. MetaMask Snaps does not provide an advantage for MetaMask in this regard, so perhaps MetaMask needs to work harder to lower the threshold if it wants to maintain its leading position in the new round of bull market.
Like what you're reading? Subscribe to our top stories.
We will continue to update Gambling Chain; if you have any questions or suggestions, please contact us!
