MetaMask Snap Technology Interpretation Development Experience, Capability Limitations, Security, and Business Potential Analysis

Author: LXDAO Expert: Li Damao, Bruce Co-author

This article will explore the technical aspects of MetaMask Snap. What is MetaMask Snap? What technical capabilities does it have? How is security ensured? What is the development experience like? These questions may determine the future potential of MetaMask Snap.

What is MetaMask Snap?

A few days ago, ConsenSys announced the public launch of MetaMask Snaps Open Beta. MetaMask Snaps can expand the capabilities of the wallet by installing apps (Snaps) created by third-party developers to obtain new features.

If ConsenSys has turned MetaMask into WeChat, then Snaps are like WeChat Mini Programs. Therefore, you can see MetaMask’s ambition. With the combination of ConsenSys’ scale and MetaMask’s user base, the landscape of the wallet field will change.

• Zero-knowledge proofs from the perspective of non-technical personnel how did it become the third largest technological innovation in the history of blockchain development?
• Professor Zhenzhong Lan of Westlake University Several Understandings about Large Models
• Reduce loss restrictions in order to have more time to deal with the economic and technical consequences of liquidity collateral.

Currently, 35 available Snaps have been officially announced, and the Snap app store has been launched at https://snaps.metamask.io/.

Partial list of Snaps

So what exactly is MetaMask Snap from a technical perspective? What are their capabilities and limitations? Are they secure? What is the development experience like? These factors may determine the future potential of MetaMask Snap.

Since last year, LXDAO has been conducting in-depth research on the implementation of Snaps. Currently, several members have participated in Snap development and actively participated in related hackathons. Today, we will explore the above questions from a technical perspective and actually develop a Snap to let you experience the developer experience of Snap.

First Experience with MetaMask Snap

Installing MetaMask Snap

Usually, you can install it through the official MetaMask Snap marketplace, or you can install it directly on the project’s official website. Taking UniLianGuaiss as an example, when you visit the application page, a button will be provided for you to connect with MetaMask.

After clicking, the Snap will be installed:

Using MetaMask Snap

After the installation is complete, you can start using the corresponding product and features. In this application, UniLianGuaiss will create a smart contract account for you, making it easy for you to manipulate it through MetaMask’s EOA account.

When you perform a transfer, UniLianGuaiss will pop up a Snap to confirm whether you want to perform the operation on the UniLianGuaiss AA wallet.

After confirming through MetaMask, you can perform the related operation. In this scenario, MetaMask, through Snap, has the ability to control the UniLianGuaiss AA wallet. UniLianGuaiss can enable users to operate the wallet without developing a wallet plugin themselves, and can also introduce users at a very low cost with the help of MetaMask!

What information can we gather from this installation and usage process?

1. Snap has a fine-grained permission control, including the permission to link wallets and network requests. It is designed with the principle of least privilege in mind, prioritizing security.

2. From npm:@uniLianGuaisswallet/uniLianGuaiss-snap, we can see that Snap is based on NPM for package and version management. We will discuss its security in detail later.

3. Snap is highly flexible and can be developed and customized according to project needs. However, the UI is relatively simple and has room for optimization.

4. The user experience of Snap is simple and reliable, reaching the level of beta version and production environment.

For a wallet product, security is always the top priority. Next, let’s analyze the security design of Snap.

Is Snap secure?

Runtime Analysis of Snap Code

As mentioned earlier, Snap is based on NPM for package and version management, indicating that Snap is actually a web and JavaScript application. It is well-known that JavaScript syntax is flexible and free, making it prone to XSS and phishing attacks. How does MetaMask Snap address this challenge?

After some research, it is not difficult to find that MetaMask sponsors Agoric and deeply integrates Agoric’s Hardened JavaScript (also known as Secure EcmaScript) as its “fully virtualized” sandbox solution. Agoric has designed a JavaScript constraint API and submitted a draft proposal to TC-39 (the JavaScript standardization association), which can be found at: https://github.com/tc39/proposal-ses.

In simple terms, Hardened JavaScript is a more secure subset of standard JavaScript. By leveraging certain capabilities and mechanisms of JavaScript, it reduces the calling permissions and methods of some JS APIs, thereby reducing certain risks. It creates a secure sandbox for the corresponding code to execute, while following the principle of least privilege to plan the code’s permission control.

Agoric collaborated with MetaMask to develop the LavoMoat (https://github.com/LavaMoat/lavamoat) project to enhance the security of Snap. LavaMoat is a set of tools that focus on addressing security risks related to external dependencies in JS projects, adding restrictions on certain APIs and logic.

Agoric and MetaMask have jointly conducted black-box and white-box security attack and defense tests, and have produced detailed security reports. Therefore, at the runtime level, we have sufficient reason to believe that Snap is secure.

Snap code must be open source and undergo auditing

In addition to having a clear user authorization process and a design that follows the principle of least privilege, a Snap must be open source and go through code auditing by a third-party security company before it can be released. This greatly reduces the possibility of Snap containing malicious code.

Furthermore, we have also discovered that all Snap releases on the official website have undergone code auditing by a third-party security company. This significantly increases the security and trustworthiness of Snap, with security audits being conducted by well-known companies such as SlowMist.

Security Risks Currently Found in Snap

Due to the fact that Snap is currently based on NPM packages and version management, there is a possibility of changes at the code level, and the audit is not mandatory, which may result in certain security risks.

Because MetaMask cannot control the version releases on the NPM platform, project teams can release new versions at any time for users to install. However, due to the cost of audits, auditing companies will not audit every version, so there may be a situation where the latest version has not been open sourced or audited.

However, since the execution environment is a sandbox environment and it is designed with minimal permissions, unless users manually confirm new permission changes, the new version of Snap will only have the permissions of the previous version to perform operations. But if the permissions requested by a certain Snap are too large, it will still pose risks, so caution is still needed when installing and using Snap.

Technical Capabilities and Limitations of MetaMask Snap

Although MetaMask Snap was officially announced recently, Snap has actually been developed for 4 years! The initial idea of MetaMask Snap was published on Medium by Dan Finlay on October 10, 2019: https://medium.com/metamask/introducing-the-next-evolution-of-the-web3-wallet-4abdf801a4ee.

Balancing security, flexibility, and efficiency is a very big challenge, and it can also be seen that MetaMask has put in a lot of effort and preparation for this day.

Currently, three main APIs have been opened:

1. Interoperability, which allows developers to develop other chain wallets based on MetaMask

2. Transaction Insights, which allows developers to obtain transaction data before users initiate transactions in order to analyze the risks of the transactions

3. Notifications, which allows Snap to directly push messages to users (however, it seems that website support is required, which is somewhat limited)

Below is a brief introduction to the specific capabilities and effects of MetaMask Snap, so that you can have a more visual perception.

Notification Capability

The Snap_notify interface can display notifications in MetaMask or browsers. Snap can send messages directly to users through this interface, as shown in the following image:

Transaction Insights Capability

When users interact with smart contracts, MetaMask triggers the onTransaction event of Snap, and MetaMask passes the unsigned raw transaction to the onTransaction handler method of Snap. Snap can return a page on the transaction confirmation page and customize the displayed content.

Through this capability, secure auditing of transaction information and display of extended information can be achieved.

Dialog Interface and Custom Interface Capability

The Dialog capability will allow Snap to directly pop up an independent window, achieving similar functionality to traditional Alert/Confirm/Prompt pop-ups (as shown below), which are used for reminders, confirmations, and information submissions, respectively.

With Dialog, you will be able to customize simple interactive interfaces and operations to connect to your DApp.

What functionalities can’t MetaMask Snap currently achieve?

Due to security restrictions, Snap currently does not support third-party frontend frameworks and only provides a limited number of UI kits. The example still uses insight to demonstrate the UI component library that developers can use.

As shown in the image, the only components currently available are Heading (for large text), Text (for small text), LianGuainel (a card that can only be used once), Divider (a separator), Copyable (for click-to-copy functionality), and a small subset of Markdown (bold and italic). Therefore, it seems that building interactivity is temporarily not possible, and it is also not possible to use embedded HTML for interactive operations. However, after querying on the official Discord, the official team claimed that these limitations are for security reasons and will be lifted in future versions.

Furthermore, for security reasons, only Fetch methods are supported for external requests, and other protocols such as WebSocket are not supported. Due to security, capability, and privacy limitations, it is also not possible to obtain client information, such as the URL that triggered Snap, thus restricting the ability to implement more diverse functionalities.

Most of these issues and restrictions are due to security considerations. It is believed that after security has been verified, more permissions will be considered for opening up.

MetaMask, which provides these APIs, has actually become a product similar to an open platform. This feeling is similar to when WeChat launched public accounts and mini-programs, instantly making it more than just a simple messaging tool.

In 2019, MetaMask anticipated the current market landscape with a large number of public chains, projects, and various customized wallet requirements. Rather than each project developing its own plugins and users having to install multiple plugins, it is more practical to develop based on MetaMask Snap. In the first batch of released Snaps, we also discovered non-EVM ecosystem wallets such as Sui Wallet, Solana Wallet, Arweave Wallet, and others. With its existing user base, MetaMask Snap will undoubtedly have a significant impact on the wallet landscape.

In fact, the potential of MetaMask Snap may be even greater than we expected, and it may even go beyond the scope of wallets. We can also see the work of the EthSign team, who developed a universal password manager called KeyChain based on MetaMask Snaps, which encrypts and stores passwords from all browsers using wallet keys. This way, managing the wallet also includes managing all passwords.

Snap is very relevant to developers. With the open API, what is the developer experience like? Let’s develop a Snap ourselves to experience it.

Developing a Snap for Testing

Organizing the thoughts

As we all know, in most cases, users don’t actually know what smart contract they are interacting with, and this mainly includes the following questions:

1. Whether the contract of the transaction is a contract replaced by a phishing website

2. Whether the contract of the transaction is an upgradable contract

3. Whether the smart contract is a contract that has just been deployed and has not been verified by many people

4. Whether the contract of the transaction is open source

For ordinary users, it is unrealistic to ask them to read the solidity code of the contract before operation. At this time, it is actually very suitable to use the Transaction Insight function to perform some smart contract analysis, such as using AI to perform a relatively simplesecurity audit on smart contracts, which may filter out 80% of low-level phishing attacks.

Preparing the development environment

Download the wallet

First, you need to install MetaMask Flask

MetaMask Flask is a developer-centered distribution of MetaMask extensions, mainly used for new feature previews and experimental feature development. Note that this is a developer version of MetaMask, please do not use it for daily use, and do not import your daily use private keys. Here we use Flask mainly to facilitate the local instant preview of the Snap we are developing.

It is recommended to temporarily turn off the Firefox wallet and other browser wallets after installation, or create a new Chrome Profile to use, otherwise conflicts may occur.

Create an account

After installing the wallet, create a new wallet just like creating a MetaMask wallet normally. Please note that this is a wallet specifically for testing, please do not import your daily wallet.

Next, we need to deposit some test coins into the newly created wallet. Test coins can be obtained through faucets. The Snap mentioned in this article uses Goerli, so Goerli will be the main focus in the following text.

Initialize Snap based on the template

According to the official documentation, first use the @metamask/create-snap CLI to create a new Snap project, and at the same time, initialize it using the official template:

yarn create @metamask/snap transaction-insights-snap && cd transaction-insights-snap

Snap file structure

The main files of Snap are in ./packages/snap, and the file directory structure is as follows

The configuration file of Snap is placed in snap.manifest.json, and the main file of Snap is ./src/index.ts, which can be seen as very concise.

Enable permissions

First, we need to enable permissions. First, add the following three lines to snap.manifest.json:

"initialPermissions": {    "endowment:transaction-insight": {}, // transaction insight    "endowment:ethereum-provider": {}, // get rpc    "endowment:network-access": {} // request network  }

In the manifest file, you can also modify the description and proposedName to modify the description and name of the project.

Get the transaction

In this case, you only need to modify the index.ts file to complete all the functions. The code example is as follows. For the complete running code, please refer to: https://github.com/LidamaoHub/insights.

import { OnTransactionHandler, OnRpcRequestHandler } from '@metamask/snaps-types';
import { heading, LianGuainel, text, copyable, divider } from '@metamask/snaps-ui';

export const onTransaction: OnTransactionHandler = async ({ transaction }) => {
  // The transaction object includes the 'to' (contract address) and 'data' (interaction data) values
  // The following is an example code to fetch contract audit data
  const info = fetch(`http://contract-info.audit.dev/?address=${transaction.address}`);

  // The following is an example of UI code
  return {
    content: [
      text(
        `${info.riskList.length} risk item`,
      ),
      heading(`${info.riskList.length ? 'Risk List' : ''}`),
      ...info.riskList.map((item, i) => text(`${i + 1} ${item.text}`)),
      divider(),
      text(
        `More audit info from the following url`,
      ),
      copyable(
        `https://contract-info.audit.dev/mm${info.token}`,
      )
    ]
  };
};

For more information, please refer to the MetaMask Snap developer documentation to complete more complex Snap products.

After installation, you will be able to see similar risk warning information for each of your transactions:

Currently, the development experience with Snaps is very smooth, with almost no issues encountered. The official templates are also very rich and diverse. Developers with rich experience can usually get started and develop their own required Snaps within a few hours. However, to formally release and make it accessible to mainstream users, the biggest hurdle will be security audits. Not all independent developers and small teams have resources to conduct audits for their Snaps. Therefore, it can be expected that the number and richness of Snaps will not experience a significant explosive growth in the foreseeable future.

Developer Support

If you are able to run the above example, congratulations, you have become a qualified entry-level Snap developer!

Last year, MetaMask also established a MetaMask Grants DAO, which funds high-value projects in the MetaMask ecosystem through a grant program. MetaMask Grants DAO is an employee-led experimental program that grants funds to external developers worldwide to build influential experiences in the MetaMask ecosystem. MetaMask allocates a portion of its quarterly profits to this DAO, and the current annual budget for MetaMask Grants DAO is 2.4 million US dollars.

Currently, any project that can enrich the MetaMask ecosystem can apply for official MetaMask Grants DAO (MetaMask Grant). For more information, please visit https://metamaskgrants.org/.

It is worth mentioning that LXDAO is honored to have applied for and participated in MetaMask Grants this year, and has established a contact channel. If you are a member of LXDAO and have relevant ideas, you can contact them more efficiently to submit an application.

Conclusion

In the above, we have analyzed Snap from a technical perspective, including what it is, its security, capability limitations, and developer experience. Here is a brief summary:

• Snap is similar to WeChat Mini Programs, opening up greater possibilities for MetaMask.
• The overall security is good, but there are still certain risks, so it is important to remain cautious about high-risk permissions.
• Due to security considerations, there are currently limited capabilities available, but Snaps still have enough room for imagination.
• After four years of refinement and testing, the developer experience is excellent. However, due to security considerations, a whitelist mechanism and audit requirements have been designed. It can be expected that there will not be a large number of Snaps emerging in the near future.

Currently, MetaMask Snap is still undergoing rapid iteration, and it is believed that more permissions and capabilities will be opened up in the future. It is hoped that a more open and secure mechanism can be launched, such as Apple’s official Audit review mechanism and official code repository version control, in order to allow more developers to participate at a low cost. If this issue is improved, it can be expected to generate a large amount of demand in the future. There may even be dedicated Snap developer positions.

With the help of a massive number of MetaMask users, independent developers may also have certain opportunities. Let us look forward to the next breakthrough innovation brought by Snap.

Finally, thank you for your article, and I believe it will help more people understand the current development of MetaMask Snap.

We will continue to update Gambling Chain; if you have any questions or suggestions, please contact us!

Follow us on Twitter, Facebook, YouTube, and TikTok.