OPRR Flash Depth Activities

Search Extension

MetaMask Snaps: Pioneering a decentralized new ecosystem and consolidating its position as a leading wallet.

2023-06-09 14:30

Read this article in 27 Minutes

AI summary

View the summary

Original author: Darren, Everest Ventures Group

This article is for communication and learning purposes only and does not constitute any investment advice.

One, what is MetaMask Snaps?

MetaMask Snaps is a new feature (plugin) of the MetaMask wallet, aimed at creating a permissionless ecosystem where developers can extend MetaMask in any way they want. MetaMask Snaps is an open-source wallet extension development and a great way to provide diverse and personalized solutions for end-users with different needs. According to public information, MetaMask is the only wallet provider that supports custom plugins so far.

User usage process:

1. First, download MetaMask Flask from this website.

Note: The project is currently in the developer testing phase. There may be a risk warning when downloading Flask.

2. After downloading Flask, you can start downloading the Snaps you want to use. Here, we take AA Snap as an example (due to the current developer testing phase, this article will use developer video screenshots):

1) Connect your MetaMask wallet on the AA Snap official website. A window requesting connection will pop up in MetaMask. Click "Connect".

2）Approve & Install

Then connect your contact wallet here.

4) Then you can see your EOA wallet and account abstract wallet. The account abstract wallet is a contract wallet, so its address is fixed and generated automatically after connecting to MetaMask.

5) Next, we can try sending 0.1 $MATIC to the contract wallet: Copy the contract wallet address and send the token directly to it like you would send to any other EOA wallet address.

After waiting for a period of time, you will be able to see the $MATIC sent to the contract wallet arrive.

6) Next, we will attempt to send 0.05 $MATIC from the contract wallet to the EOA wallet.

Then confirm the transaction "sign" and wait for a while to see the successful sending of the token.

7) Finally, you can go to polygonscan to check if the contract account has been successfully deployed (you can see that it has been successfully deployed).

Above is a simple user tutorial. Through the tutorial, we can also understand that we need to learn how to use MetaMask before using MetaMask Snaps. Therefore, the emergence of MetaMask Snaps does not actually reduce the user's usage threshold, but provides better experience and more functions for existing users, and better retains existing users.

二、MetaMask Snaps 的进展和项目

Translation:

2. Progress and Projects of MetaMask Snaps

Currently, MetaMask Snaps are still in the relatively early stages of development. Existing Snaps are being continuously developed and tested, while the MetaMask team is also encouraging more developers to build Snaps on MetaMask through various means. Currently, there are two main ways to do this:

1. MetaMask Grants DAO: This is an experimental employee-led initiative funded by ConsenSys, aimed at providing grants to external developers worldwide to establish influential experiences in the MetaMask ecosystem. In Grants DAO, the community can initiate proposals and decide whether to grant funding to a particular Snaps project, as long as the proposal receives a certain percentage of support votes, it can be approved.

2. Hosting sponsored hackathons: In addition, MetaMask has hosted sponsored hackathons to attract more developers to develop Snaps.

So far, many developers have shown strong interest in the development of Snaps and actively participated in it. At the same time, a large number of Snaps projects are being developed and tested. This article will select several Snaps projects that have won in hackathon events or received high support votes in Grants DAO for analysis.

MPC Snap: Integrating Multi-Factor Authentication into MetaMask

MPC Snap has integrated MPC technology in Metamask, allowing users to manage private keys using MPC technology. When using MPC Snap, users can set up two-factor authentication (2FA) to access the MetaMask wallet. Then, whenever the user is ready to sign a transaction, MPC Snap's MPC SDK will perform threshold ECDSA signatures. This is done by splitting the private key into two parts: one part is shared in the local snapshot, and the other part is shared on the signing server. After several rounds of communication, the signing server and Snap can jointly sign Ethereum transactions and get confirmation on the Goerli network.

In addition, unlike mnemonic phrases, this setting will not cause irreversible key loss due to a single point of failure. If a user's laptop is hacked or the signing server is compromised, the user will not lose their private key.

CoinChoice Snap: Recharge Gas with any currency

Among some users who plan to perform wallet operations, it is likely that they will encounter a situation where there is not enough Ethereum in the wallet to pay for gas, especially when it comes to receiving airdrop tokens or selling tokens. In the past, solving this problem required withdrawing from a centralized exchange or extracting funds from another wallet. However, when multiple wallets need to be operated and the blockchain network is congested, both methods can cause a lot of trouble.

CoinChoice Snap aims to solve this problem. It is a tool that exists in the user's MetaMask extension browser, providing the ability to manage gas for each transaction according to user needs. If the user prefers to hold USDC instead of ETH, they can use USDC to pay for gas. This way, users can choose to use the currency they want to pay for the gas required for the transaction.

Invisible Keys Snap: Cloud-based Private Key Storage

In Web3, the user experience of financialized games (GameFi) is a common issue. When experiencing GameFi, users often need to sign multiple times to continue playing. The goal of Smart Account Session Snap is to create a seamless user experience for gaming dapps and provide them with a secure automatic approval method.

The following is the user's usage process:

1. Connect your EOA and install Smart account session Snap.

2. Enable smart account above the MetaMask address. The MetaMask EOA will become the controller of the smart account.

3. Enable the session module on your smart account. The module enables additional access control logic for your Smart Safe account. Essentially, each smart account is controlled in two ways. The MetaMask account owner uses their signature key, and there is an optional module with its own custom access logic.

4、Create session.

5. This will create a temporary session key on your smart account, which is authorized to transact on your wallet through modules. The session can have parameters such as start time, end time, and permissions for custom operations on Dapp contracts.

6. Use the aforementioned session key to send automatically approved transactions without the need for MetaMask pop-ups to obtain gas or signatures.

Blackbelt Snap: Real-time Self-defense Against Fraud

In web3, security has always been a very common but serious issue. Attackers can exploit frontend vulnerabilities to inject malicious contracts into the user interface without the user's knowledge, causing the user to interact with the contract and lose funds involved in the protocol interaction. Blackbelt Snap aims to solve this problem. Users can view real-time security assessments of data through Blackbelt Snap. If a user discovers a protocol with a low security rating during use, they can report it to Blackbelt Snap. Subsequently, other users can also see the number of times the protocol has been reported before interacting with it.

Through Blackbelt Snap, users can better understand the security of the protocol and work together to protect the community from malicious activities. This reporting mechanism can increase user awareness and reduce the risk exposure to unsafe protocols.

Unipass Smart Contract Wallet MetaMask Snap: Featuring Email-Based Social Recovery Functionality

The goal of this Snap is to introduce the smart contract wallet functionality with account abstraction feature built by Unipass into MetaMask. The project will first add social recovery feature to eliminate the need for users to manage seed phrases, which has been one of the main issues and security risks when using external account wallets such as MetaMask. Subsequently, the project will gradually add other features such as gas extraction and batch transactions using ERC-20 tokens for gas payment, greatly reducing operational difficulties and improving user experience.

The potential of social recovery systems is well known, however, MetaMask has not yet implemented social recovery internally, while other wallets on the market, such as Argent, have been offering similar functionality for quite some time. Unipass is able to achieve this vision well, as they have already launched a widely used non-mnemonic and non-gas wallet for gaming dapps in the market. In addition to utilizing the functionality of smart contract wallets through account abstraction and multi-party computation (MPC), Unipass also uses the DKIM email protocol to securely verify and authorize guardians for transactions through signatures generated by Domain Keys. This is a major improvement for existing solutions like Argent, which requires guardians to hold their own encrypted wallets, allowing any trusted party with a wallet to act as a user's guardian.

Forta Snap: Decentralized Camera and Alarm System for Web3

Forta was launched in October 2021 and is being used by well-known DeFi projects such as Lido, Compound, Aave, MakerDAO, Balancer, dYdX, and UMA to monitor key aspects of their protocols. Incubated by OpenZeppelin, Forta is supported by a16z, Blockchain Capital, Coinbase Ventures, and other companies. It is a real-time detection network for security and operational monitoring of blockchain activity. Forta detects threats and anomalies in DeFi, NFTs, governance, cross-chain bridges, and other Web3 systems in real-time. Through timely and relevant alerts, protocols and investors can quickly react to eliminate threats and prevent or minimize financial losses.

As we all know, Web3 is filled with cases of users being phished and scammed. In the first half of 2022, scammers and hackers stole over $2 billion through phishing and other vulnerabilities. However, the security of Web3 is still in its early stages, and so far, most of the focus has been on protecting DeFi protocols through auditing, formal verification, and bug bounties. However, security stacks like Forta have not yet been widely adopted by most users, but many common attacks, such as phishing, unrestricted token approvals, and scams, are primarily aimed at unprotected everyday users. Therefore, the goal of Forta Snap is to build end-user protection security features in MetaMask, using Forta robot's detection capabilities to help more users prevent scams and phishing attacks. Once the project is successful, MetaMask users will experience enhanced chain-based fraud and phishing prevention in their wallet experience, thereby enhancing existing URL-based protection mechanisms.

Safeheron Multi Party Compute (MPC) key sharding Snap: Account and Key Management

Safeheron is an open-source and transparent digital asset self-custody service platform, established in 2019 and headquartered in Singapore. Based on secure multi-party computation (MPC) and trusted execution environment (TEE) technology, Safeheron provides institutional clients with a one-stop, comprehensive digital asset self-custody solution, enabling clients to have 100% control over their private keys and assets, and improving asset security and management efficiency. This Snap is a collaboration between Safeheron and MetaMask to improve the key management experience of MetaMask, with a particular focus on helping users manage their secret recovery phrases (SRP) to reduce phishing attacks and minimize the risk of losing these keys.

Due to the underlying multi-party computation (MPC) algorithm, the private key is never fully stored on a single device, which means that the possibility of attackers obtaining these private keys and stealing user funds is greatly reduced. In addition, if a user loses one of the three devices, they can use the remaining two devices to issue new key fragments to a new device to maintain their security. If successful, the MetaMask team will be able to verify MetaMask snap as an innovative accelerator for the new key management experience, greatly reducing the risk of single-point failures related to user being hacked/phished/losing private keys.

StarkNet Snap: Integrating StarkWare into the pioneering ZK-Rollup Snap

So far, due to the use of different address and account formats from Ethereum, StarkNet is not directly compatible with MetaMask, in other words, it is not EVM compatible. However, StarkNet Snap allows users to create a StarkNet account to manage assets on StarkNet by using their original MetaMask secret recovery phrase (SRP). StarkNet Snap also allows developers to deploy StarkNet accounts, conduct transactions on StarkNet, and interact with StarkNet smart contracts. It can connect to any dapp to access StarkNet, and developers can try to integrate their dapp with this snap.

In addition, if StarkNet Snap is accidentally deleted, there is no need to worry as deleting the snapshot will not delete the user's StarkNet account or transaction history. Furthermore, restoring StarkNet Snap is as simple as using MetaMask's secret recovery phrase to restore the MetaMask account and install StarkNet Snap, after which the user's existing account will be automatically restored.

Snap Directory: A web directory for adding, searching, discovering, and installing Snaps

It can be foreseen that in the future, MetaMask will have a large number of Snaps to choose from, and each Snap will have different information such as functions, permissions, and security. Users need to spend a lot of time to query this information, which seriously affects the user experience and to some extent hinders the rapid development of MetaMask Snaps.

The goal of Snap Directory is to create a website where users can quickly find Snaps, verify their information, and understand their security risks. All data on the website will be transparent and can be externally audited by the community. Developers can also authenticate themselves and add their snaps to the Snap Directory.

Three, Main Impact

Through the previous reading, we can understand that the impact brought by MetaMask Snaps is very significant. It can be foreseen that if the development of MetaMask Snaps goes smoothly, the following impacts may occur:

MetaMask Snaps will further solidify MetaMask's leading position in the wallet race. MetaMask Snaps will be of great help to existing MetaMask users, providing them with a better web3 experience.

MetaMask Snaps can be seen as a breakthrough in the web3 ecosystem. It transforms a simple Ethereum wallet into a complete web3 management tool, allowing us to customize and enhance the user's web3 experience, which other wallet projects currently do not achieve.

MetaMask Snaps may attract more web2 developers to the web3 field. It makes complex Web3 technologies easier for developers to understand and apply, and will significantly promote the integration of traditional Web2 applications with Web3.

Four, Possible Issues and Risks

1. Security:

From the previous text, it can be observed that MetaMask Snaps has similarities with Google Chrome extensions. In terms of security, Google Chrome scans every extension submitted to the Google Web Store, but this step is not rigorous enough and inevitably there are some loopholes. Therefore, over the years, there have been many information leakage incidents with Google Chrome extensions.

And in MetaMask Snap, the Snap Directory project mentioned earlier can also help users evaluate the security of Snaps to some extent. However, this is far from enough. Unlike Google Chrome, wallets store a large amount of user funds, so higher security standards are required. It can be imagined that security is a key point that must be guaranteed for MetaMask Snaps. This may be a potential hidden danger in the development process of MetaMask Snaps. Therefore, the development of MetaMask Snaps still needs more improvements and security guarantees before users can use them with peace of mind.

2、门槛方面：

Translation:

2. Threshold:

Before learning how to use MetaMask Snaps, users must first learn how to use the MetaMask wallet, which is an EOA wallet that requires understanding of how to use private keys, mnemonic phrases, etc. This is not user-friendly for those who have never dealt with web3. The emergence of MetaMask Snaps does not lower the barrier to entry, but rather provides services and assistance to existing users who are already familiar with using MetaMask.

However, we can speculate that a new bull market requires a large influx of fresh blood into the web3 field. Currently, the barrier to entry for web3 is relatively high, so reducing this barrier is crucial. Similarly, web3 wallets with low barriers to entry may be more attractive to new users. We know that many low-barrier web3 wallets have already emerged, some of which can be directly bound to the wallet through Twitter, some can be logged in using email or phone number, and some only require facial recognition to log in. MetaMask Snaps does not provide an advantage for MetaMask in this regard, so perhaps MetaMask needs to work harder to lower the barrier to entry in order to maintain its leading position in the new bull market.