Original Title: "MetaMask Snap Technical Review: Development Experience, Capability Limitations, Security, and Business Potential Analysis"

Original Source: LXDAO

This article is co-written by LXDAO experts Li Damao and Bruce. We will delve into the technical aspects of MetaMask Snap. What is MetaMask Snap? What are its technical capabilities? How is security ensured? What is the development experience like? These questions may determine the future potential of MetaMask Snap.

What is MetaMask Snap?

A few days ago, ConsenSys announced the public launch of MetaMask Snaps Open Beta. MetaMask Snaps can expand the capabilities of the wallet and install apps (Snaps) created by third-party developers to obtain new features.

If ConsenSys has turned MetaMask into WeChat, then Snap is the WeChat mini program. Therefore, it can be seen that MetaMask has great ambitions. With the combination of ConsenSys' scale and MetaMask's user base, the landscape of the wallet industry will change as a result.

Currently, the official has released 35 available Snaps and launched the Snap app store at https://snaps.metamask.io/.

Partial Snap Overview

So what exactly is MetaMask Snap from a technical perspective? What are its capabilities and limitations? Is it secure? How is the development experience? These may all determine the future potential of MetaMask Snap.

Last year, LXDAO began in-depth research on the implementation of Snap. Currently, multiple members have participated in the development of Snap and actively participated in related hackathons. Today, we will explore the above issues from a technical perspective and actually develop a Snap to let you experience the developer experience of Snap.

MetaMask Snap First Experience

Install MetaMask Snap.

Usually, you can install it through the official MetaMask Snap market, or directly install it on the project's official website. Taking UniPass as an example, when you visit the application page, a button will be provided for you to link MetaMask.

After clicking, Snap will be installed:

Using MetaMask Snap

After installation is complete, you can start using the corresponding products and functions. In this application, UniPass creates a smart contract account for you, making it easy for you to operate through MetaMask's EOA account.

When you initiate a transfer, UniPass will prompt Snap to confirm whether you want to perform the operation on the UniPass AA wallet.

After confirming through MetaMask, you can perform related operations. In this scenario, MetaMask has the ability to control the UniPass AA wallet through Snap, allowing UniPass to enable users to operate the wallet without developing a wallet plugin, and can also introduce users at a very low cost with the help of MetaMask!

What information can we obtain from this installation and usage process?

Snap has relatively fine-grained permission control, including permissions for linking wallets and network requests. The overall design follows the Principle of Least Privilege, prioritizing security.

From npm:@unipasswallet/unipass-snap, we can see that Snap is based on NPM for package and version management. More details on security will be introduced later.

Snap has a high degree of flexibility and can be developed and customized according to project needs to determine the displayed content and logic. However, the UI is relatively simple and has room for optimization.

The experience of Snap is very simple and reliable, and it does achieve the level of beta version and production environment.

For a wallet product, security is always the top priority. Next, let's analyze the security design of Snap.

Snap is safe?

Snap Code Runtime Analysis

As mentioned above, Snap is based on NPM for package and version management, indicating that Snap is actually an application based on Web and JavaScript. As we all know, the syntax of JS is very flexible and free, which can easily lead to attacks such as XSS and phishing. How does MetaMask Snap deal with this challenge?

After some research, it is not difficult to find that MetaMask sponsors Agoric and deeply integrates Agoric team's Hardened JavaScript (also known as Secure EcmaScript) as its "fully virtualized" sandbox solution. Agoric has designed a JavaScript restriction API and submitted a draft proposal to TC-39 (JS standardization association), which can be found at: https://github.com/tc39/proposal-ses.

Simply put, Hardened JavaScript is a more secure subset of standard JavaScript. By leveraging some of the capabilities and mechanisms of JS, it reduces the calling permissions and methods of some JS APIs, thereby reducing some risks. It creates a secure sandbox for the corresponding code to execute, while following the Principle of Least Privilege to plan the permission control of the code.

Agoric has collaborated with MetaMask to develop the LavoMoat (https://github.com/LavaMoat/lavamoat) project to enhance the security of Snap. LavaMoat is a set of tools that focuses on addressing security risks of external dependencies in JS projects, and adds restrictions on certain APIs and logic.

Agoric has collaborated with MetaMask to conduct black-box and white-box security testing, and has produced detailed security reports. Therefore, at the level of code execution, we have ample reason to believe that Snap is secure.

Notification Capability

When users interact with smart contracts, MetaMask triggers the onTransaction event of Snap. MetaMask passes the unsigned raw transaction to the onTransaction handler method, and Snap can return a page for secondary confirmation of the transaction and customize the displayed content.

Through this capability, functions such as secure auditing of transaction information and expanded information display can be achieved.

The Dialog capability will allow Snap to directly pop up an independent window, achieving similar pop-up capabilities as traditional Alert/Confirm/Prompt (as shown in the figure below), which are used for reminding, confirming, and submitting information, respectively.

Through Dialog, you will be able to customize simple interactive interfaces and operations to connect with your DApp.

Due to security reasons, Snap currently does not support third-party front-end frameworks and only provides a limited number of UIKit components. The following example still uses insight to showcase all the UI component libraries that developers can call.

As shown in the figure, currently only Heading (capital letters), Text (small letters), Panel (card and can only be used once), Divider (separation line), Copyable (click to copy) and a small subset of Markdown (bold and italic) are available online. Therefore, it seems impossible to build interactivity for the time being, and it is also impossible to use embedded HTML to achieve interactive operations. However, after asking in the official Discord, the officials claimed that these were all for security considerations and would be released in the next version.

In addition, for security reasons, only the Fetch method is supported for external requests, and other request protocols such as WebSocket are not supported. Due to security, capability, and privacy limitations, it is also not possible to obtain client information, such as the URL that triggered Snap, and more diverse functionality cannot be implemented.

These questions and restrictions are mostly due to security considerations. It is believed that more permissions will be considered for opening up in the future after security is verified.

The MetaMask that provides these APIs has actually become a product similar to an open platform. This feeling is like when WeChat launched public accounts and mini-programs, instantly making people feel that it is no longer just a simple chat tool.

MetaMask anticipated today's market landscape as early as 2019, where there are many public chains and project parties, as well as various customized wallet needs. Instead of each project party developing their own plugins and users having to install multiple plugins, it is better to develop based on MetaMask Snap. In the first batch of released Snaps, we also discovered other non-EVM ecosystem wallets such as Sui Wallet, Solana Wallet, and Arweave Wallet. With its existing user base, MetaMask Snap will undoubtedly have a significant impact on the wallet landscape.

In fact, the potential of MetaMask Snap may be even greater than we expected, and even beyond the scope of wallets. We can also see the work of the EthSign team, which has created a universal password manager called KeyChain based on MetaMask Snaps. All passwords in the browser can be encrypted and stored with wallet keys. This way, managing the wallet also includes managing all passwords.

Snap is very relevant to developers. With an open API, how is the developer experience? Why don't we try our hand at developing a Snap and experience it for ourselves?

Directly develop a Snap test

Organizing Thoughts

As we all know, in most cases, the majority of users do not actually know what the interacting smart contract is, which mainly includes the following questions:

The contract used for the transaction, whether it has been replaced by a phishing website's contract.

The contract for the transaction is an upgradable contract or not.

Is the smart contract a contract that has just been deployed and has not been verified by many people yet?

The contract for the transaction is open source or not.

For ordinary users, it is a fantasy to ask them to read the solidity code of the contract before operating. At this time, it is actually very suitable to use the Transaction Insight function to achieve some smart contract analysis, such as using AI to conduct a relatively simple security audit of smart contracts, which may filter out 80% of low-level phishing attacks.

Preparing Development Environment

Download Wallet

First, you need to install MetaMask Flask.

MetaMask Flask is a developer-centric MetaMask extension distribution, mainly used for new feature previews and experimental feature development. Note that this is a developer version of MetaMask, please do not use it for daily use, and do not import your daily use private key. Flask is used here mainly to facilitate the local real-time preview of Snap that we are developing.

It is recommended to temporarily turn off the Firefox wallet and other browser wallets after installation, or create a new Chrome Profile to use, otherwise there may be conflicts.

Create Account

After installing the wallet, create a new wallet just like you would normally create a MetaMask wallet. Please note that this is a wallet specifically for testing purposes, so do not import your regular wallet.

Next, we need to deposit some test coins into the newly created wallet. Test coins can be obtained through a faucet. This article focuses on Goerli, which is the network used by Snap.

Based on the template initialization Snap.

MetaMask also established a MetaMask Grants DAO last year, which funds high-value projects in the MetaMask ecosystem through a grant program. The MetaMask Grants DAO is an experimental program led by employees that provides grants to external developers worldwide to build influential experiences in the MetaMask ecosystem. MetaMask invests a portion of its profits each quarter into this DAO, and the current annual budget for the MetaMask Grants DAO is $2.4 million.

Currently, any project that can enrich the MetaMask ecosystem can apply for the official MetaMask Grants DAO (MetaMask Grant). For more information, please visit https://metamaskgrants.org/.

Conclusion

Snap is similar to WeChat mini-programs, opening up greater imagination space with MetaMask.

The overall security is good, but there are still certain risks, and it is necessary to remain vigilant about high-risk permissions.

After four years of polishing and testing, the developer experience is excellent. However, due to security considerations, a whitelist mechanism and audit requirements have been designed. It can be expected that there will not be a large number of Snaps emerging in the near future.

Currently, MetaMask Snap is still iterating rapidly, and it is believed that more permissions and capabilities will be opened up in the future. It is hoped that more open and secure mechanisms can be introduced, such as Apple's official Audit review mechanism and official code repository version control, so that more developers can participate at a low cost. If this issue is improved, it can be expected that there will be a large demand in the future. There may even be dedicated Snap developer positions.

Finally, thank you for your article. I believe this will help more people understand the development status of MetaMask Snap.

Welcome to join the official BlockBeats community:

Telegram Subscription Group: https://t.me/theblockbeats

Telegram Discussion Group: https://t.me/BlockBeats_App

Official Twitter Account: https://twitter.com/BlockBeatsAsia