By Darren, Everest Ventures Group
What are MetaMask Snaps?
MetaMask Snaps is a new feature (plug-in) of the MetaMask wallet, it aims to create a permissionless ecosystem where developers can extend MetaMask in any way they want, MetaMask Snaps is an open source wallet extension developed for users with different It is a good way to provide diversified and personalized solutions to end users who need it, and according to public information, MetaMask is so far the only wallet provider that supports custom plugins.
User use process:
1. First download MetaMask Flask from this website;
Note: The current project is still in the developer testing stage, and there will be a risk warning when downloading Flask:
2. After downloading Flask, you can start downloading the Snaps you want to use. Here is an example of AA Snap (since it is still in the developer testing stage, this article will use the developer’s video screenshot):
1) Connect the MetaMask wallet on the AA Snap official website, and then a window to request connection will pop up in MetaMask, click Connect;
2) Approve & Install;
3) Then connect your contact wallet here;
4) Then you can see your EOA wallet and account abstract wallet. The account abstract wallet is a contract wallet, so its address is determined and automatically generated after connecting to MetaMask;
5) Next, we can try to send 0.1$ Matic to the contract wallet: copy the contract wallet address and send it directly as usual to send tokens to other EOA wallet addresses;
Wait for a while to see the arrival of $MATIC sent to the contract wallet;
6) Then we try to send 0.05$ Matic from the contract wallet to the EOA wallet;
Then confirm the transaction "sign" and wait for a while to see that the token is sent successfully;
7) Finally, you can go to polygonscan to check whether the contract account is successfully deployed (you can see that it has been successfully deployed);
The above is a simple user tutorial. Through the above tutorial, we can also understand that we still need to learn how to use MetaMask before using MetaMask Snaps. Therefore, the appearance of MetaMask Snaps does not actually lower the threshold for users to use. It is more for the current Provide better experience and more functions for existing users, and better retain current existing users.
MetaMask Snaps Progress and Projects
Currently, MetaMask Snaps are in a relatively early stage of development. Existing Snaps are being continuously developed and tested, and the MetaMask team is encouraging more developers to build Snaps on MetaMask in various ways. At present, the following two methods are mainly used:
1. MetaMask Grants DAO: This is an experimental employee-led program funded by ConsenSys to provide grants to external developers around the world to build impactful experiences in the MetaMask ecosystem. In GrantsDAO, the community can initiate a proposal to decide whether to issue a grant to a Snaps project, as long as the proposal receives a certain percentage of support votes, it can be passed.
2. Sponsored hackathons: In addition, MetaMask also sponsored several hackathons to attract more developers to develop Snaps.
To date, many developers have expressed interest in and actively invested in the development of Snaps. At the same time, there are already a large number of Snaps projects under development and testing. This article will select a few Snaps projects that won the hackathon or obtained a high proportion of support votes in the Grants DAO for analysis.
- MPC Snap: Integrating Multi-Factor Authentication into MetaMask
MPC Snap integrates MPC technology in Metamask, enabling users to use MPC technology for private key management. When using MPC Snap, users can set up two-factor authentication (2FA) to access MetaMask wallets. Then, whenever a user is ready to sign a transaction, MPC Snap's MPC SDK will perform a threshold ECDSA signature. This is done by splitting the private key into two parts: a share stored in the local snapshot, and a share stored on the signing server. After several rounds of communication, the signature server and Snap were able to jointly sign the Ethereum transaction and it was confirmed on the Goerli network.
Also, unlike a Seed Phrase, this setup does not have a single point of failure leading to irreversible loss of keys. If the user's laptop is hacked, or the signing server is compromised, the user will not lose their private key.
- CoinChoice Snap: Top up Gas with any currency
Among some users who intend to perform wallet operations, it is likely that there is not enough Ethereum in the wallet to pay for gas, especially when it comes to receiving AirDrop tokens or selling tokens. Previously, solving this problem required withdrawing funds from a centralized exchange or withdrawing funds from another wallet. However, both methods can cause a lot of trouble when multiple wallets need to be operated and the blockchain network is congested.
CoinChoice Snap aims to solve this problem. It is a tool that exists in the user's MetaMask extension browser and provides the ability to manage gas according to user needs for each transaction. If users prefer to hold USDC instead of ETH, they can use USDC to pay for gas. In this way, users can choose to use the currency they want to pay for the gas required for the transaction.
Invisible Keys Snap: Multi-Cloud Private Key Storage
Invisible Keys Snap, similar to MPC Snap, aims to improve the way users manage their private keys. Invisible Keys' multi-cloud wallet stores the user's private key in two or more cloud storage services (such as Google Drive, Dropbox, etc.), even if one of the services is compromised, the private key will never be exposed.
- Smart Account Session Snap: Automatic Approval for Game Dapp
In Web3, the user experience of financialized games (GameFi) is a fairly common problem. When experiencing GameFi, users often require multiple signatures to proceed with the game. The goal of the Smart Account Session Snap is to create a seamless user experience for gaming dapps and provide them with a secure way of auto-approving.
The following is the user flow:
1. Connect your EOA and install Smart account session Snap.
2. Enable the smart account on the MetaMask address. MetaMask EOA will be the controller of this smart account.
3. Enable the session module on your Smart Account. Modules enable additional access control logic for your Smart Safe account. Essentially, each Smart Account is controlled in two ways. An optional module used by MetaMask account owners with their signing keys and with their own custom access logic.
4. Create a session.
5. This will create a temporary session key on your smart account that is authorized to make transactions on your wallet through the module. Sessions can have parameters such as start time, end time, and permissions for custom actions on Dapp contracts.
6. Send an auto-approved transaction using the above session key, no MetaMask popup required for gas or signature.
- Blackbelt Snap: Real-time self-defense against scams
Security issues have always been a very common but serious issue in web3. Attackers can exploit front-end vulnerabilities to inject malicious contracts into the user interface without the user's knowledge, causing the user to interact with the contract and lose the funds involved in the interaction with the protocol. Blackbelt Snap aims to solve this problem. Users can view the security assessment of data in real time through Blackbelt Snap. If users find a protocol with a low security score during use, they can report it to Blackbelt Snap, and then other users can also see it before interacting with the protocol. The number of times this protocol has been reported.
Through Blackbelt Snap, users can gain a better understanding of the security of the protocol and participate together in protecting the community from malicious activity. This reporting mechanism increases user awareness and reduces risk exposure to unsafe protocols.
- Unipass Smart Contract Wallet MetaMask Snap: Features email-based social recovery
The goal of this Snap is to introduce functionality built by Unipass to incorporate smart contract wallet functionality with account abstraction into MetaMask. The project will first add social recovery functionality to remove the need for users to manage seed phrases. Seed phrase management has always been one of the major concerns and security concerns when using external account wallets such as MetaMask. Subsequently, the project will gradually add other features such as gas extraction and batch transactions using ERC-20 tokens to pay for gas, which will greatly reduce operational difficulty and improve user experience.
The potential of social recovery systems is well known, however so far, social recovery has not been implemented within MetaMask, while some other wallets on the market, such as Argent, have provided similar functionality for quite some time. Unipass is well positioned to realize this vision as they have launched a Seed Phrase and gas-free wallet widely used in gaming Dapp in the market. In addition to leveraging the functionality of smart contract wallets through account abstraction and multi-party computation (MPC), Unipass also utilizes the DKIM email protocol to conduct transactions through Domain Key-generated signatures, security verification, and authorized guardians. This is a big improvement over existing solutions like Argent, which requires guardians to hold their own encrypted wallets, allowing any trusted party with a wallet to act as a guardian for a user.
- Forta Snap: A Decentralized Camera and Alarm System for Web3
Launched in October 2021, Forta is being used by some well-known DeFi projects such as Lido, Compound, AAVE, MakerDAO, Balancer, dYdX, and UMA to monitor key aspects of their protocols. Forta was incubated by OpenZeppelin and is backed by a16z, Blockchain Capital, Coinbase Ventures and others. It is a real-time detection network for security and operational monitoring of blockchain activity. Forta detects threats and anomalies on DeFi, NFT, governance, Cross-chain bridges, and other Web3 systems in real-time. With timely and relevant alerts, protocols and investors can react quickly to neutralize threats and prevent or minimize loss of funds.
We all know that Web3 is full of cases of users being phished and scammed. In the first half of 2022, scammers and hackers stole more than $2 billion through phishing and other exploits. However, Web3 security is still in its infancy, and most of the focus so far has been on securing DeFi protocols through audits, formal verification, and bug bounties. However, security stacks like Forta are not widespread to most users, yet many common attacks such as phishing, unlimited token approval, and scams are mainly targeted at unprotected everyday users. Therefore, Forta Snap's goal is to build end-user protection security features into MetaMask to help more users prevent scam and phishing attacks by leveraging the detection capabilities of Forta bots. Once the project is successful, MetaMask users will have chain-based fraud and phishing prevention enhanced in their wallet experience, thereby augmenting existing URL-based protection mechanisms.
- Safeheron Multi Party Compute (MPC) key sharding Snap: account and key management
Safeheron is an open source, transparent digital asset self-custody service platform, established in 2019 and headquartered in Singapore. Based on Secure Multi-Party Computing (MPC) and Trusted Execution Environment (TEE) technologies, Safeheron provides institutional clients with a one-stop, comprehensive digital asset self-custody solution, enabling clients to have 100% control over private keys and assets, and to improve Asset safety and management efficiency. The Snap, created by Safeheron in partnership with MetaMask, revolves around improving MetaMask's key management experience, with a particular focus on helping users manage their secret recovery phrases (SRPs) to reduce phishing attacks and reduce the likelihood of those keys being lost.
Due to the underlying multi-party computer (MPC) algorithm, the private keys are never kept intact on a device, which means it is far less likely for an attacker to obtain these private keys and steal user funds. Also, if a user loses 1 of 3 devices, they can use the remaining 2 devices to issue a new key shard to a new device to maintain its security. If the project is successful, the MetaMask team will be able to validate the MetaMask snap as an innovation accelerator for a new key management experience, drastically reducing the risk of single points of failure associated with users getting hacked/phished/lost private keys.
- StarkNet Snap: Integrating StarkWare into the first ZK- Rollup Snap
To date, StarkNet has not been directly compatible with MetaMask, in other words not EVM compatible, due to using a different address and account format than Ethereum. While StarkNet Snap allows users to manage assets on StarkNet by creating a StarkNet account based on their original MetaMask Secret Recovery Phrase (SRP), StarkNet snap also allows developers to deploy StarkNet accounts, conduct transactions on StarkNet, and interact with StarkNet smart contracts To interact, it can connect with any Dapp to access StarkNet, developers can try to integrate their Dapp with this snap.
Also, don't worry if you accidentally delete a StarkNet Snap, deleting a Snap will not delete a user's StarkNet account or transaction history. And the recovery of StarkNet Snap directly utilizes the secret recovery phrase of MetaMask. After recovering the MetaMask account and installing StarkNet snap, the user's existing account will be automatically restored.
- Snap Directory: Web directory for adding, searching, discovering and installing Snaps
It is foreseeable that MetaMask will have a large number of Snaps to choose from in the future, and each Snap has different functions, permissions, and security information. Users need to spend a lot of time querying this information, which seriously affects the user experience. To some extent, it hinders the rapid development of MetaMask Snaps.
The goal of the Snap Directory is to create a website where users can quickly find Snaps, verify their information, and understand their security risks. All data on the site will be transparent and externally auditable by the community, and developers can also authenticate and add their snaps to the Snap directory.
main impact
Through the previous reading, we can understand that the impact of MetaMask Snaps is very significant. It is foreseeable that if MetaMask Snaps develops smoothly, it may have the following impacts:
- MetaMask Snaps will further consolidate MetaMask's leading position in the wallet track. MetaMask Snaps will be of great help to existing MetaMask stock users and provide them with a better web3 experience.
- MetaMask Snaps can be seen as a breakthrough in the web3 ecosystem. It turns a simple Ethereum wallet into a complete web3 management tool, allowing us to customize and enhance the user's web3 experience, something no other wallet project has achieved so far.
- MetaMask Snaps have the potential to attract more web2 developers into the web3 space. It makes complex Web3 technologies easier for developers to understand and apply, and will significantly facilitate the integration of traditional Web2 applications with Web3.
Possible problems and hidden dangers
1. Safety aspects:
As can be observed from the previous article, MetaMask Snaps has similarities with Google Chrome extensions. In terms of security, Google Chrome will scan every extension submitted to the Google Web Store, but this step is not rigorous enough, and it is inevitable that some fish will slip through the net. There have been many information leaks from extensions.
In MetaMask Snap, the Snap Directory project mentioned above can also help users evaluate the security of Snaps to a certain extent, but this is far from enough. Unlike Google Chrome, wallets store a large amount of funds for users, so A higher standard of security is required. It is conceivable that for MetaMask Snaps, security is a key point that must be guaranteed. This could be a potential pitfall in the development of MetaMask Snaps. Therefore, the development of MetaMask Snaps still needs more improvements and security guarantees, so that users can use it with confidence.
2. In terms of threshold:
Before learning how to use MetaMask Snaps, users must first learn how to use MetaMask Wallet, which is an EOA wallet, and needs to know how to use private keys, Seed Phrase, etc., which is not friendly for users who have never touched web3 . The emergence of MetaMask Snaps has not lowered the threshold for use, but more to provide services and assistance to existing users who are already familiar with MetaMask.
But we can speculate that a new round of bull market needs a lot of fresh blood into the web3 field, but at present, the threshold for entering web3 is still relatively high, so it is very important to lower the threshold. Similarly, low-threshold web3 wallets may also be more able to attract new users. We know that there have been many low-threshold web3 wallets, some of which can be directly linked to the wallet through one-click Twitter, and some can be logged in with email or mobile phone number. , and there are even some that only need face recognition to log in to the wallet. However, MetaMask Snaps did not provide MetaMask with an advantage in this regard. Therefore, perhaps MetaMask needs to work harder to lower the threshold if it wants to continue to maintain its leading position in the new round of bull market.
