MetaMask Snaps: Pioneering a Decentralized New Ecosystem Consolidating Wallet Leadership

MetaMask Snaps: A New Decentralized Ecosystem for Wallet Leadership

Author: Darren, Everest Ventures Group

1. What is MetaMask Snaps?

MetaMask Snaps is a new feature (plugin) of the MetaMask wallet that aims to create a permissionless ecosystem where developers can extend MetaMask in any way they want. MetaMask Snaps is an open-source wallet extension development and a good way to provide diverse and personalized solutions for end-users with different needs. According to public information, MetaMask is the only wallet provider that supports custom plugins so far.

User workflow:

1. First, download MetaMask Flask from this website; Note: the project is currently in the developer testing phase, and there will be a risk prompt when downloading Flask:

• Andrew Kang: Why did I add to my position in Radiant Capital agains...
• Exploring OPNX, co-launched by Su Zhu: New governance token OX attr...
• Exposing Binance’s “Achilles’ Heel”? A look...

2. After downloading Flask, you can start downloading the Snaps you want to use. Here, we take AA Snap as an example (because the project is currently in the developer testing phase, this article will use a video screenshot of the developer):

1) Connect MetaMask wallet on the AA Snap official website, and then a window requesting connection will pop up in MetaMask, click to connect 2) Approve & Install

3) Then connect your contact wallet here

4) Then you can see your EOA wallet and account abstract wallet. The account abstract wallet is a contract wallet, so its address is fixed and generated automatically after connecting to MetaMask

5) Next, we can try to send 0.1 $MATIC to the contract wallet: copy the contract wallet address and send it directly like sending tokens to other EOA wallet addresses

After waiting for a while, you can see that the $MATIC sent to the contract wallet has arrived

6) Then we try to send 0.05 $MATIC from the contract wallet to the EOA wallet

Then confirm the transaction “sign” and wait for a while to see the successful token transfer.

7) Finally, you can go to polygonscan to check if the contract account has been deployed successfully (you can see that it has been deployed successfully).

Above is a simple user guide. Through the use of MetaMask Snaps, we can also understand that we still need to learn how to use MetaMask before using MetaMask Snaps. Therefore, the emergence of MetaMask Snaps actually does not reduce the user’s usage threshold, but provides a better experience and more features for the current stock of users.

II. Progress and Projects of MetaMask Snaps

Currently, MetaMask Snaps is still in a relatively early stage of development. Existing Snaps are being continuously developed and tested, and the MetaMask team is also encouraging more developers to build Snaps on MetaMask in multiple ways. The main methods currently used are as follows:

1. MetaMask Grants DAO: This is an experimental employee-led program sponsored by ConsenSys, aimed at providing grants to external developers worldwide to establish influential experiences in the MetaMask ecosystem. In Grants DAO, the community can initiate proposals and decide whether to grant a Snaps project. As long as the proposal receives a certain percentage of support votes, it can be passed.

2. Hosting sponsored hackathon activities: In addition, MetaMask has also sponsored multiple hackathon activities to attract more developers to develop Snaps.

So far, many developers have shown a strong interest in the development of Snaps and have actively participated in it. At the same time, a large number of Snaps projects are being developed and tested. This article will select several Snaps projects that have won in hackathon activities or have received high percentage support votes in Grants DAO for analysis.

MPC Snap: Integrating Multi-Factor Authentication into MetaMask

MPC Snap integrates MPC technology into MetaMask, allowing users to use MPC technology for private key management. When using MPC Snap, users can set up two-factor authentication (2FA) to access the MetaMask wallet. Subsequently, whenever the user is ready to sign a transaction, MPC Snap’s MPC SDK will perform threshold ECDSA signature. This is done by splitting the private key into two parts: one part is shared stored in a local snapshot and the other part is shared stored on a signing server. After several rounds of communication, the signing server and Snap can jointly sign Ethereum transactions and get confirmation on the Goerli network.

Additionally, unlike mnemonic phrases, this setup does not result in irreversible key loss due to a single point of failure. If a user’s laptop is hacked or if a signing server is compromised, the user will not lose their private keys.

CoinChoice Snap: Recharge Gas with Any Currency

Among users planning wallet operations, it is likely that there is not enough Ethereum in the wallet to pay for gas, especially when it comes to receiving airdrop tokens or selling tokens. In the past, solving this problem required withdrawing from a centralized exchange or extracting funds from another wallet. However, both of these methods can be cumbersome when multiple wallets need to be operated and the blockchain network is congested.

CoinChoice Snap aims to solve this problem. It is a tool that exists in the user’s MetaMask extension browser and provides the ability to manage gas according to user needs for each transaction. If a user would rather hold USDC than ETH, they can use USDC to pay for gas. This way, users can choose to use the currency they want to pay for the gas required for the transaction.

Invisible Keys Snap: Multi-Cloud Private Key Storage

Similar to MPC Snap, Invisible Keys Snap aims to improve the way users manage their private keys. Invisible Keys’ multi-cloud wallet stores users’ private keys in two or more cloud storage services (such as Google Drive, Dropbox, etc.), so even if one of the services is compromised, the private keys will never be exposed.

Smart Account Session Snap: Automatic Approval for Game Dapps

In Web3, the user experience of financialized games (GameFi) is a fairly common problem. When experiencing GameFi, users often need to sign multiple times to continue playing the game. The goal of Smart Account Session Snap is to create a seamless user experience for game dapps and provide them with a secure way to automatically approve.

The following is the user’s usage process:

1. Connect your EOA and install Smart account session Snap.

2. Enable smart account on top of MetaMask address. MetaMask EOA will become the controller of this smart account.

3. Enable the session module on your smart account. The module enables additional access control logic for your Smart Safe account. Essentially, each smart account is controlled in two ways. The MetaMask account owner uses their signing key and an optional module with their own custom access logic.

4. Create a session.

5. This will create a temporary session key on your smart account, which is authorized to perform transactions on your wallet through modules. Sessions can have parameters such as start time, end time, and permissions for custom actions on Dapp contracts.

6. Use the session key above to send automatically approved transactions without getting a MetaMask popup to obtain gas or signature.

Blackbelt Snap: Real-time self-defense against scams

Security has always been a common but serious problem in web3. Attackers can exploit frontend vulnerabilities to inject malicious contracts into user interfaces, causing users to interact with contracts and lose funds involved in the protocol without their knowledge. Blackbelt Snap aims to solve this problem. Users can view real-time security assessments of data through Blackbelt Snap. If users discover a protocol with a low security rating during use, they can report it to Blackbelt Snap. Then, other users can see how many times the protocol has been reported before interacting with it.

With Blackbelt Snap, users can better understand the security of the protocol and participate in protecting the community from malicious activities. This reporting mechanism can increase users’ awareness and reduce the risk exposure to unsafe protocols.

UniBlockings Smart Contract Wallet MetaMask Snap: Email-based social recovery feature

The goal of this snap is to introduce smart contract wallet functionality with account abstraction features into MetaMask built by UniBlockings. The project will first add a social recovery feature to eliminate the need for seed phrase management by users. Seed phrase management has always been one of the main issues and security risks when using external account wallets such as MetaMask. Then, the project will gradually add other features, such as gas extraction and batch transaction payment using ERC-20 tokens, to greatly reduce operational difficulty and improve user experience.

The potential of social recovery systems is well known, but so far, MetaMask has not implemented social recovery internally, while other wallets on the market, such as Argent, have offered similar features for a considerable amount of time. UniBlockings can implement this vision well because they have already launched a wallet without mnemonic and gas for game dapps widely used in the market. In addition to using smart contract wallet functionality through account abstraction and multi-party computing (MPC), UniBlockings also utilizes the DKIM email protocol to securely authenticate and authorize guardians for transactions through signatures generated by Domain Key. This is a major improvement over existing solutions such as Argent, which require guardians to hold encrypted wallets themselves, making any trusted party with a wallet potentially acting as a user’s guardian.

Forta Snap: Decentralized Camera and Alarm System for Web3

Launched in October 2021, Forta is being used by some well-known DeFi projects such as Lido, Compound, Aave, MakerDAO, Balancer, dYdX, and UMA to monitor key aspects of their protocols. Incubated by OpenZeppelin and backed by a16z, Blockchain Capital, Coinbase Ventures, and others, Forta is a real-time detection network for security and operational monitoring of blockchain activity. Forta detects threats and anomalies in real-time on DeFi, NFTs, governance, cross-chain bridges, and other Web3 systems. Through timely and relevant alerts, protocols and investors can quickly respond to eliminate threats and prevent or minimize fund losses.

As is well known, Web3 is rife with cases of users being phished and scammed. In the first half of 2022, scammers and hackers stole over $2 billion through phishing and other vulnerabilities. However, Web3 security is still in its infancy, and so far, most of the focus has been on protecting DeFi protocols through audits, formal verification, and bug bounties. However, security stacks like Forta have not yet been widely adopted by most users, but many common attacks, such as phishing, unrestricted token approvals, and scams are primarily aimed at unprotected everyday users. Therefore, the goal of Forta Snap is to build end-user protection security features inside MetaMask, leveraging the detection capabilities of Forta robots to help more users prevent scams and phishing attacks. Once the project is successful, MetaMask users will experience enhanced chain-based fraud and phishing prevention in their wallet experience, thus enhancing the existing URL-based protection mechanisms.

Safeheron Multi Blockingrty Compute (MPC) Key Sharding Snap: Account and Key Management

Safeheron is an open-source, transparent digital asset self-custody service platform founded in 2019, headquartered in Singapore. Based on secure multi-party computation (MPC) and trusted execution environment (TEE) technology, Safeheron provides institutional clients with a one-stop, all-round digital asset self-custody solution, enabling clients to fully control their private keys and assets, and enhancing asset security and management efficiency. This Snap, developed in collaboration between Safeheron and MetaMask, focuses on improving the key management experience in MetaMask, with a particular emphasis on helping users manage their secret recovery phrases (SRPs) to reduce phishing attacks and lower the likelihood of losing these keys.

Due to the underlying multi-party computation (MPC) algorithm, private keys are never fully stored on a single device, greatly reducing the likelihood of attackers gaining access to these keys and stealing user funds. Additionally, if a user loses one of their three devices, they can use the remaining two devices to issue new key shards to a new device to maintain their security. If successful, the MetaMask team will be able to validate the MetaMask snap as an innovative accelerator for new key management experiences, greatly reducing the risk of single point of failure related to user private key attacks/phishing/loss.

StarkNet Snap: Integrating StarkWare into the pioneering ZK-Rollup Snap

To date, StarkNet has not been directly compatible with MetaMask due to its use of different address and account formats than Ethereum, i.e., it is not EVM compatible. However, StarkNet Snap allows users to create a StarkNet account to manage assets on StarkNet using their original MetaMask Secret Recovery Phrase (SRP). StarkNet Snap also allows developers to deploy StarkNet accounts, transact on StarkNet, and interact with StarkNet smart contracts. It can be connected to any dapp for access to StarkNet, and developers can try to integrate their dapp with this snap.

Additionally, users need not worry if they accidentally delete StarkNet Snap, as deleting a snap does not delete their StarkNet account or transaction history. And, the restoration of StarkNet Snap utilizes MetaMask’s Secret Recovery Phrase directly, restoring the user’s existing account automatically after restoring their MetaMask account and installing StarkNet snap.

Snap Directory: Web Directory for Adding, Searching, Discovering, and Installing Snaps

It is foreseeable that there will be a large number of snaps available for MetaMask in the future, and each snap will have different information such as functions, permissions, and security risks. Users need to spend a lot of time querying this information, which severely affects their experience and hinders the rapid development of MetaMask snaps to some extent.

The goal of Snap Directory is to create a website where users can quickly find snaps and verify their information and security risks. All data on the website will be transparent and can be externally audited by the community, and developers can also be verified and add their snaps to the Snap directory.

Three, Main Impact

By reading the preceding text, we can understand that the impact of MetaMask Snaps is significant. It can be foreseen that if the development of MetaMask Snaps goes smoothly, it may have the following effects:

• MetaMask Snaps will further consolidate MetaMask’s leading position in the wallet race. MetaMask Snaps will be of great help to existing MetaMask users, providing them with a better web3 experience.

• MetaMask Snaps can be seen as a breakthrough in the web3 ecosystem. It turns a simple Ethereum wallet into a complete web3 management tool, allowing us to customize and enhance users’ web3 experience, which other wallet projects currently do not achieve.

• MetaMask Snaps may attract more web2 developers to enter the web3 field. It makes complex Web3 technology more understandable and applicable to developers, and will significantly promote the integration of traditional Web2 applications with Web3.

IV. Possible problems and risks

1. Security:

As observed from the preceding text, MetaMask Snaps is similar to Google Chrome extensions. In terms of security, Google Chrome scans every extension submitted to the Google Web Store, but this step is not rigorous enough and there are inevitably some loopholes, resulting in many information leakage incidents in Google Chrome extensions over the years.

In MetaMask Snap, the Snap Directory project mentioned earlier can help users evaluate the security of Snaps to a certain extent, but this is far from enough. Unlike Google Chrome, wallets store a large amount of user funds, so higher security standards are required. It can be imagined that security is a key point that must be guaranteed for MetaMask Snaps. Therefore, the development of MetaMask Snaps still needs more improvements and security guarantees before users can use it with confidence.

2. Threshold:

Before learning how to use MetaMask Snaps, users must first learn how to use MetaMask wallet, which is an EOA wallet that requires understanding of how to use private keys, mnemonic phrases, etc. This is not user-friendly for those who have never encountered web3. The emergence of MetaMask Snaps did not reduce the usage threshold, but rather provided services and help for existing MetaMask users who are already familiar with using MetaMask.

However, we can speculate that a new bull market requires a large influx of fresh blood into the Web3 field, but currently, the barrier to entry into Web3 is still relatively high, so reducing the barrier is very important. Similarly, low-threshold Web3 wallets may be more attractive to new users. We know that many low-threshold Web3 wallets have emerged, some of which can be logged in directly by binding to Twitter, some can be logged in using email or phone number, and even some only require face recognition to log in to the wallet. MetaMask Snaps does not provide advantages for MetaMask in this regard, so perhaps MetaMask wants to continue to maintain its leading position in the new bull market and needs to make more efforts in reducing the barrier to entry.

This article is for communication and learning purposes only and does not constitute any investment advice.