Snaps Security Essentials: A Security Guide for MetaMask Snaps Development

New primitives mean new bugs, and a few paradigms to understand if you want security built-in. Thankfully, there are guidelines like the Ethereum Smart Contract Security Best Practices that give developers a solid understanding to make their projects as safe as possible for users.

Security guidelines for MetaMask Snaps

One such new primitive is MetaMask Snaps, an open-source system that enables users to safely extend MetaMask's functionality, offering new wallet experiences. At its core, a Snap is a JavaScript program operating inside MetaMask in an isolated environment.

With MetaMask Snaps comes a variety of new and exciting functions for your MetaMask wallet which inevitably introduces more complexity and therefore more attack surface. Earlier, we introduced the MetaMask Trust Model for a more secure Snap development and teased common vulnerabilities in Snaps.

This is the groundwork for the next step we take to create a knowledge base for all things Snap security. With builders and auditors in mind, we assembled the Snap Security Essentials explaining the MetaMask Trust Model, the top vulnerabilities, best practices, and more. It is a one-stop shop with resources and knowledge, builders, and auditors need to create a safe Snap space.

It is maintained by Consensys Diligence, with contributions from our friends in the broader Ethereum and security community. 💚

What you can expect from Snap Security Essentials

• General philosophy: To understand Snaps means to understand the MetaMask Trust Model. As summarized in our earlier post users trust MetaMask but not the dapp! Given that paradigm, there are logical consequences for Snap secure building and auditing that we condensed into general philosophy guidelines.
• Top 10 Snap vulnerabilities: We conducted a comprehensive analysis of the audit reports for all the Snaps in the Snaps Marketplace up to Oct 23. We classified the issues and identified a clear top 10. For every vulnerability essentials provides you with a detailed description, misuse scenarios, and ways to prevent them.
• Knowledge base: This is the right place to get in the weeds of Snap building and securing. Here, we dropped our latest insights and findings so you have all Snap Security alpha in one place. This is an ever-growing treasure of knowledge as we invite the community to contribute and share.
• Experimental tools: Security is hard and takes time. We constantly think about ways to make life easier for your inner security engineer and publish new tools for you to test. Our latest experiment is SnipGuardian which is designed to visualize a Snap's capabilities, give code insights, and detect common vulnerabilities. This tool is the Swiss Army Knife of Snap Security. As a Snap user, it can help you to understand the risk profile of a Snap before installing it. As a developer, it can help you to identify common pitfalls and vulnerabilities in your Snap and enhance the robustness of your code. As a Snap security auditor, it can help you to enhance your auditing process and identify common vulnerabilities.

Snap Security for and from the community

We are here to support you with audits, tools, and insights. The Snap Security Essentials launched in its first version and serves as a go-to place for everything Snap Security. This is an open project and we invite everyone to contribute. Feel free to submit a pull request with anything from small fixes to full new sections. We are looking forward to sharing and working together with y'all!

Let's make Snaps a safe space. Visit the Snaps Essentials website or request an Audit today!

Martin Ortner (tintinweb)

Valentin Quelquejay

Martin and Valentin, Security professionals at Consensys Diligence, are at the forefront of Snap security research, diligently working to enhance the platform's security