Introducing MetaMask Signature Insights Snaps

Safety is paramount in today's digital world — especially in web3, where users frequently interact with decentralized applications and manage valuable assets. A common vulnerability in the ecosystem is malicious signature requests, which lead unsuspecting users to authorize transactions that compromise their assets. This can happen by tricking people into signing something that allows a nefarious actor to transfer a users’ assets.

To address this critical safety issue, MetaMask has introduced Signature Insight Snaps, a new category of security tools built by third-party developers. These Snaps empower users with greater transparency and control over signature requests, helping to identify and avoid potential threats.

Signature Insight Snaps integrate seamlessly with MetaMask. These tools work by analyzing the contents of requests, giving users insights into the signature’s purpose and potential risks. Leveraging knowledge from Signature Insight Snaps allows users to make more informed decisions, reducing the likelihood of falling victim to phishing attempts, unauthorized access, or other malicious activities. The added layer of security reinforces users' trust, and also fosters a safer environment for web3 interactions.

Discover our first Signature Insights Snaps

Kleros Scout is the first Snap to support Signature Insights. It decodes the content of signature requests, and identifies the addresses of any contracts you may be authorizing in the signature via Kleros’s decentralized token curated registries. It can then warn you if the contract you are interacting with is malicious.

Above, the Kleros Scout insight is displayed in the new signature request design. The insight shows that the contract being authorized by this signature request is the official Seaport 1.6 contract for NFT trading deployed by OpenSea.

ZyFi Paymaster Insights is our second Signature Insight Snap to launch. It improves the readability of signing transactions in the zkSync ecosystem, especially for paymaster-related transactions using txType 113. ZyFi Paymaster Insights adds helpful information about the “from” and “to” addresses for these paymaster-related transactions. Additionally, it provides extra information related to the paymaster, such as the address, type, gas fee token address, and gas fee token amount. This gives users more clarity on what they’re signing, helping them to avoid potentially malicious signatures.

Above, the ZyFi Paymaster Insight shows the from address, to address, and the paymaster type of the signature request on zkSync.

Install Kleros Scout Snap and ZyFi Paymaster Insights from the MetaMask Snaps Directory in MetaMask Extension 12.4.2 or later.

Build your own

Visit the MetaMask Developer Documentation to learn how you can build your own Signature Insight Snaps, and sign-up for our Builder Engagement Program so we can support you on your developer journey.

In the future, Signature Insights Snaps will be able to hook into alerts in signature requests. MetaMask will also offer more types of insights including information about origin URL of any request.

Head to the MetaMask Snaps Directory to discover security Snaps that will keep you safe in your web3 journey.