Snaps in MetaMask Stable and Where We Go From Here
Learn about the Snaps story, what this means for us at MetaMask, and the next step towards a collaborative future.
Today we have launched the first version of MetaMask Snaps in the public distribution of MetaMask. This has been the culmination of years of hard work and original research by a fabulous team, and I’m excited to tell you what it’s about, how it came about, and where it’s headed.
I believe the original Snaps thesis continues to be accurate. Snaps are a good idea for the same reason that Ethereum is a good idea, for the same reason that computing is a good idea: General purpose thinking tools are awesome.
All this time we’ve been trying to build an interface to Ethereum, a turing-complete computer, but our interface was being written by a single team! It is obvious that the ideal wallet for an open-ended machine like Ethereum would need to be as flexible as it is, and today marks an important step towards making it so.
MetaMask Snaps is a new system in the wallet that allows the user to opt into additional enhancements to their wallet at runtime. We’re launching with a set of APIs and partners using them that enable our wallet to suddenly support new blockchains, new transaction security providers, and a variety of notification systems (including a chat Snap!). We think these will offer a lot of new possibilities in terms of scalability and safety, but this is really just the beginning.
The Snaps Story: How Did We Get Here?
The most important part of the Snaps story to me is that we now have a system at the heart of our wallet that allows us to step back and humbly invite the community to provide their own solutions to the hardest problems. I have some big ideas and opinions about what the future of transaction safety could look like, but that’s no reason for it to be the only idea being validated. We’re helping usher in a new paradigm of distributed computing, and there are a lot of questions that need creative solutions, and so I still believe that lowering the barrier and cost to trying new things can be an important accelerant to finding good answers to those hard problems. This isn’t about accelerating technology for its own sake, it’s about accelerating the process of finding improvements in the ways we do things.
Through this process, I’ve reflected that long term, I expect more software to be open-ended and easily extended and interconnected. A secure extensibility system should be a very solved problem, and frankly I think it should be the default for how software is built and written, and I expect it will be in the long term. Since safely extensible software isn’t a cheap commodity yet, I’m deeply proud of our team for helping carve a path towards making a more collaborative future for computing in general.
Our journey to Snaps took us through some exciting corners in the history of computing, and allowed us to make some wonderful friends. There is no over-stating the value of our partnership with Agoric in this endeavor, who designed a JavaScript confinement API, has proposed it to the JS standards committee TC-39, implemented a working shim of that API that can be used today, and collaborated with us in refining this system, LavaMoat, and our approach to secure computing generally. Our Snaps system leverages the Agoric Compartment shim, additionally confined within an iframe. You can watch me have a conversation with Mark Miller, Chief Scientist at Agoric here. You can read our purple team audit of the Compartment shim here.
We engaged in this journey through a particularly challenging time for a WebExtension: Google itself proposed a major overhaul for how extensions like MetaMask could work, and for a moment it loomed over the entire project as a possible death blow (or at least a change that forced us to move off the extension platform). Fortunately, thanks in large part to astonishingly smart and considerate bizdev people at both Consensys and Google, we were able to come up with compromises in the way the extension platform was changing that allowed MetaMask's ambitious goals without compromising on either company’s security ideals.
Those changes still required enormous contributions from around Consensys to help us navigate. It’s one thing to drive a major initiative through a heavily-used security-critical product like MetaMask, but even more to do it while also migrating the entire codebase to what was essentially a new platform. This feat is a testament to multiple teams at MetaMask working closely together to share the burden, so we would unlock the much more exciting work on the other side, and I’m deeply grateful for all of them.
The Snaps system includes some of the most beautiful design contributions the MetaMask wallet has ever been blessed with (with some related design changes coming to more of the wallet soon!). The process of a site proposing a Snap to the user, the user securely reviewing the risks involved, and the extensible user interface system we’ve made available to Snaps for confirmations (which is only getting better) is the product of incredibly deep secure design conversations, user research, and plenty of sparks of inspiration. We’ve created a world class permission system here, and we’re continuing to drive it in more exciting directions.
Coming soon, some of my favorite APIs we have planned are new account types (hello 4337), Snap-defined assets (Snap assets don’t show up in the main token list… yet), and home screen widgets, which will leverage the extensible UI framework we’re building, which you can first experience in the custom confirmations that Snaps can show today.
We’ve got a page of Snaps that have been fully audited and are ready to play with today, and I recommend you try that out. Long term, I expect some of the most fun Snaps to be things that shatter our previous conceptions of what the system was good for. I’d like to make a nod to Archis for making a Snap demo that uses an LLM to instruct the wallet to perform a trade. With the AI boom, it really couldn’t be a better time to be cracking the wallet open for mad science.
A New Chapter: Discovering The Best Internet
Having a system for managing safe extensibility is really a new beginning. The APIs we launch with today could each enable a Snap that multiplies the usefulness of MetaMask, but maybe even more importantly is the fact that with this foundation, we can increasingly look at any part of the wallet that we think users deserve more control over, or that developers have more creativity to offer for, and we can open up an API method and let the creativity in to sweep the product in new directions. This isn’t just a feature release, this is the product taking a dramatically more externally collaborative posture. One of my greatest pains helping craft MetaMask over my nearly eight years here has been being constantly aware of the ocean of creativity that was just out of our backlog’s reach because of our regular obligation to the essentials of safety and compatibility. Snaps is a humble admission that we can’t do this all alone. The journey of discovering the best internet will take many creative contributions. On top of that, we couldn’t ship my ideas as fast as I had them, either! Snaps is covertly a selfish feature: You will now be able to extend the most popular wallet with less bureaucracy than a founder of the world’s most popular wallet could last week.
I think it’s important to acknowledge one major limitation of the current Snaps system. Today it cannot be fully permissionlessly extended. The Snaps that can be installed are ones that we approved because we confirmed they were audited, in addition to being confined in all the ways the installation prompt says. This was made both out of an abundance of caution, and because we have ideas for how to add additional safety for a permissionless version that will take longer to implement, but we wanted to get something out the door sooner (it’s already been so long).
Make no mistake, the long game is permissionless computing. One of the inciting events in my web3 journey was having a good app rejected by Apple for arbitrary reasons. Today it seems like computers are either safe walled gardens or totally insecure but permissionless, and I believe we’ve built foundations for carving a space that is neither of those things, and our sights are set on that space in between. Safe, user-custodial computing is on its way, and we invite you to help us define it.
If you’re a developer wanting to experiment with this platform, I have to recommend installing Flask, our developer-centric distribution of MetaMask. With it you can install any Snap (even one we haven’t audited), and start building your own.
Anyways, this is a great moment to celebrate, because we are multiplying the number of features MetaMask has today, but the funny part is that the most exciting stuff is doubtlessly the parts that have yet to be built on it. So I celebrate, I cherish, I am so deeply grateful for a brilliant driven team who made this enormous feat possible. I also look forward to filling out this next chapter together.
Keep reading our latest stories
Developers, security news, and more