Each month, MetaMask Security Director Luker reports on the latest crypto attacks and emerging risks that you need to know about.
The May 2022 installment covered launch of MetaMask's HackerOne bug bounty program, Endo's implementation of import.meta and __dirname to advance MetaMask dependency compatibility, and a distributed key generation prototype snap demonstrating multi-party computation signing in MetaMask Flask. Dive into the details below, but first...
Featured STEM pioneer: Adi Shamir, co-inventor of RSA and creator of secret sharing
Adi Shamir is an Israeli cryptographer who co-invented the RSA algorithm in 1977 alongside Ron Rivest and Leonard Adleman—the first practical public-key cryptosystem, earning the trio the Turing Award in 2002. In 1979, he published "How to Share a Secret," introducing Shamir's Secret Sharing: a scheme that splits a secret into shares where only a threshold number is needed to reconstruct the original. That property is foundational to the distributed key generation work covered in this report.
MetaMask launches HackerOne bug bounty program
MetaMask launched its bug bounty program on HackerOne in June 2022, opening a formal channel for security researchers to report vulnerabilities in MetaMask products.
Endo implements import.meta and __dirname, advancing MetaMask dependency compatibility
With April 2022's progress on Endo's CommonJS support, end-to-end test results showed that the biggest remaining blockers for running popular modules were import.meta.url and __dirname support.
A meeting between Agoric, MetaMask, and Moddable on May 3, 2022 resulted in an agreement on when in the module import process import.meta should be processed. The importMetaHook concept was introduced to the Compartment specification. The hook is only called if static analysis indicates the module accesses import.meta—because Node.js attaches a resolve function there and its creation is expensive, it is best to invoke the hook only when its results may be used.
The implementation of import.meta is complete (spec issue, implementation PR). What remains is implementing the passing of import.meta.url into modules in Endo by default. The implementation of __dirname is also complete (PR), following multiple iterations to ensure correctness and Windows path support.
Additionally, support was added for nested package.json files that change the default module type assumption for .js files, so that the compartment-mapper handles packages with complicated structures intended to support both CommonJS and ES module specifications (source).
The __esModule behavior support is on hold. Two implementation attempts both resulted in worse scores in end-to-end tests. A third approach—placing the support logic in ThirdPartyModuleInstance inside SES—is considered controversial. The feature is tracked in issue #927.
Distributed key generation prototype snap demonstrates MPC signing in MetaMask Flask
Progress has been made on multi-party computation (MPC) capabilities. Our team took earlier proof-of-concept WebAssembly (WASM) bindings and created a prototype snap, usable in MetaMask Flask, which demonstrates distributed key generation (DKG) and message signing. The snap supports exporting and importing key shares in addition to key generation and saving proofs for message signing.
Under the hood, the package leverages an implementation of GG2020 (Gennaro and Goldfeder 2020, paper), a protocol that supports a non-interactive online phase allowing players to asynchronously participate without needing to be online simultaneously, and allows efficient detection of aborting parties.
Next steps include adding encryption support for snap_manageState to eliminate manual encryption of key shares in the snap code, followed by adding support for signing transactions. The prototype is tracked in the tss-snap repository (originally published as ecdsa-wasm).
MetaMask’s May 2022 Crypto Security Report covered Endo's implementation of import.meta and __dirname for MetaMask's module compatibility chain, and the distributed key generation prototype snap demonstrating multi-party computation signing in MetaMask Flask. Browse previous editions of the MetaMask crypto security report for more threats, trends, and tips for staying safe across the ecosystem.