Crypto Security Report: May 2022

Endo's import.meta and __dirname implementations for MetaMask's module compatibility, a distributed key generation prototype snap using multi-party computation for MetaMask Flask, and the launch of MetaMask's HackerOne bug bounty program.

4 minutes
Crypto Security Report: May 2022

Each month, MetaMask Security Director Luker reports on the latest crypto attacks and emerging risks that you need to know about.

The May 2022 installment covered launch of MetaMask's HackerOne bug bounty program, Endo's implementation of import.meta and __dirname to advance MetaMask dependency compatibility, and a distributed key generation prototype snap demonstrating multi-party computation signing in MetaMask Flask. Dive into the details below, but first...

Adi Shamir is an Israeli cryptographer who co-invented the RSA algorithm in 1977 alongside Ron Rivest and Leonard Adleman—the first practical public-key cryptosystem, earning the trio the Turing Award in 2002. In 1979, he published "How to Share a Secret," introducing Shamir's Secret Sharing: a scheme that splits a secret into shares where only a threshold number is needed to reconstruct the original. That property is foundational to the distributed key generation work covered in this report.

MetaMask launches HackerOne bug bounty program

MetaMask launched its bug bounty program on HackerOne in June 2022, opening a formal channel for security researchers to report vulnerabilities in MetaMask products.

Endo implements import.meta and __dirname, advancing MetaMask dependency compatibility

With April 2022's progress on Endo's CommonJS support, end-to-end test results showed that the biggest remaining blockers for running popular modules were import.meta.url and __dirname support.

A meeting between Agoric, MetaMask, and Moddable on May 3, 2022 resulted in an agreement on when in the module import process import.meta should be processed. The importMetaHook concept was introduced to the Compartment specification. The hook is only called if static analysis indicates the module accesses import.meta—because Node.js attaches a resolve function there and its creation is expensive, it is best to invoke the hook only when its results may be used.

The implementation of import.meta is complete (spec issue, implementation PR). What remains is implementing the passing of import.meta.url into modules in Endo by default. The implementation of __dirname is also complete (PR), following multiple iterations to ensure correctness and Windows path support.

Additionally, support was added for nested package.json files that change the default module type assumption for .js files, so that the compartment-mapper handles packages with complicated structures intended to support both CommonJS and ES module specifications (source).

The __esModule behavior support is on hold. Two implementation attempts both resulted in worse scores in end-to-end tests. A third approach—placing the support logic in ThirdPartyModuleInstance inside SES—is considered controversial. The feature is tracked in issue #927.

Distributed key generation prototype snap demonstrates MPC signing in MetaMask Flask

Progress has been made on multi-party computation (MPC) capabilities.  Our team took earlier proof-of-concept WebAssembly (WASM) bindings and created a prototype snap, usable in MetaMask Flask, which demonstrates distributed key generation (DKG) and message signing. The snap supports exporting and importing key shares in addition to key generation and saving proofs for message signing.

Under the hood, the package leverages an implementation of GG2020 (Gennaro and Goldfeder 2020, paper), a protocol that supports a non-interactive online phase allowing players to asynchronously participate without needing to be online simultaneously, and allows efficient detection of aborting parties.

Next steps include adding encryption support for snap_manageState to eliminate manual encryption of key shares in the snap code, followed by adding support for signing transactions. The prototype is tracked in the tss-snap repository (originally published as ecdsa-wasm).


MetaMask’s May 2022 Crypto Security Report covered Endo's implementation of import.meta and __dirname for MetaMask's module compatibility chain, and the distributed key generation prototype snap demonstrating multi-party computation signing in MetaMask Flask. Browse previous editions of the MetaMask crypto security report for more threats, trends, and tips for staying safe across the ecosystem.

  • Luker
    Luker

      Jen Luker, known by most as just Luker, is the Director of Product Security at Consensys, where she leads the frontline defenders who protect millions of users from vulnerabilities, emerging threats, and malicious actors across decentralized tech. An active participant in the Ethereum ecosystem since 2017, she has held key roles including Editor at ETHNews and Project Manager at MyCrypto. Luker is a regular speaker at industry conferences, the author of MetaMask's monthly Crypto Security Report, and an official ETH Security Badge holder as designated by The DAO. She's also a passionate advocate for continuous education and security awareness as essential pillars for the future of Ethereum and blockchain technology.

      Read all articles