MetaMask Snaps: Pioneering a New Decentralized Ecosystem and Strengthening Wallet Leadership

Author: Darren, Everest Ventures Group

1. What is MetaMask Snaps?

MetaMask Snaps is a new feature (plugin) of the MetaMask wallet designed to create a permissionless ecosystem where developers can extend MetaMask in any way they want. MetaMask Snaps is a great way to develop open-source wallet extensions and provide diverse and personalized solutions for end users with different needs. According to public information, MetaMask is currently the only wallet provider that supports custom plugins.

User process:

1. First, download MetaMask Flask from this website;

Note: The project is currently in the developer testing phase, and there will be risk warnings when downloading Flask ⬇:

2. After downloading Flask, you can start downloading the Snaps you want to use. Here we take AA Snap as an example (since it is still in the developer testing phase, this article will use screenshots from the developer's video):

1) Connect your MetaMask wallet on the AA Snap official website, and a request to connect will pop up in MetaMask; click connect.

2) Approve & Install

3) Then connect your contact wallet here.

4) Next, you can see your EOA wallet and account abstraction wallet. The account abstraction wallet is a contract wallet, so its address is fixed and automatically generated after connecting to MetaMask.

5) Now we can try to send 0.1 $MATIC to the contract wallet: copy the contract wallet address and send it directly as you would to other EOA wallet addresses.

After a while, you will see the $MATIC sent to the contract wallet has arrived.

6) Next, we will try to send 0.05 $MATIC from the contract wallet to the EOA wallet.

Then confirm the transaction "sign," and after a while, you will see the token sent successfully.

7) Finally, you can check on polygonscan whether the contract account has been deployed successfully (you can see it has been deployed successfully).

This is a simple user tutorial. From this tutorial, we can also understand that before using MetaMask Snaps, we still need to learn how to use MetaMask. Therefore, the emergence of MetaMask Snaps has not lowered the user entry threshold; rather, it provides a better experience and more features for existing users, helping to retain the current user base.

2. Progress and Projects of MetaMask Snaps

Currently, MetaMask Snaps is still in a relatively early development stage. Existing Snaps are continuously being developed and tested, while the MetaMask team encourages more developers to build Snaps on MetaMask through various means. Currently, two main approaches are being used:

1. MetaMask Grants DAO: This is an experimental employee-led program funded by ConsenSys, aimed at providing grants to external developers worldwide to create impactful experiences within the MetaMask ecosystem. In the Grants DAO, the community can propose and decide whether to grant funds to a Snaps project, as long as the proposal receives a certain proportion of supporting votes.
2. Hosting sponsored hackathon events: Additionally, MetaMask has sponsored several hackathon events to attract more developers to develop Snaps.

So far, many developers have shown strong interest in developing Snaps and are actively engaged in it. Additionally, a large number of Snaps projects are currently under development and testing. This article will analyze several Snaps projects that won in hackathon events or received a high proportion of supporting votes in the Grants DAO.

• MPC Snap: Integrating Multi-Party Computation into MetaMask

MPC Snap integrates MPC technology into MetaMask, allowing users to manage private keys using MPC technology. When using MPC Snap, users can set up two-factor authentication (2FA) to access their MetaMask wallet. Subsequently, whenever a user is ready to sign a transaction, the MPC SDK of MPC Snap will perform a threshold ECDSA signature. This is accomplished by splitting the private key into two parts: one part is stored in a shared snapshot locally, and the other part is stored in a shared signature server. After several rounds of communication, the signature server and Snap can jointly sign Ethereum transactions and receive confirmation on the Goerli network.

Moreover, unlike mnemonic phrases, this setup does not lead to irreversible key loss due to single points of failure. If a user's laptop is hacked or the signature server is compromised, the user will not lose their private keys.

• CoinChoice Snap: Recharge Gas with Any Currency

Some users planning to perform wallet operations may encounter situations where there is not enough Ethereum in their wallets to pay for gas, especially when it comes to claiming airdrop tokens or selling tokens. In the past, solving this issue required withdrawing from centralized exchanges or extracting funds from another wallet. However, when multiple wallets need to be operated and the blockchain network is congested, both methods can be quite troublesome.

CoinChoice Snap aims to solve this problem. It is a tool that exists within the user's MetaMask extension browser, providing the ability to manage gas according to user needs for each transaction. If users prefer to hold USDC instead of ETH, they can use USDC to pay for gas. This way, users can choose to use the currency they want to pay for the gas required for transactions.

• Invisible Keys Snap: Multi-Cloud Private Key Storage

Invisible Keys Snap, similar to MPC Snap, aims to improve the way users manage their private keys. The multi-cloud wallet of Invisible Keys stores users' private keys across two or more cloud storage services (such as Google Drive, Dropbox, etc.), ensuring that even if one service is compromised, the private keys are never exposed.

• Smart Account Session Snap: Automatic Approval for Game Dapps

In Web3, the user experience of financialized games (GameFi) is a common issue. Users often need to sign multiple times to continue playing during GameFi experiences. The goal of Smart Account Session Snap is to create a seamless user experience for game dapps and provide them with a secure automatic approval method.

Here is the user process:

1. Connect your EOA and install Smart Account Session Snap.
2. Enable smart accounts above the MetaMask address. The MetaMask EOA will become the controller of that smart account.
3. Enable the session module on your smart account. The module enables additional access control logic for your Smart Safe account. Essentially, each smart account is controlled in two ways: by the MetaMask account owner using their signing key and by optional modules with their own custom access logic.
4. Create a session.
5. This will create a temporary session key on your smart account, authorized to perform transactions on your wallet through the module. The session can have parameters such as start time, end time, and permissions for custom operations on Dapp contracts.
6. Use the above session key to send automatically approved transactions without a MetaMask pop-up for gas or signatures.

• Blackbelt Snap: Real-Time Self-Defense Against Scams

In Web3, security issues have always been a common yet serious problem. Attackers can exploit front-end vulnerabilities to inject malicious contracts into the user interface without the user's knowledge, causing users to interact with the contract and lose funds involved in the protocol interaction. The goal of Blackbelt Snap is to address this issue. Users can view real-time security assessments of data through Blackbelt Snap, and if they find a protocol with a low security rating during use, they can report it to Blackbelt Snap. Subsequently, other users will be able to see how many times the protocol has been reported before interacting with it.

Through Blackbelt Snap, users can better understand the security of protocols and collectively participate in protecting the community from malicious activities. This reporting mechanism can enhance user vigilance and reduce exposure to unsafe protocols.

Unipass Smart Contract Wallet MetaMask Snap: Email-Based Social Recovery Feature
This Snap aims to introduce a feature built by Unipass that incorporates smart contract wallet functionality with account abstraction into MetaMask. The project will first add social recovery features to eliminate the need for users to manage seed phrases. Seed phrase management has been one of the main issues and security risks when using external account wallets like MetaMask. Subsequently, the project will gradually add other features, such as gas extraction using ERC-20 tokens and batch transactions, significantly reducing operational difficulty and improving user experience.

The potential of social recovery systems is well-known; however, so far, MetaMask has not implemented social recovery features internally, while some other wallets in the market, such as Argent, have provided similar features for quite some time. Unipass is well-positioned to realize this vision, as they have launched widely used non-mnemonic and gasless wallets for gaming dapps in the market. In addition to leveraging the functionalities of smart contract wallets through account abstraction and multi-party computation (MPC), Unipass also utilizes the DKIM email protocol to securely verify and authorize guardians to conduct transactions through signatures generated by Domain Keys. This is a significant improvement over existing solutions like Argent, which requires guardians to hold their own crypto wallets, allowing any trusted party with a wallet to act as the user's guardian.

• Forta Snap: Decentralized Camera and Alarm System for Web3

Launched in October 2021, Forta is being used by some well-known DeFi projects such as Lido, Compound, Aave, MakerDAO, Balancer, dYdX, and UMA to monitor key aspects of their protocols. Forta is incubated by OpenZeppelin and supported by a16z, Blockchain Capital, Coinbase Ventures, and other companies. It is a real-time detection network for security and operational monitoring of blockchain activities. Forta detects threats and anomalies in real-time across DeFi, NFTs, governance, cross-chain bridges, and other Web3 systems. With timely and relevant alerts, protocols and investors can quickly respond to eliminate threats and prevent or minimize financial losses.

It is well-known that Web3 is rife with cases of users being phished and scammed. In the first half of 2022, scammers and hackers stole over $2 billion through phishing and other vulnerabilities. However, the security of Web3 is still in its infancy, and so far, most of the focus has been on protecting DeFi protocols through audits, formal verification, and bug bounties. However, security stacks like Forta have not been widely adopted by most users, while many common attacks, such as phishing, unlimited token approvals, and scams, primarily target unprotected everyday users. Therefore, the goal of Forta Snap is to build end-user protection security features within MetaMask, leveraging Forta's detection capabilities to help more users prevent scams and phishing attacks. Once the project succeeds, MetaMask users will enhance their wallet experience with on-chain scam and phishing prevention, thereby improving existing URL-based protection mechanisms.

• Safeheron Multi Party Compute (MPC) Key Sharding Snap: Account and Key Management

Safeheron is an open-source, transparent digital asset self-custody service platform founded in 2019 and headquartered in Singapore. Based on secure multi-party computation (MPC) and trusted execution environment (TEE) technologies, Safeheron provides a one-stop, comprehensive digital asset self-custody solution for institutional clients, allowing clients to have 100% control over their private keys and assets while enhancing asset security and management efficiency. This Snap is developed by Safeheron in collaboration with MetaMask to improve the key management experience of MetaMask, particularly focusing on helping users manage their secret recovery phrases (SRP) to reduce phishing attacks and lower the likelihood of losing these keys.

Due to the underlying multi-party computation (MPC) algorithm, private keys are never fully stored on a single device, significantly reducing the likelihood of attackers obtaining these private keys and stealing user funds. Additionally, if a user loses one of the three devices, they can use the remaining two devices to issue new key shards to a new device to maintain security. If the project succeeds, the MetaMask team will be able to validate MetaMask Snap as an innovative accelerator for a new key management experience, greatly reducing the risk of users being hacked/phished/loss of private keys related to single points of failure.

• StarkNet Snap: Integrating StarkWare into the Original ZK-Rollup Snap

So far, StarkNet has not been directly compatible with MetaMask due to the use of different address and account formats than Ethereum, meaning it is not EVM compatible. StarkNet Snap allows users to create a StarkNet account based on their original MetaMask secret recovery phrase (SRP) to manage assets on StarkNet. StarkNet Snap also allows developers to deploy StarkNet accounts, conduct transactions on StarkNet, and interact with StarkNet smart contracts. It can connect with any dapp to access StarkNet, and developers can attempt to integrate their dapps with this Snap.

Moreover, if the StarkNet Snap is accidentally deleted, there is no need to worry; deleting the Snap will not remove the user's StarkNet account or transaction history. The recovery of StarkNet Snap directly utilizes MetaMask's secret recovery phrase, and after restoring the MetaMask account and installing StarkNet Snap, the user's existing account will be automatically restored.

• Snap Directory: A Web Directory for Adding, Searching, Discovering, and Installing Snaps

It is foreseeable that in the future, there will be a large number of Snaps available for MetaMask, each with different functionalities, permissions, and security information. Users will need to spend a lot of time querying this information, which severely impacts user experience and hinders the rapid development of MetaMask Snaps to some extent.

The goal of Snap Directory is to create a website where users can quickly find Snaps, verify their information, and understand their security risks. All data on the website will be transparent and subject to external audits by the community, and developers can authenticate themselves and add their Snaps to the Snap directory.

3. Major Impacts

From the previous reading, we can understand that the impact of MetaMask Snaps is significant. It is foreseeable that if the development of MetaMask Snaps goes smoothly, the following impacts may occur:

• MetaMask Snaps will further consolidate MetaMask's leading position in the wallet space. MetaMask Snaps will greatly assist existing MetaMask users, providing them with a better web3 experience.
• MetaMask Snaps can be seen as a breakthrough in the web3 ecosystem. It transforms a simple Ethereum wallet into a complete web3 management tool, enabling us to customize and enhance the user's web3 experience, which is currently not achieved by other wallet projects.
• MetaMask Snaps has the potential to attract more web2 developers into the web3 space. It makes complex Web3 technologies easier for developers to understand and apply, significantly promoting the integration of traditional Web2 applications with Web3.

4. Potential Issues and Risks

1. Security Aspects:

From the previous observations, it can be noted that MetaMask Snaps shares similarities with Google Chrome extensions. In terms of security, Google Chrome scans every extension submitted to the Chrome Web Store, but this step is not rigorous enough, and some may slip through the cracks, leading to many information leakage incidents over the years.

In MetaMask Snap, the previously mentioned Snap Directory project can help users assess the security of Snaps to some extent; however, this is still far from enough. Unlike Google Chrome, wallets store a significant amount of user funds, thus requiring higher security standards. It is evident that security is a crucial point that must be guaranteed for MetaMask Snaps. This could be a potential risk in the development process of MetaMask Snaps. Therefore, the development of MetaMask Snaps needs more improvements and security guarantees for users to use it with confidence.

2. Entry Threshold:

Before learning how to use MetaMask Snaps, users must first learn how to use the MetaMask wallet, which is an EOA wallet that requires understanding how to use private keys, mnemonic phrases, etc. This is not user-friendly for those who have never been exposed to web3. The emergence of MetaMask Snaps has not lowered the entry threshold; rather, it serves and helps existing users who are already familiar with using MetaMask.

However, we can speculate that a new bull market will require a large influx of fresh blood into the web3 space, but currently, the entry threshold for web3 is still relatively high. Therefore, lowering the threshold is very important. Similarly, low-threshold web3 wallets may be more capable of attracting new users. We know that many low-threshold web3 wallets have emerged, some of which allow users to log in to wallets directly through Twitter, while others can use email or phone number logins, and some even require only facial recognition to log in. However, MetaMask Snaps does not provide an advantage for MetaMask in this regard. Therefore, if MetaMask wants to maintain its leading position in the new bull market, it may need to work more on lowering the entry threshold.