On the bright side for this review, the actual cryptography in MetaMask is fairly limited: as a wallet, it must generate and store Ethereum public and private keys and it also needs to handle “simple” operations like ECDSA signing. When a web application needs to send a transaction to a smart contract (e.g., because you want to deposit money into Aave), MetaMask is responsible for signing the transaction and shipping the transaction to the chain. In its most popular instantiation, MetaMask ships as a browser extension for Chrome and Firefox. Of course, web apps can’t communicate directly to blockchains, nor are they a good place to store private keys. (Security here usually means HTTPS, so anyone who hacks a server or steals a Cloudflare API key can change these apps’ code in malicious ways.) Web3 front-ends are just web apps, and typically they’re served to your browser via standard web infrastructure. Generally this means it relies on a smart contract running in a network like Ethereum. What makes dapps special is the back-end portion, which is decentralized. It consists of many “decentralized apps” (dapps), each of which typically comprises a (typically Javascript) front-end web app, as well as some back-end business logic. Since many readers have probably never used DeFi, I figure I should give a quick background here on “web3” and MetaMask in particular.įrom a technical perspective, web3 is pretty straightforward. If you already know what MetaMask does, skip this part. If you’re hoping that this will actually lead to anything exciting, I suspect you’ll be very disappointed. If you enjoy reading crypto code for entertainment, this post might be for you. To make you feel “like you were there”, I’m going to discuss the review more or less in the order it occurred - including the embarrassing part where I went off the rails and reviewed the wrong code. In this post I’m going to justify these opinions by walking you through a casual skim of MetaMask’s code and and crypto dependencies. This made me uncomfortable, given how much money these routines are responsible for securing. My TL DR is that finding and reviewing the correct code was made difficult because there were far too many different organizations owning the dependencies that led to the crypto routines themselves. And some of it is a (non-trivial) gripe: this code is is much harder to audit than it should be.Īnd this last part isn’t just a personal gripe. Some of this stuff is basically unavoidable: file it under “browser crypto is scary.” Some is specific to the way the code is laid out. What I did come back with is an uncomfortable feeling about the complexity and quality of MetaMask’s (current) crypto code, and some unhappy feelings about its dependency structure. So let me be clear as possible right now: I did not find any exploitable vulnerabilities in MetaMask’s crypto! Although I had a couple of scary moments, those were entirely on me. I swear that this offhand Tweet was not meant to make anyone unhappy or scare people that their funds were at risk. I decided to look at MetaMask’s crypto, and oh wow I wish I could unlook.- Matthew Green January 12, 2022 (In fact I did about half the work on my phone while eating a burrito bowl at Chipotle.)Īfter an hour or two of hunting through dependencies, I made the mistake of tweeting about my feelings: In fact my “review” mostly involved poking around various Github repositories to see if I could find anything that immediately jumped out as incorrect, and failing that, at least could give me a feeling for the quality of MetaMask’s crypto code. I want to stress that this was an informal code review: I didn’t use any tooling, didn’t even download (most) code to my computer. While there are lots of different ways I could lose that money, taking a look at MetaMask’s crypto seemed like as good a place to start as any. My interest in MetaMask is mostly just based on curiosity: I recently invested about $100 into a decentralized finance application and I wanted to see how safe it really was. Otherwise you might want to read something more exciting: I suggest Moxie’s recent post on web3.įor reasons I can’t fully explain, the other day I decided that it might be fun to spend an hour or two investigating the cryptography used by MetaMask.įor those who aren’t familiar with the tool, MetaMask is a browser-based cryptocurrency wallet that is used used to access decentralized applications (dapps) on networks like Ethereum. If you’re the kind of person who likes a meandering and amateurish code review that goes absolutely nowhere, you’ll enjoy this post. It does not describe any vulnerabilities. NB: This post describes a very casual code review of a few cryptography functions used by MetaMask.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |