Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Metamask is a popular crypto wallet in the web browser. Even if you're not using it to store your funds, it's likely interacting with your hardware wallet. Obviously, having a safe crypto wallet is a must.

Metamask supports snaps, which are modules built to extend the functionality of Metamask. This is ran in a sandboxed environment with very serious permission boundaries. Metamask warns users of each permission that the snap wants, putting the burden of security onto the user in this case.

The sandbox is composed of three parts: iframe, LavaMoat and SES sandbox. Browser iFrames are a well known way to isolate the risk of code. In this case, Metamask has written an API that allows the iFrame to communicate with Metamask to perform various actions.

Lavamoat is a policy mechanism that limits the permissions heavily that a given snap can run. To prevent supply chain attacks there are limitations on which packages can interact with the Metamask post message API.

The final layer of protection is Secure EcmaScript (SES) sandbox. The first part of this locks the JavaScript builtins to prevent prototype pollution bugs and removes sensitive info from some functions and objects. The SES has compartments to force the globalThis variable to only be available for secure functions.

With all of these protections in mind, they set out to try to break the security model. When processing an incoming call from the sandbox, much validation is done on this. However, we can do some schengians with JSON objects to cause problems! Using the Metamask iFrame API, we can overwrite a call to toJSON() with our malicious content. Since this function is used later in the process, we pull the ol' switcheroo on the running code!

The impact of this is quite severe. The promised validation and permissions model has been broken. A prompt to sign a malicious transaction can be done from the snap, even if the permissions say that it can't. If you're reading this and are confused then go read the proof of concept in the post. This was helpful for seeing what's going on.

Overall, a good breakdown of the Metamask snap security model. Even with this, arbitrary transactions cannot be ran, since it requires users to sign off on it.