Implement Snaps allowlist solution

MetaMask / snaps

Extend the functionality of MetaMask using Snaps

https://metamask.io/snaps/

Other

721 stars 554 forks source link

Implement Snaps allowlist solution #871

Closed FrederikBolding closed 1 year ago

FrederikBolding commented 1 year ago

Snaps release in the main extension in v1.0.0 will be based on an allow-list of third-party audited Snaps. A technical solution needs to be implemented that allows the extension to reference that list during install time.

Outcome

snaps-registry repository that will be polled by the extension
Data schema for the allow-list
TypeScript types for the schema
Extension using that registry for allowing snaps in Production

FrederikBolding commented 1 year ago

Reference: https://github.com/MetaMask/snaps-monorepo/pull/479

rekmarks commented 1 year ago

Could this be implement using the blocklist? Ref: #869

FrederikBolding commented 1 year ago

Could this be implement using the blocklist? Ref: #869

Yeah, we could refactor the blocklist logic to function as an allow list as well.

Montoya commented 1 year ago

The allowlist needs to be versioned just like the blocklist. We should not allow the snap to be updated by either modifying the NPM package with the same version number or updating to a new version number, without a manual review of that update from us.

ritave commented 1 year ago

Additionally, the versioning needs to verify both the checksum of the tarball and the npm version, because it might be possible to replace npm package version in some fun ways (npm unpublish --force).

FrederikBolding commented 1 year ago

We should make sure to have the implementation of this be easily swappable for another endpoint/implementation for future proofing.