Audit requirements are changing. Here's what that means for your Snap. #2360
Montoya
announced in
Announcements
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
It's been almost 8 months since the launch of MetaMask Snaps. In that time, we have seen:
Since the launch, we have been looking at the various permissions available to developers and exploring ways to make the allowlisting process easier while still keeping MetaMask users safe. In the spirit of this approach, I am excited to announce an updated allowlist process for 3rd party Snaps. With this new process, any Snap that does not use key management permissions will not require a security audit. Furthermore, a subset of Snaps can now be installed by anyone without inclusion on our allowlist (more information on this below). We still encourage all Snap developers to consider getting 3rd party security audits as these audits demonstrate a commitment to secure coding practices and give users peace of mind.
We encourage all developers to review our guide to getting allowlisted and reach out to our builder engagement team if you have questions.
More on "open permissions"
The following is a list of permissions that do not require allowlisting:
endowment:cronjob
endowment:ethereum-provider
endowment:lifecycle-hooks
endowment:page-home
endowment:signature-insight
endowment:transaction-insight
snap_dialog
snap_getLocale
snap_manageState
snap_notify
If your Snap only uses permissions from this list, it can be installed in the MetaMask extension without inclusion on the allowlist. Any permissions not on this list are protected permissions and will require allowlisting.
Beta Was this translation helpful? Give feedback.
All reactions