Content
@
https://opensea.io/collection/dev-21
0 reply
0 recast
2 reactions
phil
@phil
Is anyone here working on https://nocturne.xyz/? It seems really interesting, but I am extremely skeptical about adding new functionality to Metamask given the security implications.
2 replies
0 recast
9 reactions
phil
@phil
@danfinlay I would love to get your take here. Iβm really excited about Snaps and the innovation they bring to the ecosystem, but my risk tolerance for wallets is very low. How do you balance these tradeoffs?
1 reply
0 recast
4 reactions
Dan Finlay π¦
@danfinlay
The snaps system was designed to help the user explore web3 following the "principle of least authority": How can you minimize the risk you take when trying new inherently risky things?... 1/n...
1 reply
1 recast
6 reactions
Dan Finlay π¦
@danfinlay
When installing the nocturne snap, it is run within two layers of confinement (an iframe, and the HardenedJS Compartment), and also currently all snaps have undergone security audits by firms trusted by the MetaMask team. But that's not all we've done... 2/3..
1 reply
0 recast
3 reactions
Dan Finlay π¦
@danfinlay
We've also built a permissions system for snaps at install time, which allows you to see at a very granular level what a snap will be permitted to do. A nice thing about the Nocturne snap I notice here is that none of these things are really much more dangerous than browsing a dapp! 3/n
1 reply
0 recast
2 reactions
Dan Finlay π¦
@danfinlay
Currently the most sensitive permission a snap can request is access to some key derivation path, so it can restore accounts that another non-snap wallet would also restore. This is a dangerous one, and we'll probably never even allow a snap to request it that hasn't been audited & built by a well known team. 4/n
1 reply
0 recast
0 reaction
