Skip to content
This repository has been archived by the owner on Jan 25, 2022. It is now read-only.

Snap and Dapp Permissions

Jump to bottom
Erik Marks edited this page Nov 26, 2019 · 1 revision

The MetaMask Snaps version of the extension uses our EIP 2255 wallet permissions system to its full extent.

This means that, in order to use any sensitive method/API — i.e. a restricted method — an untrusted domain must request and be granted the permission for it first. Code belongs to an untrusted domain if it can communicate with MetaMask and is not in the MetaMask background or UI. This includes:

  • Snaps - i.e. a plugin running in a SES container in the MetaMask background
  • Dapps

Requesting Permissions

If your Snap needs any permissions by default on install, they must be specified in the Snap manifest under web3Wallet.initialPermissions.

It is the Snap developer's responsibility to populate this object and format it per the IRequestedPermissions interface.

The Snap can request further permissions dynamically after install using wallet_requestPermissions as specified in EIP 2255.

See the examples in the snaps-cli repository for further details.

A Note on Dapps

As a dapp, calling ethereum.send('eth_requestAccounts') (or its deprecated alias, ethereum.enable()) will only get you the eth_accounts permission. We encourage you to skip this method completely in your connection flow, and request eth_accounts plus whatever plugins/other methods you need.

Getting Permissions

To know whether you possess a certain permission, send a wallet_getPermissions request and search over the returned array of permissions objects. The permission name is indicated by the parentCapability field.

You can also attempt to call the corresponding method. If you don't have the permission, an EIP 1193 Unauthorized error will be returned, with error.code === 4001. You can catch that error, then try to request the necessary permissions.

  • Keep in mind that some permissions are contingent. For example, eth_accounts is required for any method that makes use of a user account.
  • All of MetaMask's RPC errors are standardized per JSON RPC 2.0 and EIP 1193, and we try to make them as useful as possible. See this library for more details.

If an untrusted domain needs to know if it's previously been granted a permission at all - even if it's been removed - it has to keep track of that information itself.

Adding Additional Restricted Methods to MetaMask

To add additional permissions you can request to your custom fork of MetaMask, you will need to add them to the restrictedMethods object in the permissions controller. These entries follow the format specified by rpc-cap.

Clone this wiki locally