Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Intercept connections to wallet #110

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
99 changes: 99 additions & 0 deletions SIPS/sip-13.md
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is very interesting. What do you think of expanding the scope of onConnect to any connection requests? So a website asking for accounts, but also when installing Snaps, and so on.

Original file line number Diff line number Diff line change
@@ -0,0 +1,99 @@
---
sip: 13
title: Intercept connections to Wallet
status: Draft
discussions-to: https://github.com/MetaMask/SIPs/discussions/109
author: John Dickerson (@javaspeak)
created: 2023-10-05
---

## Abstract

This SIP proposes: a new way of intercepting a connection to the wallet so that the snap can make a call to an external API to check on the security of the domain the wallet is connecting to. The snap can then decide whether it wishes to warn or reassure the end user as to the trustworthiness of the connection they are are about to make. The end user can then decide whether they wish to continue with the connection or not.

## Motivation

In the crypto space a web domain may be malicious and drain the coins from the wallet of an unexpecting user. Adding a snap that is able to intercept a wallet connect; perform a check; and, inform the user if there are any security issues on the address, reduces the risk of wallet transactions on the web. UTU Trust (utu.io) builds trust in the crypto space and can provide this enhanced functionality to metamask in the form of this SIP and a snap which hits its API.

## Specification

> Formal specifications are written in Typescript. Usage of `CAIP-N` specifications, where `N` is a number, are references to [Chain Agnostic Improvement Proposals](https://github.com/ChainAgnostic/CAIPs).

### Language

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" written in uppercase in this document are to be interpreted as described in [RFC 2119](https://www.ietf.org/rfc/rfc2119.txt)

### Snap Manifest

No new permissions. Will require the existing connection permission to make the ajax call to an external API.

### Snap Implementation

The following is an example implementation / usage of the API:

```typescript
import { OnConnectHandler, showConnectWarning } from "@metamask/snap-types";

export const onConnect: OnConnectHandler = async ({
domain, address
} ) : {domain: string, address: string} => {
let checkConnectionDetails: { message: string, dangerType: string } = ajaxCallToRemoteAPI(domain);

if ( checkConnectionDetails.dangerType === 'danger' | checkConnectionDetails.dangerType === 'warn' ) {

// The end user will be shown the message and dangerType (danger | warming | none) and also be
// asked the question: 'Do you wish to proceed and connect your wallet to the {domain}?'
let connect: boolean = showConnectMessage(checkConnectionDetails.message, checkConnectionDetails.dangerType );

// If the user clicked the 'No' button connect will be false, else true.
return connect;
}

// connects without prompting user
return true;
};
```

Note that OnConnectHandler is a new Handler which is part of the same event mechanism used by
existing SNAP handlers like OnTransactionHandler, OnCronjobHandler, OnRpcRequestHandler.

See: [Snaps exports](https://docs.metamask.io/snaps/reference/exports/)

OnConnectHandler fires when the end user is attempting to connect the dApp to their wallet.

In the above usage example, The hook can return true or false. It returns true if the connection
should be allowed to go ahead and false if the wallet should not connect to the dApp.

There is a new function which needs to be added to the SNAP API called:

showConnectMessage(message: string, dangerType: string): boolean

This function takes in a message and dangerType. The message could be something like:

"Domain gooooogle.com is a phishing website. Be Careful"

dangerType can have the following values: danger | warning | none

"danger" means the domain is a dangerous one and one should be very vigilant.
"warning" means the domain has had some issues so one should be careful.
"none" means the domain has no reported issues.

Note that the implementation of showConnectMessage(..) MUST show the message and dangerType and also have a dialog with the additional text:

"Do you wish to proceed and connect your wallet to the {domain}?'"

This dialog has 2 buttons to respond with:

Yes - means the user wishes to connect to their wallet
No - means the user does not wish to connect to their wallet

The showConnectMessage() returns true to connect and false to not connect.

Note that the ajaxCallToRemoteAPI(domain) function above is not part of the API and is an example
of integrating this functionality with the UTU Trust network.

## Copyright

Copyright and related rights waived via [CC0](../LICENSE).