Bankless - Why MetaMask Snaps is a Big Deal with Co-Founder, Dan FinIay
Episode Date: September 15, 2023MetaMask just released MetaMask Snaps at Permissionless II. Why is this such a big deal? Is this crypto’s “Chrome extension” moment? Is this how we onboard crypto’s next billion users? We welc...ome creator and Co-Founder of MetaMask, Dan Finlay on the show to help us explore all of these questions and much more. ------ 🎁 Check your wallet with our brand new tool: Claimables https://bankless.cc/GetClaimables ------ 📣 AAVE V3 is Here! http://app.aave.com/ ------ BANKLESS SPONSOR TOOLS: 🐙KRAKEN | MOST-TRUSTED CRYPTO EXCHANGE https://k.xyz/bankless-pod-q2 🦊METAMASK PORTFOLIO | MANAGE YOUR WEB3 EVERYTHING https://bankless.cc/MetaMask ⚖️ ARBITRUM | SCALING ETHEREUM https://bankless.cc/Arbitrum 🛞MANTLE | MODULAR LAYER 2 NETWORK https://bankless.cc/Mantle 🦄UNISWAP | ON-CHAIN MARKETPLACE https://bankless.cc/uniswap 🗣️TOKU | CRYPTO EMPLOYMENT SOLUTION https://bankless.cc/Toku ----- TIMESTAMPS 0:00 Intro 5:05 MetaMask Snaps Explained 7:55 Extensions 10:50 MetaMask Snap Demo 22:40 Sci-Fi Snaps 26:23 Mobile 27:10 Chrome Extensions 28:45 Permissionless Snaps? 32:34 Snaps Multi-Year Journey 38:28 Are Snaps Secure? 42:55 What Info Should Snaps Have? 46:30 Smart Contract Wallets 48:25 Account Abstraction Wallet 50:24 Safe UX 52:50 What Devs Need to Know 54:50 Closing & Disclaimers ----- RESOURCES Dan FinIay https://twitter.com/danfinlay MetaMask Snaps https://metamask.io/snaps/ ----- Not financial or tax advice. See our investment disclosures here: https://www.bankless.com/disclosures
Transcript
Discussion (0)
Hey, Bankless Nation, here I am from Permissionless 2 on why Snaps is a big deal.
Metamask Snaps just launched at Permissionless.
And I think you should know a little bit about it.
This is a solo podcast.
It's just me.
David is off partying at some events, I think, right now.
I'm about to join him.
But before we do, I want to give you this episode on Metamask snaps.
This is like a browser extension only for your Metamask crypto wallet.
and I think it unlocks a lot of potential.
We're going to talk about why it's a big deal, what you can do on it today, how you can
glow up your MetaMask wallet.
And we have Dan Finley, who is the co-founder of MetaMask.
He's been in the space forever as the original Ethereum OG wallet.
And to see how Metamask has developed is pretty exciting.
You can see the passion for which he has as we go through this episode.
So, guys, we're going to get right to the episode.
but first we disclose. Metamask is a sponsor of bankless, but of course, that's not why we did the
episode. We did this episode because this is an awesome product that you need to hear about.
We are long-term investors, not journalists. We don't do paid content. There's a link to all
bankless disclosures in the show notes at all times. All right, guys, let's get right to the episode with Dan.
But before we do, we want to thank the sponsors that made it possible, including Cracken,
our number one recommended exchange for 2023. Go check them out.
Cracken Pro has easily become the best crypto trading platform in the industry.
I use to check the charts and the crypto prices, even when I'm not looking to place a trade.
On Cracken Pro, you'll have access to advanced charting tools, real-time market data, and lightning-fast
trade execution, all inside their spiffy new modular interface. Cracken's new customizable modular
layout lets you tailor your trading experience to suit your needs. Pick and choose your favorite
modules and place them anywhere you want in your screen. With Crack and Pro, you have that power.
Whether you are a seasoned pro or just starting out, join thousands of traders who trust Cracken Pro
for their crypto trading needs.
dot crackin.com to get started today.
Mantle, formerly known as BitDAO,
is the first Dow-led web3 ecosystem,
all built on top of Mantle's first core product,
the Mantle network, a brand new,
high-performance Ethereum Layer 2,
built using the OP stack,
but uses EigenLayer's data availability solution
instead of the expensive Ethereum Layer 1.
Not only does this reduce Mantle network's gas fees
by 80%, but it also reduces gas fee volatility,
providing a more stable foundation for Mantle's applications.
The Mantle Treasury is one of the biggest
Dow-owned treasuries, which is seeding an ecosystem of projects from all around the Web3 space
for Mantle. Mantle already has sub-communities from around Web3 onboarded, like Game 7 for Web3
Gaming and Buy Bit for TVL and liquidity and on-ramps. So if you want to build on the Mantle network,
Mantle is offering a grants program that provides milestone-based funding to promising projects
that help expand, secure, and decentralize Mantle. If you want to get started working with the
first Dow-led layer-2 ecosystem, check out Mantle at mantle.xy-Z and follow them on Twitter at 0.0.0.0.
Rbitrum is accelerating the Web3 landscape with a suite of secure Ethereum scaling solutions.
Hundreds of projects have already deployed on Arbitrum 1 with flourishing defy and
NFT ecosystems. Arbitrum Nova is quickly becoming a Web3 gaming hub and social apps like Reddit are
also calling Arbitrum home. And now Arbitrum orbit orbit allows you to use Arbitum's secure
scaling technology to build your own layer 3, giving you access to interoperable, customizable
permissions with dedicated throughput. Whether you are a developer, enterprise, or a user,
Arbitrum orbit lets you take your project to new heights.
All of these technologies leverage the security and decentralization of Ethereum
and provide a builder experience that's intuitive, familiar, and fully EVM compatible.
Faster transaction speeds and significantly lower gas fees.
So visit Arbitrum.io where you can join the community,
dive into the developer docs, bridge your assets, and start building your first app with Arbitrum.
Experience Web3 development the way it was always meant to be.
Secure, fast, cheap, and friction-free.
Bagless Nation, I am super excited to introduce you to Dan Finley.
He's the crater of Metamask and he's got something special for us today.
Dan, how are you doing, man?
Oh, I'm euphoric.
I'm walking on a cloud and then, of course, I'm excited to get back to work and do even more tomorrow.
You know what?
You look like you are literally in paradise right now because the scenery behind you is absolutely phenomenal.
So I am, for listeners who can't see the visuals today, I've got this black background, looks very somber.
I found this little cloister at the permissionless conference to record this, whereas Dan
somehow has a microphone outside and he's got like beautiful trees and shrubbery and, you know,
green foliage behind him. How are you managing that? Yeah. Well, I just plugged it into the tree
and I knew that I was coming on bankless and you guys, you guys are always the best about kind of
flexing your green, you know, like other other Cripsom podcast, they flex their green and then you
flex your pain. And so I thought I'd come on and flex mine.
Especially my podcast co-host, he will be very proud of this shrubbery behind you.
And I'm sure you can name every single plant. But we're not here to talk about plants.
We're here to talk about metamask snaps. Okay, what are metamask snaps, Dan?
Why are they important? Why are they exciting?
Well, they're kind of like plants in your wallet. So you know how I'm sorry. I did not prepare
this metaphor but let's let's ride it a little.
No, let's go with it.
Yes.
So you know how your wallet right now.
It's kind of just like a set of features you get from the store and you like hope the team
made what you want.
It's like getting a box of processed food at the grocery store.
And when it does bad and you have a lot of microplastics in your blood or whatever,
there's a lot of fishing, whatever, you're like, well, why won't, you know, why don't the
devs fix this?
And, you know, what you might like to do is, you know, know, know your ingredients.
and kind of curate yourself a little bit more of a home-cooked meal,
maybe have a friend over and have them help you cook something nice out of your fridge.
And snafs are kind of like that.
We're taking the wallet experience,
and we're kind of making it a collaborative development platform.
And so there's a lot of parts of the wallet that we've wanted to improve in the past
that are really hard to do in a centralized manner,
just as a single dev team.
There's just like, there are, for example, countless protocols.
Like every time somebody writes a new contract, it's arguably a new protocol.
And so representing it faithfully to the user is like actually a hard problem.
And then there's how to keep a person safe or how to interact with new run times and stuff like that.
And I think what we started realizing is the best people to build an interface to a new protocol are the creators of that protocol.
And so we created the system that basically lets external developers build kind of plugins for,
for Metamask and add support for their various gifts
and ship them right to our users.
So today, for a lot of our existing users,
that looks like you can install some transaction safety providers.
And now when you're confirming a transaction,
you can have additional third parties helping you stay safe.
And you're all opting into these, right?
Like some of them may phone home and you get to decide
whether they get to or not.
Some of them are doing simulation.
Some of them are using AI analysis.
Some of them are using on-chain registries and court systems like Clarus.
And basically, I think any metamask user should install a handful of those today from the groups that if they recognize any and trust any.
And then there's a whole bunch of new blockchain protocols that we were able to support now.
So there's like supporting like 21 new blockchains or something just, you know, as of yesterday.
And it's only going to be more as we make it easier to publish to the platform.
This is a big deal and a very exciting launch.
I know this has been a long time in coming,
which I think we should discuss, Dan,
how long you've been working on this
and all of the effort that's gone into it.
But before we do, I want to give folks another mental model.
So we have the plants mental model, of course.
And we also have the mental model, I think,
that a lot of listeners will be familiar with,
which is you have a browser, okay?
And then you might use extensions on top of that browser
to extend what the browser does.
Those extensions are kind of like permissionless.
Like any third party can basically develop it.
Indeed, Metamask is one of those extensions inside of a browser right now.
And this is essentially bringing extensions, the ability of third parties to launch extensions
into Metamask.
And that's what a Snap is.
So you as a Metamask user today with your wallet, you have the ability to like glow up your
wallet.
You can like go to the Metamask snaps directory and you can browse through.
I think there's like, you guys are launching with over 30 snaps, I believe, and we'll get into
some of the ones that maybe you're most excited about. And you can glow up your wallet with these
kind of more custom, more niche type experiences, maybe some power tools. Snaps can basically
be anything. Is that a decent mental model? Like, you know, browsers have extensions. Well,
MetaMask has snaps. Yeah. Yeah, that's basically spot on. There's like two caveats that I'll disclose to kind of like
bring us to ground.
Like, so, so the platform today as launched is 34 partner snaps.
So it's not full on permissionless open yet.
And we're actually working on what the designs for the final, you know,
crack it open permissionless protocol is, you know, and, you know, probably a mixture of
Dow and Web of Trust, something like that.
We'll be, you know, reaching out and probably expanding the conversation wider soon.
And, and also they can't do.
anything. What they really are
is so they're a place we can do stuff
and then we kind of get to open
kind of APIs to
extend different parts of the wallet. So today
there's really three major ways that we're letting
snaps expand the wallet.
One is that transaction security thing
I described. Another is basically
adding
integrations. So
the ability to sign and show
confirmations to the user and
add additional APIs to the
user's wallet. So now when you're logging
into a site, the site can interact with one of your snaps.
It's not just the API that Metamask shipped with.
And then the last one is notifications.
And we've got a snap from the push protocol.
So any DAP now that wants to be able to get a hold of you can ask for permission to,
and they can ask you to add the push snap to participate in that.
Well, very cool.
And that's why Henson, in your intro, I think you said, you forked today,
but you're back in the office tomorrow, continuing the work to,
to build this out.
But let's get right to the goods right now because I know there are a lot of
MetaMask listeners, a lot of MetaMask users that listen to Bankless, I should say.
And so right now, what can listeners do?
Of course, this isn't all the snaps that will ever be.
This is in beta version, but there's already like over 30 different snaps that people can
use and download.
So I am showing on my screen now at snaps.metamask.io all of the different
snaps that one can activate.
So tell me how this works, okay?
I'm seeing a directory here.
I'm seeing a button with categories, like interoperability,
notification, transactions, insight.
I have the ability to search.
There's all of these various snaps.
As a user, where do I start?
What do you recommend, Dan?
Yeah.
So the system is designed so you can get these contextually.
So, you know, MetaMask was always kind of built to enable DAPs.
So that doesn't really change here.
If a DAP out there wants to interact with Bitcoin or now, what, Aptos or Algarand or whatever, you know, there's many new protocols were added here.
They can now ask you to install this app.
They can say, hey, do you want to participate in that protocol?
If so, add that's your wallet.
And there you go.
Now you're good to interact with both all of your Ethereum accounts and assets and all the accounts and assets you might have on this new protocol.
But in terms of this directory, that's kind of why I mentioned the Transaction Insight stuff.
I think that's the one that's really great for using this page for.
Because if you go to that filter and you uncheck the compatibility and the notifications,
you just look at the transaction security ones, those are all ones that you could just
install right off here today and each one might just keep you safe from fishing later.
You know, next time Vitalik's Twitter gets hacked, the first one of these organizations to flag
it could be the one that keeps you safe.
Right. So I kind of think of security.
You know, there's a lot of ways of modeling security, but the one way you could take this one as is it's like the spider web model.
You've got a lot of strands and any one of them getting agitated could rattle you and lock you up, keeping you safe for making a bad decision.
So we're really, you know, treating this as a community effort, you know, and we're eager to see, you know, how these different strategies and, you know, new companies are able to thrive in this kind of environment.
Okay, so I've got this setup.
I'm looking in the directory just for the transaction types of snaps.
I see this one called tenderly preview, for instance.
I'm just picking one out of this list here.
There's tons here.
There's Safe Route.
There's Web 3 Securities, Wallet Guard.
And so if I click this, then I go to the tenderly transaction preview.
I can click a button that says add to Metamask.
Tell me what this one specifically does, this tenderly transaction preview, adding to Metamask.
I'm seeing the description here.
It says preview transactions before sending them on chain.
So this is some much-needed functionality.
I've used a separate extension in the past called Fire to do some of this,
where I got a metamask kind of transaction and Fire looks at it and it and is like,
oh, this is what it really means?
Is this tenderly snap doing something similar to that?
It's basically like before I sign a transaction, it's showing me some information about it.
Maybe it's putting some protection on top of my wall.
So if it's a known fishing type of a...
Am I...
Yeah, what is...
Yeah, you're exactly in the right wheelhouse.
Tenderly and Fire are both performing transaction simulation.
So they're looking at the transaction you're considering, and they're helping, they're trying
to estimate what the results of it are going to be.
Now, I like to stress, this strategy is not perfect.
And that's part of why, you know, we've kind of spent more time making sure we could accept
many strategies than putting it all in on this.
but it's really powerful because, you know, many interactions, it can catch.
And it'll say, hey, look, this is going to make you lose all these tokens.
And you may not have meant to do that.
And that might be obviously, you know, dangerous to you.
The catch is if these become extremely popular, there are ways, you know,
that fissures can make little trapdoor contracts that look like they're not going to do anything.
So it's not perfect.
This is a cat and mouse game.
The fissures are going to adapt.
But it's better than what we have, isn't it?
Yeah, exactly. Yeah, and especially when you got a stack of these, right? This is in security,
sometimes we'd call this the Swiss cheese model, right? If you can, each one of these may have
holes in it, but when you start stacking them up, the probability of one thing, fitting
through all the holes, get smaller and smaller. And so, so hopefully, you know, and we're going to
be watching the analytics closely, you know, keeping people safer as one of our kind of key goals right now.
And so I'm really, really eager to see how much any one of these can people can keep people safe.
And it'll be incredible if we start getting data on what strategies are actually the most effective.
And yeah, I think this is going to be a really valuable tool in combating fishing and also inviting new strategies to the table.
I don't think that every possible strategy here is accounting for at all.
You know, my co-founder Kumavis and I yesterday were talking about the need to have like a web of trust component that's user-rooted.
You know, there's no certificate chain solutions here as far as I understand.
There's multiple simulation, multiple AI.
And Claros is the most Taoish one.
So that's a fun one for sure.
So, yeah, looking forward to seeing how these all work, you know, in tandem.
I think the cool thing about this model is, and it sort of reminds me about Ethereum's, like of Ethereum's Layer 2 strategy, is rather than Ethereum having to develop everything on the execution layer, now we've got, you know, dozens.
of layer 2s and soon hundreds of different app chains that are doing their own development
and pushing the ecosystem forward.
So rather than just one group of really smart EF researchers, you get the entire, you open
this up to the entire internet.
What does that quote?
The smartest people don't work at your company.
It's like there's so many smart people all around the world.
And now they all get to help us extend this particular wallet and make users safer and
improve the user experience for them. I think this is why this is so important is because this is a
key step to doing the thing we're always trying to do, which is get crypto to a billion people,
right? This is this is a building block towards that in kind of the wallet experience realm.
I want to go to another category here. So this is interoperability. Okay. So tell me about that.
And you were mentioning some other chains as well. So has metamask on multi-chain?
Yeah, I think with this release, you can basically say we're multi-chain.
These snaps aren't enhancing the wallet in all the ways that Ethereum is able to.
So right now, you're not going to see these show up in the main asset list, for example.
So each one of these protocols has its own kind of like management data.
So that's kind of like we bit that as some scope we kind of narrowed out.
But we are working on this cool extensible UI model.
You know, it's really critical to us that when we make our UI extensible,
that it's done really safely, obviously.
Security is like first thought in everything we do.
But it does mean that you install one of these.
You'll be able to go to a DAP that wants to interact with that protocol,
and it'll be able to propose transactions to you,
and you'll be able to confirm them or deny them
with as much comprehensibility as that snap is able to give to you.
So I should also get more specific here maybe,
because I said this is taking MetaMask multi-chain,
but, you know, I guess there's different definitions of multi-chain,
because Metamask has already been multi-chain
from the perspective of other EVMs that it supports, right?
Of course, it's not just Ethereum Mainet anymore.
It's for a long time.
We've had Polygon, Layer 2 support.
There's all sorts of different networks.
But here, I see a snap A for Aptos,
so that's the first one listed for the Aptos wallet.
And so if I click that and I click Add to Metamask,
What type of snap am I going to get out of this?
How does this glow up my Metamask?
Can I now use Metamask on Aptos?
Is that literally what this means?
Yeah, yeah.
The sites on Aptos are going to need to have integrations,
and I'm not sure how that's going so far,
but this is developed by the RISE wallet team,
which is a big Aptos wallet team.
And so my understanding is that they're working with the DAPs
that they're compatible with to make sure that this works
with all the all the DAPs that there while it works with.
That is very cool.
So we've got Suey, we've got Tezos, we've got what else am I missing here in terms of other Starknet?
A shapeshift over there has like actually like five different blockchains rolled into it.
It's kind of like all the Bitcoin based chains.
So it's got your Dogecoin and, uh, wait, the Bitcoiners can use Metamask now.
Yeah, it's very exciting.
I mean, they don't have smart contracts, but they can't.
can use MetaMask.
You know,
ADAP could propose a transaction to them.
And, you know, I mean,
I mean, heck, you know,
every once in a while I hear people argue
that you can write good smart contracts in Bitcoin
and maybe they just needed
a metamask-like experience to do it.
Who knows?
There you go.
You're welcome, Bitcoiners.
We love you.
Okay, so how about this one?
Notifications.
That's another category here of snaps.
We see push wallet or push.
Yep.
Yeah, push protocol is a pure-to-peer push notification system.
and, you know, it's consent-based.
So it basically just adds an API to your metamask.
So now DAPS can ask for permission to get your attention later on.
And so if they do, then they can ping you in your metamask later via the push protocol.
And yeah, so it can get you some notifications.
One of the examples I saw of that so far is one of the transaction insight snaps from Wallet Guard.
Actually, it'll let you know if any contracts that you've issued allowances to are now known as,
as vulnerable.
And so they'll, like, encourage you to issue revocations.
So that's one example of a push notification keeping you safer.
And, you know, obviously you could use it for, like, renewal notifications or bid offers or
the other one there is a chat system using it.
So, yeah, it's, you know, each one of these, the fun part is, of course, we like design it
with a kind of set of use cases in mind.
And then people kind of abuse it and do fun and interesting things.
And long term, I suspect that's where some of the best stuff will happen, right?
But yeah, even the stuff we've got here is pretty cool.
Dan, was this like a sneaky way to like, you know, 10x or 100x your dev team?
Because I feel like now you can, like, do a lot more development of features that people have always been asking for and you've always wanted and just haven't had the time to prioritize.
Yeah, yeah, this is 100%.
Like you said it earlier, you said like, hey, this is kind of like the Ethereum model.
And it's like, it's like, yeah, in fact, I almost felt like because Ethereum is so open-ended,
there almost wasn't another way.
Like, yeah, we can keep making like stable coin super easy onboarding wallets or something.
And that's like a niche.
And that's interesting.
But if you want to explore the versatility of this blockchain, it's the open-endedness is what makes it interesting.
And so to make a wallet that can keep up with that, it has to be as flexible.
And so, you know, V1 isn't permissionless.
that is a goal we're announcing it a permissionless because that is that is absolutely what
but but you know to keep up with a permissionless protocol I think you have to be permissionless
and so that's absolutely where our sites are aimed okay can we get sci-fi for a second so this is
just the baby round right the snaps that we're seeing today are just like very early snaps before
the dev imagination has as kind of gone wild and I know that you don't have all of the ideas of course
but I bet you have some sci-fi ideas,
as you've been thinking about this over the years,
of how snaps can be used.
Tell me about snaps from the future.
What sort of things could be possible
with snaps plus metamask?
Oh, yeah.
I mean, you're 100% right.
There's no way we would have been working on this
for four to five years
if we didn't have some really exciting visions
of where it was headed long-term.
And, okay, so first, when you're onboarding someone,
you want to be able to onboarding someone,
them with everything they need to get started in ideally like one link. So that might include
a recommended chain. It might include a subsidy for gas. It might include permission to do something
on your behalf. Maybe it's an offer to buy something or even a money stream that you're donating
to, right? So you should be able to onboard someone as simple as a link. They shouldn't have to
think about snaps. That should be like as part of the onboarding experience, it just assumes that
when you are getting into a wallet, it is sculpting itself to your preferences and your shape
and the context you receive your invitation and is relevant to that.
Every single DAP that refers someone to MetaMask is choosing it.
And so there's actually like a line of trust there, you know, the person's trusting their first
introducer with a lot, right?
Their whole definition of crypto, basically.
And from there, that means you can start experiences really, really low friction.
Like you can start where, you know, maybe there's no connect with wallet for a little while.
Maybe you build up what you have in a site.
And then once you need to be able to move that authority around, you can pop it into a metamask, move it around, sign into other things.
And one of the critical things longer term that snaps are going to be able to do is they're going to have permissions between each other.
So right now they can talk to each other.
But they can't do things like really, really graceful sharing of the permissions that they invent.
and in particular being able to share those not just within the wallet, but eventually beyond the wallet.
So eventually you're logging and you're not just using a token allowance.
You might be granting some of your API access or some of your gas credit or your room key or whatever.
And all of this stuff should be manageable with the same kind of like smart contracting infrastructure that you're used to.
So the sci-fi version, it basically disappears.
You basically don't see the wallet anymore, but you're able to make extremely scalable, very secure contracts that interoperate.
And do we know what those protocols are going to be?
This very secure, you know, hopefully privacy preserving, highly scalable, readable, readable.
I don't think we're there yet.
But with snaps, we're going to, I think, the road to that end goal is a period of fast experimentation.
and iteration and exploring what's possible.
And I think that's the phase that we're starting to open into.
And as we start getting more permissionless,
I think that that experimentation phase can accelerate
and we'll hopefully learn a whole lot really fast as a community
and build the smart contracting systems that actually enable,
you know, slaying Moloch for lack of a better word,
like actually, you know, addressing coordination problems
and building more effective solutions to all of our needs.
and, yeah, abilities.
That's always been the vision, right?
Let me ask you, too, Dan, does this work as well on the browser extension, on mobile,
as well as it does on the browser extension?
It's not on mobile yet.
I'm very sad to say.
Very soon.
Soon.
Soon TM.
Yes, 100% it is in progress.
We've been laying the groundwork for it, but we didn't want to hold up the initial release
for consistency.
We really think that getting this in the hands of people
to start experimenting sooner
is a really important part of the process.
And it's taken us long enough to get here
that we're just kind of excited to be getting
some of it to prod, start the iteration process,
and start growing from here.
Do you know how many Chrome extensions there are?
I'd be curious about that.
Oh, no, a lot.
Number of Chrome.
Okay, do you anticipate a similar number of snaps
in the future?
we're going to grow that big?
If we do it really right, because the thing is, so earlier, I think you misspoke.
You said Chrome extensions are permissionless.
They're actually not.
Every Chrome extension goes through a.
I didn't misspeak.
I didn't know.
You're schooling me, Dan.
I didn't know this.
So I am very sorry to share with you that actually,
that Chrome store is a lot like the iOS app store or something.
And there have been moments where, you know, we had an update.
We wanted to push sometimes for security reasons.
and, you know, it can get clogged up in a review pipeline.
And, you know, don't get me wrong.
You know, it's this tension.
It's like, oh, well, the review's keeping you safe, right?
Well, uh, hmm.
Anyways, also, yeah, even getting snaps to the Chrome store has been a journey.
There was a, while we were developing this, Chrome changed the web extension protocol.
They did this thing called Manifest B3.
So they started trying to clamp down what extensions could do, right?
As we were trying to, like, grow up out of it and become this,
weird hydra extension.
And so we had to work pretty closely with Chrome.
And fortunately, their extension team was a bunch of very kind, cool people that just really
wanted to understand that things were safe.
And so once we kind of talked them through the security model and stuff, we were able to
get the all, oh, valuable blessing.
Like, we hope we don't need it forever.
But dang, are we glad we have it for now?
Good.
Because I will say this totally publicly.
I would quit.
I will quit Chrome.
I will quit any browser.
that disables the ability of like wallets,
crypto wallets like Metabast to actually exist.
But I actually didn't know that this process was so gate kept.
So is that, I know we're in beta mode right now for snaps.
And so there's still, it's still permissioned.
But you said that you were going to one up the Chrome extension store in snaps
and make them permissionless.
Did I hear that correct?
Are snaps actually going to be permissionless?
That is the goal.
Now, they actually are permissionless in our kind of developer builds called Metamask flask.
So for developers who want to be total mad scientists and install some code that they understand and have vetted themselves, they can go to Metamask.
I.O. slash flask that says in like a mad scientist flask or maybe a flask in your trench coat because you're crazy.
You must be sipping from that.
Do you be doing this if you don't know what you're doing?
Got it.
But so that's permissionless and that's in the Chrome Store today.
So devs can do that.
But in terms of how permissionless can we get it while keeping end user is a really critical question.
And I think we're going to try to push it to its very limits.
Metamask portfolio is your one-stop shop to manage your crypto assets and to tap into defy all in one place.
And the most important part of that experience, buying crypto, obviously.
MetaMask portfolio's buy feature enables you to purchase crypto easily without going through centralized exchanges.
designed with you in mind, you can fund your wallet directly in just a few clicks with convenience and simplicity.
What happens when you press the buy button?
Rather than being limited to a single payment provider,
Metamask brings together a bunch of vetted, trustworthy providers to present you with customized quotes for your crypto purchase.
Once you've funded your wallet, you'll be able to plug into Defi with all the money verbs like swapping, bridging, and staking.
But first things first, you need skin in the game.
Head over to metamask.io slash portfolio to buy crypto, the easy way.
Are you planning to launch a token?
Is your token already live?
And are you granting your employees and contractors vesting token awards?
And are you trying to figure out how to take care of taxable events for your team?
Toku makes implementing a global token incentive award simple.
With Toku, you will get unmatched legal and tax support to grant and administer your global team's tokens.
Toku will help you navigate across the life cycle of your token from easy-to-use pre-launch token grant award templates to managing post-cliff taxable events with payroll for legal, finance, and
HR teams, it's a huge complex task to have to comply with labor laws, payroll, and tax obligations,
tax reporting, and crypto regulations in every country that you employ someone. It's difficult,
time-consuming, manual, and costly, and it's drawing more attention from global regulators and
governments. Toku makes it simple for leading companies in the space, Protocol Labs, Hedera,
Gitcoin, and many more. So if you want some help in navigating the complex world of token compliance,
go to Toku.com slash bankless or click the link in the description below.
You know Uniswap. It's the world's largest decentralized exchange with over $1.4 trillion in trading volume.
You know this because we talk about it endlessly on bank lists. It's Uniswap. But Uniswap is becoming so much more.
Uniswap Labs just released the Uniswap mobile wallet for iOS, the newest, easiest way to trade tokens on the go.
With a Uniswap wallet, you can easily create or import a new wallet, buy crypto on any available exchange with your debit card with extremely low Fiat on ramp fees, and you can seamlessly swap on main net, polygon, arbitram, and optimism.
On the Uniswop mobile wallet, you can store and display your beautiful NFTs,
and you can also explore Web3 with the in-app search features, market leaderboards, and price charts,
or use Wallet Connect to connect to any Web3 application.
So you can now go directly to Defy with the Uniswot mobile wallet, safe, simple custody from the most trusted team in Defi.
Download the Uniswap wallet today on iOS.
There is a link in the show notes.
We talked about the snaps that are available today.
We've talked about kind of the journey to get here.
One question about that journey I have, though, Dan, is,
you said you've been, and I remember from our very first episodes and even before episodes,
when I was kind of early in crypto and obviously like an early Ben-Mask user, you've had this
concept of snaps. It's been in the oven for a while. So tell me about the journey because it's
been a multi-year journey. So, you know, I don't want to ask the question of like what took so long,
but a little bit like, it's incredible we're here. And also, why did it take so long? And I'm guessing
partially that might lead into another question about kind of security in those provisions.
But tell me about the journey here. So why is it a multi, why was it a multi year journey to get to
snaps? Yeah. Yeah. It's a completely fair question that any user of MetaMask deserves to ask
and wonder. And so, so yeah, let's get into it. Yeah, we had the division, you know,
I think the very first inklings of it that the wallet should probably be extensible around five years ago.
And I think the first year, it sounded crazy.
And by the end of the year, we had built a prototype, though, and it was exciting.
And we were like, oh, it can work.
We started to believe it could work.
And then it took, like, probably another year of, like, passively, like, trying to build it, like, in parallel to all of our other stuff before one of our developers, Eric Marks basically stood up and said, I'm not going to make this a part-time project anymore.
I'm going full time.
I'm starting the SNAPS team.
And that was like a totally pivotal moment where it was like,
it was actually the first time we'd had a team dedicated to a feature.
We were, you know, I'm a first time founder.
So like, I don't blame me.
I get a little bit.
But I'm learning as we go right.
It was sensitive and scary.
And, and you know, early on, we really were kind of just hiring the people we
we trusted absolutely like over, you know, with our absolute souls.
We didn't have a model for scaling the team in a secure way otherwise.
And so we were kind of pushed with this like, how do we build faster while keeping safe?
And, you know, we were kind of puzzling with that for a while.
And there was this kind of moment where we had this epiphany.
So I'm rewinding to like how we originally came up with the idea.
Like it was a lot like the Moloch observation where it's like, how do you minimize the risk?
you're taking when you are definitely taking a risk, right?
Like how do you grow the code base but not get owned?
And how do you like use a new contract and not get owned?
How do you interact with the stranger and not get owned?
And it started like realizing these problems started looking consistent and similar.
And what one of the key observations was that if you want to solve the problem of letting
people take safe risks with strangers with computers, then it really,
helped if they were able to take it with the software that allowed them to take those risks also.
It's kind of like the tree all grows from these common roots.
And so you need to have basically a kernel at the middle of the whole thing that lets you
make clean, decisive choices about the risks you're going to take.
And that required a confinement engine.
So we basically built an operating system kernel and built it into Metamask.
It's got two layers of confinement.
We use an iFrame, and then we also use a compartment using JavaScript language level features based on some work by Agoric.
And so using those technologies, we're able to basically have a runtime where we can confine third-party code and let it selectively talk to each other.
What's interesting about that is it turns out not a lot of operating systems have those properties.
So the idea of permissionless software where the individual components can selectively talk to each other, but with tight-grained permissions, that's actually not a thing.
Like iOS has a pretty good permission system, but you can't get permissions between the components.
And it sure isn't permissionless.
So we're kind of forging this space where we're building, we're effectively trying to build a distributed operating system kernel that's specialized at a decentralized at a decentralized.
centralized protocols and protocols built on cryptography.
So, yeah, basically the scope blew, like, it's not that the scope grew.
It's that we realized that the core problem we were wrestling with was a actually hard,
big problem that needed to be solved well.
And it wasn't a matter of, like, cranking out some sequel tables or writing some rails or
something.
It wasn't something that was trivially done previously.
So we did some serious work, and we wrote a lot of serious grants.
And yeah, it's still not permissionless, but the key I think here is that Metamask now has an extensible kernel.
So we are running third-party code at runtime and it's tightly confined.
And it's arguably tighter confined than the software that you're installing on your desktop.
You know, if you double-click an attachment off an email, they can own your entire computer.
And a lot of people get owned that way today.
But when you install a snap, it's going to have the permissions that are listed there.
And so we've got a really tight handle on what things that you add to your wallet can do.
And yeah, I think doing that well, we kind of kept learning the things that were required to do it well.
And while we tried to keep the scope as small as possible, we wanted to keep the users very safe because unfortunately, we have a handful of them and we care about them.
So we wanted to keep them extra safe.
You guys definitely have a handful of them.
And, you know, I guess as I'm hearing you describe this, it almost strikes me that,
that it's almost like someone describing what the firmware level of a hardware wallet looks like, right?
Is that kind of like almost deep in the weeds sort of design, right?
When I hear somebody from the ledger team describe how they're kind of isolating your private keys.
And that's the big difference between what you guys are doing and what crypto is doing versus what, you know, Web 2 and Web 1 was doing with just like a browser,
is that we have like private keys.
It's almost like a nuclear reactor that we have to like contain.
right? And if it gets out, there's a nuclear leak, it's bad news for everybody. And so the,
protect the private keys at all costs has to be, you know, priority one, two, and three for
metamask as you do this. And so I want to ask the question, you kind of describe the architecture
and such, but for people who have been listening up to this point and have been raising their
hand and saying third parties, permissionless, but what about security? What about security? Can we
answer very explicitly. So what are the, if I install a snap, should I be worried? Is there anything
I'm losing with respect to security? Am I opening up more surface area for this? Or how does
Metamask think about security with respect to snaps? And are there any additional risks here?
Yeah. Yeah. I think that if you want to minimize your security, I think there's almost like two ways you can
look at it. And, you know, I was having these insights around the
same time as Molok was getting written. So I sometimes use that language to frame it. And I think
Molok is one way. The Molok-Dow style is, well, put a delay before any decision and make sure a lot of
eyes are on it. And then the other way, if you say, well, what if we need instantaneous decision-making
though? Then I think that the answer is there is actually no risk, no reward, basically. And so the best
you can do is minimize the risk.
So there's basically two major dimensions that we're keeping users safe with snaps.
Today, the first one is the audit layer.
So all the snaps are actually audited.
And, you know, we're probably going to incrementally decentralize that auditing process
until it's either something like a web of trust or a DAO or we crack the user consent
problem and just throw the doors wide open.
And by the way, Dan, who's doing the auditing today?
Is that all metamask, your team, basically?
We've got a collection of trusted auditing groups that we've worked with and whose opinions we trust.
So we're kind of delegating an audit to them.
So there's an audit tier.
And then secondly, each of the snaps do get a list of permissions.
And so that's where the risk, when I say there's no risk, no reward, that's where it is.
So we've audited these or, you know, associates of ours have audited these.
But at the end of the day, if you want something to do your signing for your Cosmos or your Tezos, it's going to need the keys for those accounts.
Now, those are the only keys that those snaps are getting.
And so if you compare this to dropping your Metamask seed phrase into a Cosmos wallet,
it is strictly safer because, you know, if it's a wallet made by the same team,
the worst thing that can happen here is that they misuse those Cosmos keys.
So we're at least segmenting by that for the most sensitive snaps or basically the signer snaps,
the ones that are deriving keys from your seed phrase.
long term, I do think that basically every wallet and every protocol should be using transient
keys that stay and secure enclave storage.
But, you know, deriving from your secret recovery phrase today is a wonderful compatibility
layer that many protocols actually require.
You know, there are a lot of like zero knowledge protocols where, you know, we may love
a kind of abstraction on L1 and L2 and every EVM, but there are privacy protocols.
You're still going to need keys.
And so having a way to make sure and say,
you know, to your developer, well, these keys are backed up by the user as far as we've been able to get them to.
So that's the risk. The risk is there is a third party that you're trusting with that protocol.
And when you install a snap, you'll see the list. And we make it salient when you're granting key signing permission to a snap.
We try to really rub the user's nose in it. But that's not the only level of safety. There's also kind of a vetting layer that we hope to disintermediate as much as
possible but is still present.
So it's very explicit when a specific snap requires, you know, key signing, when you're
giving over key signing permission, right?
And I've got to imagine that's not going to be the majority, right?
So for something like the transaction snaps that we were looking at, where it does a simulation
of your transaction and warns you if there's something bad, that doesn't require any key
signing.
If I go in and I install one of those snaps, what are the risks?
with that.
Yeah.
Okay.
So let me just flip that on you because I think that a good security system should be obvious.
It should feel right.
So like we call this our principle of appropriate boundaries.
So let me ask you a signing snap that's doing simulation.
What do you think it should get?
Like what's the least we can give it?
Definitely not my private keys.
Agreed.
And they have that.
I don't know.
I don't know that I would be, I wouldn't want it to have my transaction data or my other metadata
inside of metamask, right?
So I wouldn't want it to know necessarily my holdings, my tokens, those sorts of things.
But maybe I'd be willing to do that for some specific things.
Like, like to, if it's going to simulate the results of a transaction that you're proposing
to sign.
It gets all that.
It kind of needs that.
It gets all that.
I mean, well, tell me, another way to do it without that.
I mean, I bet you we could do something where we swap out your address and then we say guess with this.
But, you know, now they're like trying to simulate a board ape transfer from an account that doesn't have a board ape, right?
That's not going to be very safe.
On that specific point, I guess this is our problem of not having like privacy, on chain privacy, like entirely, right?
So if I have an EMS name associated with my account and, you know, that, you know, people might know that RSA.eath is like this is my address.
So I suppose that's one thing
I'm maybe giving up
in some of these transactions
But I don't know
I don't know what else there is
To really share with a with a snap
So maybe I'll go back to you
Okay yeah yeah
So the one other thing that a lot of these views
Is they need to network
Because a lot of them they can't run locally
Right
And I think that's a good
It's a salient
It's nice that it's a permission
Because it's noticeable
When they don't need it
You're like
Oh you don't even need a network
Like, hell yeah.
What do you mean by network?
What do you mean by network, Dan?
Like, okay, they're going to get, okay, we know that they need to see your transaction
to be able to simulate it, right?
But does that mean they have to phone home?
Or can they just do it within the snap?
If they only can see the transaction data and they don't ask for a network,
that means you were actually being kept private.
Like, it's going into a box and then it's coming back out to your UI
and it can't do anything else about it.
So one of the things I would like, you know,
I think it's actually necessary.
if we want permissionless computing is at some level,
people have to be reading what they're signing.
You know, it's like, and, and you know,
Metamask has kind of always been like that.
Now, there's a lot of things that you can't really understand
when you're signing it and that's like a word that we're,
you know, we need to fight and win.
But, you know, snaps are,
they're a readable layer of this kind of interaction.
So when you install a snap, our hope is you can make sense of it.
We're putting it in plain language.
And if you're installing a transaction security
provider.
Like, hopefully the permissions that you see are the ones that make sense for it.
And if they don't, hit reject.
Okay.
This is very cool.
So can I ask you a question about the broader wallet landscape before we go here, Dan?
So this is the question, and you brought up the idea of account abstraction earlier.
There is this kind of trend, this interest across Ethereum in count abstraction,
smart contract wallets, that sort of thing, something that we've, I feel like the
has been trying to do for a while is get rid of the seed phrase, right?
What's your take on all of that? Does Metamask have a play there? Or is Metamask like,
you know what, we've got our product, we've got snaps, there's going to be a seed phrase.
Are you getting into kind of the smart contract wallet type space? Or is that not an area that
MetaMask plans to play in? You know, so for a long time, we had the posture that, you know,
look, we're going to make a plugin system for the accounts.
And so somebody else is going to make the best contract account probably, right?
Like because we're busy all focusing our time, making this secure extensible kernel and stuff.
Like the odds that we also make the best contract account seems really low.
But also we had really specific ideas of what we wanted, one to do.
And I think with the advent of EEP feet, as I like to call it, 4337, because it's like Leap.
Eapfee, make it happen.
Thank you.
So with advent of Eapfeet,
I think the bar,
like the level of difficulty to try out a new one
has really fallen.
So we are kind of taking a dual-headed approach now.
So SNAPS is going to let you install
any kind of account abstraction wallet.
And, you know, I will be thrilled
if any single one of them gives users
the experience that they need to be safe.
But also, yeah, we're doing some experiments.
that we think could solve some user experience issues
that we see in the ecosystem today.
Wait, so snaps plus account abstraction wallet?
How would that work?
Well, so we already talked about
how there's a couple of snaps APIs for things like new protocols
and new notifications and transaction insights.
We're going to have a third API, and it's already in Flask.
Well, there's a version of it in Flask that lets you add new signers.
So like an obvious simple snap that can be written,
in Flask is like a view only account.
It's like, oh, my God, it's so embarrassing.
We haven't shipped view only accounts, but our extension system supports them.
But, you know, then what we're going to do beyond that is we're going to have some special
API hooks for account abstraction wallets because they have some special features.
Specifically, their gas payment is kind of open-ended and modular.
And so there will also be snaps that can register paymasters.
And so now if you're using Metamask and you're using your NOSIS safe, you might choose
between one of five ways of paying, you know, you might choose to pay with a token or something
else. And we've got some ideas for how to, you know, hopefully allow, you know, basically
assignment of the transaction cost to where it makes the most sense and, you know, stop bothering
people with that. Because I think the, you know, get away from the seed phrase, that's a good one.
We should do that. But also get away from the needs to have ether to interact. Like if somebody's
willing to spot you, I think that should be good enough. And I think that that could really
flip the whole, I think there's a little bit of a perception that Web3 is a Ponzi scheme that comes
from the fact that you need to get some crypto before you can do anything. So you can be inviting
someone saying, I think you have value to contribute. I think you're a great artist. You should make an
NFT. And step one is put some money in this box, right?
Gotcha. I think I've heard this one. Yeah, yeah. Everybody's heard that one a million times
support. We shouldn't we shouldn't be blaming people for being skeptical by the standard crypto pitch today.
And I think account abstraction gives us opportunities to kind of rethink basically every step in
the current onboarding journey. So I want to come full circle here to the very beginning of our
episode where we talked about like, why are we talking about this? Why does this matter? Of course,
it matters on one layer because there's a bunch of users and they should know about snaps. Now you can
globe, your metamask wallet. I think we covered that. But the big win here, and I know you are
a starry-eyed dreamer because you've been here since the very beginning on Ethereum, like a lot of
us, right? So you see the potential here. I also know now, Dan, especially, you're a settler,
my friend. I mean, you've been building here for the long term. And like really, and I want to
give a shout out to you because you've really stayed to see this vision through and are continuing
to stay. And it's really cool to see.
Anyway, you're a settler and you're a sorry I dreamer.
Is this going to be the wallet experience that gets us to a billion users, right?
I know there's other pieces of the puzzle here, but I feel like we're starting to solve the transactions per second thing and the cheap transactions thing.
Like, we're well on our way to doing that.
We got some work to do on privacy.
I feel like one area that we need to really solve is good, seamless, safe user experience.
for all of our mainstream normie friends in order to bring them on.
Is this the wallet that does it, or is there some future thing that we still need?
I think that it has got a solid shot at playing a part.
That's the word that I'll say about it.
Like I think all this stuff like wallets that are embedded in a site,
and so you don't even have to know about it until you want to back it up.
I think that's the way.
I absolutely want to see this pattern of like make a user connect their wallet and sign a, you know, confirmation before they do anything.
That's like the worst experience in the world.
I think we can make all of that invisible and then we can be as lazy as possible about making people ever think about anything crypto, let alone like backing up secret keys or something.
And but when it comes to that point, when you're ready to start holding some decentralized stuff and putting it in your own hands and moving it between devices and friends.
and maybe even building a life around it.
Yeah, I think it's going to be great to have a wallet
that makes opting into whatever protocol is meaningful to you,
even if it's one you made up this morning.
I think that's a really valuable thing to have.
Well, thank you to you and the team who's built this out.
And we'll include a link in the show notes,
but maybe I'll shout it out.
Snaps.netmask.io is where you can start to glow up your metamask wallet.
And thanks for sharing this today.
Dan, one last thing before I let you go.
This is kind of a selfish ask because I want a lot more snaps that do really cool things.
And I want to, you know, 10x our safety, our security, you know, everything about the crypto wallet experience.
So can you do a shout out to the devs right now?
And what can they do to get started?
Because we want devs to start building some really cool snaps so that us very selfish users get nice features.
So what's your pitch to the devs?
Why should they come build a snap?
And what do they do?
Well, first, I'd point out that not every dev has to make a snap.
The snaps are expanding the wallet's API service.
So the wallet is getting richer and richer.
So you can start looking at just the snap menu as it is a huge growing set of features
that you can now start engaging with users on.
So if you want to have a Bitcoin component to your DAP, you can do that now.
And if there's some interchangeable, you know, if there's some interchangeable, you know, if there's some
interchained stuff you want to onboard people from, that's an option.
But if you have a component of your app that really benefits from kind of staying with the user
and enabling them to use it on other sites too, especially, and this can include things like
making transactions more readable for some protocol that you use, if you've got that kind
of idea, then yes, docs.netomask.io, we've put a lot of care into making great docs. The API is a
really simple. They should actually look pretty familiar to people who have written DAPs and
use the Ethereum provider before. And they're only going to get more pleasant over time.
But yeah, I think that you'll find that like a single afternoon, you could probably, you know,
make your version of any of the snaps that you've seen. We've really worked hard to make this
as simple a process as possible. Very cool. And I'm sure there will be entrepreneurs that launch
successful businesses on top of SNAPS as well.
So that's the prize as well.
Dan, thank you so much for joining us today.
This has been a lot of fun.
Awesome.
Yeah, thanks so much for having me.
This has been great.
Bankless Nation, got to end with this.
Of course, you know, crypto is risky.
You could lose what you put in.
None of this has been financial advice.
Snaps are risky too, right?
You got to be careful what you sign off on.
But we are headed west.
This is the frontier.
It's not for everyone.
But we're glad you're with us on the bankless journey.
Thanks a lot.