Snap Security Top 10¶
Welcome to the grand premiere of the Snap Security Top Ten1, a dazzling spectacle of digital defense!
Within our risk assessment showcase, vulnerability categories take the lead in a dynamic performance, influenced by their relative occurrence in audit reports from the Snaps Directory up to October 2023. 🎭🔍
🥇 S01:2023 - Injection
In the security ballet of Snaps and dApps, a common flaw emerges as a delicate breach of trust boundaries. Failing to validate, filter, and sanitize data adequately, the stage is set for high-risk maneuvers—from UI/UX injections to the infiltration of malicious elements into the seamless dance of requests and commands.
- Markdown injection in dialogs
- Control character injection in dialogs
- URI injection in HTTP Requests
- Lax input validation
- Missing runtime type checks
- Type confusion
- Direct utilization of untrusted data across different contexts
🥈 S02:2023 - User Consent & User Interface Issues
Inside the realm of digital guardianship, users entrust MetaMask as the sentinel of their cryptographic keys and identity. They anticipate a fortress of security, where actions unfold only with explicit user consent and information stands as a beacon of accuracy. Yet, acknowledging the delicate balance of trust, issues such as opaque or silent execution, the lack of user consent, misleading information, and confusing UI/UX flows subtly yet significantly mark the second item in the Snap Security Top 10. This spotlight on the nuances where universal trust finds its boundaries emphasizes the importance of user interface and consent in the digital world.
- Actions performed without explicit user consent
- Privacy breaches
- Leaked keys and addresses
- Lack of essential information in dialogs
- Untrusted information in dialogs
🥉 S03:2023 - Cryptographic Failures
Imagine a Snap as a rogue player, demanding private keys without justification, choosing to go solo in key management, or disrupting the harmonious orchestration of MetaMask's security controls. Like a jarring dissonance, this vulnerability echoes through the void of security standards, dancing perilously close to weak algorithms and uncertain sources of entropy—a dramatic composition where traditional failures rise to a thunderous crescendo, threatening the very melody of secure browser wallets.
- Use of insecure parameters from untrusted sources for cryptography actions.
- Use of weak algorithms.
- Lack of transport security.
- Undermining MetaMask security module.
🔹 S04:2023 - Vulnerable and Outdated Components
Picture Snaps as the intricate gears of a clock, each one playing a crucial role in the symphony of a secure browser wallet. Yet, lurking in the shadows, there's a vulnerability akin to a saboteur tampering with these gears. If successful, the entire clockwork, representing the Snap's security, could crumble, exposing keys and disrupting essential functionality—a ticking time bomb in the world of supply chain-based attacks.
- Lack of dependency management.
- Lax version pinning.
- Missing lockfiles and integrity checking.
- Lack of security monitoring.
- Use of opaque dependencies.
🔹 S05:2023 - Permission & Authorization
In the elaborate world of digital landscapes, Snaps, like overzealous actors on a stage, occasionally demand more spotlight (permissions) than their role requires or offer performances to audiences (origins) not on the program. This misdirection poses a backstage threat, emphasizing the need for precise scripts (permissions) to ensure a secure and flawless performance.
- Overpermissioned Snaps
- Ineffective or missing origin checks
🔹 S06:2023 - Broken or Redundant Code
Broken code serves as a critical note, revealing the quality of a system. Non-functional or redundant elements become security pitfalls when intertwined with other vulnerabilities. Maintaining a clean codebase is ideal, but reality often presents a different tune.
- Unused imports.
- Functions that don't do anything.
- RPC calls that lead to errors.
- Redundant functionality or conversions.
- Code Style issues.
- Confusing naming.
🔹 S07:2023 - Error Handling
Where every error is an opportunity, every code fragment is fortified, and every exception is a chance for improvement.
- Uncaught exceptions.
- Errors revealing sensitive information.
- Unhelpful error messages.
- No error handling at all.
🔹 S08:2023 - Sensitive Data Handling
Handling sensitive data is like safeguarding a treasure chest filled with invaluable secrets. You wouldn't want to lose your precious gems, would you?
- Incorrect storage of sensitive information.
- Private key logged to console.
- Debug logging in production mode.
- Information disclosure in error messages.
🔹 S09:2023 - Code Quality and Best Practices Violations
Like a skilled conductor guiding a symphony, adhering to best practices orchestrates a harmonious melody, while violations introduce dissonance that may resonate through the entire composition, potentially leading to vulnerabilities and instability.
- API design.
- Missing linter, tsconfig.
- Non hardened defaults.
- Misleading function names.
- Invalid metadata.
- TypeScript compiler and linting errors.
- Bad documentation (inline, docs).
- No tests.
- Not following MetaMask Best Practices.
- ToDo's.
- Copy Past errors.
- Coding inefficiencies.
- Use of non-standard libraries.
- Not using TypeScript.
- Not using
@metamask/detect-provider
🔹 S10:2023 - Race Condition
In the coding arena, race conditions are like a sprint where multiple runners vie for the finish line, but the winner is uncertain, and the outcome depends on the unpredictable interplay of their strides, causing potential chaos on the track.
- Unpredictable outcomes.
- dApps overwriting settings.
- Asynchronicity leading to undefined objects.
-
Our terminology gracefully pirouettes in harmony with the OWASP Top 10. ↩