Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor @metamask/providers and make it use #hashFunctions for private methods #244

Open
david0xd opened this issue Feb 2, 2023 · 1 comment
Open

Refactor @metamask/providers and make it use #hashFunctions for private methods #244

david0xd opened this issue Feb 2, 2023 · 1 comment
Labels
type-security

Comments

@david0xd
Copy link

david0xd commented Feb 2, 2023
edited by ritave
Loading

This is a proposal to do refactoring of the @metamask/providers StreamProvider and make its private methods and properties use #hash approach if possible. That way it would not be exposing methods and properties within its prototype chain which can be a security concern.

It is discovered that harden function from Secure EcmaScript which is used in Snaps and LavaMoat, is freezing some parts of the stream which makes it impossible to work. Because of that, a special way of using Proxy was introduced. By having a real private methods and properties it might be easier to secure this type of issues in the future.
@david0xd david0xd mentioned this issue Feb 3, 2023
Closed
@ritave ritave transferred this issue from MetaMask/snaps Feb 7, 2023
@ritave
Copy link
Member

ritave commented Feb 7, 2023

Transfered from snaps-monorepo to providers repository

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type-security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ritave @david0xd