Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@snappy-recovery/snap

Package Overview
Dependencies
Maintainers
1
Versions
1
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@snappy-recovery/snap

Snappy Recovery Snap: Social recovery RPC API for MetaMask wallets

  • 0.0.1
  • latest
  • Source
  • npm
  • Socket score

Version published
Maintainers
1
Created
Source

💥 Snappy Recovery

Social Recovery for MetaMask wallets using "Snaps", sandboxed JS plugins for MetaMask.

Why it's safe-ish?

  • The Snap code runs in a sandboxed environment inside the MetaMask extension
  • The Snap code has access to private keys, but no internet access -- it doesn't request that permission
  • The Snap never exposes a sensitive private key to the Dapp (browser environment) unless it's encrypted
  • The Snap code is installed from NPM and can be audited at all times

Why it's probably not so safe?

  • I have only a rudimentary cryptography training
  • I built this alone, working late at night
  • Nobody reviewed nor audited this code
  • MetaMask Snaps are still a new feature in development

What does this mean?

⚠️ USE ONLY WITH ON TEST NETWORKS AND WITH TEST MNEMONICS

How it works?

Setup the social recovery

  1. Connect to MetaMask
  2. Accept the permission to manage your Ethereum private keys
  3. Go to your profile and copy your Snappy Recovery public key, save it somewhere. It's public data, harmless to save it in the clear.
  4. Find 5 friends with whom to split a secret backup key, send them to Snappy Recovery, and ask them for their Snappy Recovery public key (they have to login and go to their profile)
  5. Enter the 5 public keys in the "Setup Recovery" section, and press "Setup"
  6. The Snappy Recovery Snap, working fully inside MetaMask's sandboxed environment, will:
  7. Grab your parent Ethereum node, used to generate all your accounts
  8. Create a brand new backup AES encryption key
  9. Use this backup key to symmetrically encrypt your Ethereum node
  10. Split the backup key using a 3-of-5 Shamir secret sharing scheme
  11. Encrypt each backup key part using one of your friends' public keys
  12. Return the encrypted Ethereum key + the 5 encrypted shards to this Dapp. This means that at no point will the Dapp be able to "see" your master Ethereum private key in the clear
  13. Your encrypted Ethereum key + the 5 encrypted shards will be stored on Gun, a distributed peer-to-peer database
  14. All you have to do is save your Snappy Recovery public key ("View your public key" at the top) somewhere like your email or cloud storage

Recover your wallet / funds

  1. Reinstall MetaMask
  2. Go to Snappy Recovery and connect metamask, installing the Snap
  3. Press "I lost my private key!"
  4. Enter your Snappy Recovery public key that you copied back when you had access to your wallet
  5. Press "Get recovery URL"
  6. You'll get a URL, share it with at least three of your five friends
  7. The recovery page will self-update as your friends follow the procedure on their side -- they just have to click a button
  8. Once 3 of your friends have fulfilled their responsibility, press "Recover my ETH!"
  9. After a few seconds, you'll see your old accounts appear, with their balances and transaction count
  10. To recover an account:
  11. Press "Show private key" next to the address
  12. Go to MetaMask's menu and choose "Import Account"
  13. Paste your private key to import your account
  14. Send your funds to a non-imported account from your current wallet

FAQs

Package last updated on 03 Sep 2022

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc