Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Refactor @metamask/providers and make it use #hashFunctions for private methods #244

Open
david0xd opened this issue Feb 2, 2023 · 1 comment

Comments

@david0xd
Copy link

david0xd commented Feb 2, 2023

This is a proposal to do refactoring of the @metamask/providers StreamProvider and make its private methods and properties use #hash approach if possible. That way it would not be exposing methods and properties within its prototype chain which can be a security concern.

It is discovered that harden function from Secure EcmaScript which is used in Snaps and LavaMoat, is freezing some parts of the stream which makes it impossible to work. Because of that, a special way of using Proxy was introduced. By having a real private methods and properties it might be easier to secure this type of issues in the future.

@ritave
Copy link

ritave commented Feb 7, 2023

Transfered from snaps-monorepo to providers repository

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants