Our team performed a security audit of the MetaMask extension’s seed phrase implementation. In particular, the focus of our investigation was a potential error in the seed phrase implementation, in response to MetaMask user claims that the same seed phrase can generate different account lists. According to the MetaMask team, the occurrence of this error has been credibly reported by a number ofusers. As a result, a concerted effort has been undertaken to consistently replicate the seed phrase error by MetaMask, one of the MetaMask users who reported the issue, and the Least Authority team. In our independent review, we performed a close investigation of the potential causes of the seed phrase error in an effort to identify appropriate solutions. In doing so, we also examined the overall correctness of the MetaMask extension seed phrase implementation.
Our final audit report was completed on July 29, 2022.
To read the full report, including our findings, click here: