Blog

Audit of MetaMask Permissions System + CapNode

On Dec 18, 2019

Overview

ConsenSys AG has requested that Least Authority perform a security audit of MetaMask, a browser extension that enables interaction with applications built on Ethereum. MetaMask allows users to browse the web and interact with Ethereum applications, sign messages and transactions, and securely manage and store their private keys and assets.

The following components were in scope for our review:

  1. Login Permissions System (OCAP)
    a. npm module
    b. MetaMask branch utilizing npm module
  2. Plugin System
    a. CapNode

 

Our final audit report was completed on November 27, 2019. 

READ REPORT