Executive Summary This report presents the results of our engagement with MetaMask to review MetaMask Delegation Framework. The review was conducted over two weeks, from October 21, 2024 to October 25, 2024, by Rai Yang and Sergii Kravchenko. A total of 5 person-days were spent. The review is performed on the changes in the codebase that were made since the previous audit. The main changes are: Adding four new enforcer contracts.
Low | Medium | High | Critical | Total | |
---|---|---|---|---|---|
Not fixed | 1 | - | - | - | 1 |
Fixed | 1 | - | - | - | 1 |
Total | 2 | 0 | 0 | 0 | 2 |
# | Github Repository | Commit Hash | File | Url |
---|---|---|---|---|
1 | MetaMask/delegation-framework | ec0c0d64a4fc1ccca24d5e910d5712e62d84c4b7 | src/enforcers/ERC1155BalanceGteEnforcer.sol | Check on Github |
2 | MetaMask/delegation-framework | ec0c0d64a4fc1ccca24d5e910d5712e62d84c4b7 | src/enforcers/OwnershipTransferEnforcer.sol | Check on Github |
3 | MetaMask/delegation-framework | ec0c0d64a4fc1ccca24d5e910d5712e62d84c4b7 | src/DeleGatorCore.sol | Check on Github |
4 | MetaMask/delegation-framework | ec0c0d64a4fc1ccca24d5e910d5712e62d84c4b7 | src/DelegationManager.sol | Check on Github |
5 | MetaMask/delegation-framework | ec0c0d64a4fc1ccca24d5e910d5712e62d84c4b7 | src/HybridDeleGator.sol | Check on Github |
6 | MetaMask/delegation-framework | ec0c0d64a4fc1ccca24d5e910d5712e62d84c4b7 | src/libraries/WebAuthn.sol | Check on Github |
7 | MetaMask/delegation-framework | ec0c0d64a4fc1ccca24d5e910d5712e62d84c4b7 | src/enforcers/ERC721TransferEnforcer.sol | Check on Github |
8 | MetaMask/delegation-framework | ec0c0d64a4fc1ccca24d5e910d5712e62d84c4b7 | src/enforcers/ERC721BalanceGteEnforcer.sol | Check on Github |
9 | MetaMask/delegation-framework | ec0c0d64a4fc1ccca24d5e910d5712e62d84c4b7 | src/libraries/P256VerifierLib.sol | Check on Github |
10 | MetaMask/delegation-framework | ec0c0d64a4fc1ccca24d5e910d5712e62d84c4b7 | src/interfaces/ICaveatEnforcer.sol | Check on Github |