MetaMask Del Security Smart Contract Audit

Summary

Executive Summary This report presents the results of our engagement with MetaMask to review MetaMask Delegation Framework. The review was conducted over two weeks, from October 21, 2024 to October 25, 2024, by Rai Yang and Sergii Kravchenko. A total of 5 person-days were spent. The review is performed on the changes in the codebase that were made since the previous audit. The main changes are: Adding four new enforcer contracts.

Project

MetaMask

Multi-Chain

No active critical issues

Last audited on 2024/10/01

Auditor

59 audits on Trustblock

Multi-Tags

Issues (2)

	Low	Medium	High	Critical	Total
Not fixed	1	-	-	-	1
Fixed	1	-	-	-	1
Total	2	0	0	0	2

Contracts (14)

#	Github Repository	Commit Hash	File	Url
1	MetaMask/delegation-framework	ec0c0d64a4fc1ccca24d5e910d5712e62d84c4b7	src/enforcers/ERC1155BalanceGteEnforcer.sol	Check on Github
2	MetaMask/delegation-framework	ec0c0d64a4fc1ccca24d5e910d5712e62d84c4b7	src/enforcers/OwnershipTransferEnforcer.sol	Check on Github
3	MetaMask/delegation-framework	ec0c0d64a4fc1ccca24d5e910d5712e62d84c4b7	src/DeleGatorCore.sol	Check on Github
4	MetaMask/delegation-framework	ec0c0d64a4fc1ccca24d5e910d5712e62d84c4b7	src/DelegationManager.sol	Check on Github
5	MetaMask/delegation-framework	ec0c0d64a4fc1ccca24d5e910d5712e62d84c4b7	src/HybridDeleGator.sol	Check on Github
6	MetaMask/delegation-framework	ec0c0d64a4fc1ccca24d5e910d5712e62d84c4b7	src/libraries/WebAuthn.sol	Check on Github
7	MetaMask/delegation-framework	ec0c0d64a4fc1ccca24d5e910d5712e62d84c4b7	src/enforcers/ERC721TransferEnforcer.sol	Check on Github
8	MetaMask/delegation-framework	ec0c0d64a4fc1ccca24d5e910d5712e62d84c4b7	src/enforcers/ERC721BalanceGteEnforcer.sol	Check on Github
9	MetaMask/delegation-framework	ec0c0d64a4fc1ccca24d5e910d5712e62d84c4b7	src/libraries/P256VerifierLib.sol	Check on Github
10	MetaMask/delegation-framework	ec0c0d64a4fc1ccca24d5e910d5712e62d84c4b7	src/interfaces/ICaveatEnforcer.sol	Check on Github