Missing permissions in @metamask/permissions-kernel-snap #149
Description
This issue was uncovered as I was working on a submission for the https://www.hackquest.io/hackathons/MetaMask-Delegation-Toolkit-DTK-Dev-Cook-Off hackathon.
The project
I wanted to create a simple cli tool + webapp that allows you to delegate the ability to update your ENS contenthash from the command line securely.
Design
Design was simple:
-
create an account in the
-
Copy the account address from (1) to the webapp and create a delegation with the following delegations to it:
-
'allowed-targets': the resolver of the ENS domain
-
'allowed-methods': 'setContenthash'
-
'allowed-calldata': the ens name (first param of (2))
-
-
Display delegation and allow user to copy it into the cli tool
-
Cli tool can now at any time update the contenthash for the given ENS name, but can not change anything else about the ENS name
Uncovered issues
The main problem I discovered was that the 7715 implementation doesn't support the caveat enforces mentioned above. By analysing the '@metamask/permissions-kernel-snap' bundle code with Gemini it looks like only the following permissions are allowed:
native-token-stream
native-token-transfer
erc20-token-transfer
erc721-token-transfer
erc1155-token-transfer
Only using these permissions it seems impossible to achieve my goal.