What is the Decentralized Snaps Directory?

info

The Decentralized Snaps Directory is experimental. For the official MetaMask Snaps Directory, go to snaps.metamask.io.

Welcome to the decentralized application distribution platform for MetaMask Snaps! This guide will help you navigate the platform, understand its features, and engage with its community-driven ecosystem.

Platform overview

The platform offers a new way to discover and ensure the safety of Snaps, moving away from centralized control to a system powered by the collective input of its users, developers, auditors, and security experts.

Key features

• Trust Signals: Users can express trust or distrust in other users and Snaps, influencing their reputation within the platform.
• Reputation Graph: These signals feed into a reputation graph, which helps map the trustworthiness of users and Snaps.
• Reputation Scores: Using the EigenTrust algorithm, the platform calculates users reputation scores from the graph. The calculation of these scores is transparent, verifiable and adjustable by the community.
• Safety Identification: The system aims to help users identify safe and potentially harmful Snaps, with effectiveness improving as community engagement increases.

Your participation

Your feedback and participation are crucial. By using the platform and sharing your experiences in this form, you contribute to a secure and decentralized app ecosystem.

For further details and support, please refer to the rest of this guide and join our Telegram group.

The decentralized MetaMask Snaps Directory can be found at permissionless.snaps.metamask.io. Be aware that this is a prototype, you can always find the official MetaMask Snaps directory on snaps.metamask.io.

How does it work?

This is an opportunity for users to build reputation as a software security expert (whitehat) or software developer, based on peer-to-peer trust and vouching.

For this experiment, we will utilize a user’s reputation as a software security expert or auditor to create a community reputation system for MetaMask Snaps. This will help identify safe and malicious Snaps, which will create enormous value for the MetaMask ecosystem.

We invite you to build your reputation in an open and permissionless way.

First, we encourage you to reach out to other security experts and request endorsements from them. The more you get endorsed for your software security skills by other security experts, the more you accrue a reputation as a White Hat and community contributor.

At the same time, you can start endorsing other software security experts. This will help them build a reputation through you vouching for them. You can also report malicious (blackhat) actors. Your reputation will play a key role in identifying and reducing the impact of any malicious activity.

Next, we invite you to endorse or report Snaps based on your good judgment. This will help generate a community sentiment score for Snaps, making it safer for users to decide whether to install and use Snaps.

A high number of attestations will help build a robust reputation graph. High quality of attestations is important to help the graph deliver higher accuracy and dependability in the user and Snap reputation scores. It’s important to note that the context of these attestations is to build a reputation graph for software security experts, which will enable a reputation graph for Snaps. It won’t help if someone endorses a good friend who doesn’t have any software security skills.

Unsure whether you have enough information to endorse or report a user or Snap? Don’t worry, this is a prototype. Your attestations won’t affect existing live Snaps on the Snaps directory, feel free to use your best judgment to issue attestations.

How can I participate?

1. Go to the prototype website
   Head on over to permissionless.snaps.metamask.io to visit the prototype of the decentralized MetaMask Snaps Directory.
2. Connect your wallet
   You will be only signing messages, without signing transactions (signed typed data structure-EIP712).
3. Discover and attest users
   1. View any user's profile by entering their public address or ENS in the Search Bar
   2. Click on ‘Endorse’ if you trust a user. Upon clicking the button, you’ll see the following options of their entrusted skills:
      1. Software development - If you think that they are a good software developer
      2. Software security - If you trust their ability to audit or review security of software.
   3. Click on ‘Report’ if you distrust a user. Upon clicking the button, you’ll see the following options to mark them as malicious specifying a reason:
      1. Scamming
      2. Hacking
      3. Harassment
      4. Disinformation
      5. Other.
4. Invite others to endorse you
   1. You can share a message within your network of software security experts or software developers, asking them to endorse you.
   2. Sample message: “I’m supporting MetaMask in testing the prototype of a decentralized trust and reputation system for MetaMask Snaps. My review of Snaps might count more if more trustworthy users endorse my skills. If you think I have good 1) software development skills or 2) software security assessment skills, come endorse me here (hyperlink of your profile page). Thanks!“
5. Discover and review Snaps
   1. To view a Snap profile, click on a Snap to see its details.
   2. Endorse a Snap: upon clicking ‘Endorse’, you will be prompted to endorse the Snap with a reason:
      1. Good user experience
      2. Useful
      3. Seems secure.
   3. Choose one or any more of the above properties and sign to endorse.
   4. Report a Snap: upon clicking ‘Report’, you will be prompted to report the Snap with a reason:
      1. Scam
      2. Vulnerable.
   5. Choose any one or more of the above properties and sign to endorse.
   6. View your profile by clicking on your connected address button on the top right:
      1. You can view which Snaps you have endorsed or reported
      2. You can view which users you have endorsed or reported.
6. View your profile
   View your profile by clicking on your connected address button on the top right. Here you can view which Snaps and users you have endorsed or reported.

What is the community reputation system?

Once users start issuing attestations to other users and Snaps, you can see the real-time reputation graph update here. For a detailed understanding of the reputation graph explorer, please refer to the FAQs below.

Those users who are trusted by other trustworthy users will start to build a good reputation.

Once reputable users start endorsing or reporting Snaps, Snaps will start accumulating community sentiment scores. Snaps can be categorized into the following Community Sentiment Badges:

• [Insufficient Reviews]: A Snap that doesn't have enough reviews from highly reputable users
• [Endorsed]: A Snap that has received endorsements (and no reports) from highly reputable users.
• [In Review]: A Snap that has received at least one report from a highly reputable auditor and at least one endorsement from a highly reputable auditor will be in the status until resolved.
• [Reported]: A Snap which is reported by reputable auditors

Users also accumulate the following community sentiment badges:

• [Highly Trusted]: A user who has received endorsements from other highly trusted users
• [Reported]: A user who has been reported by a highly trusted user

The ranking of users and Snaps is based on the trust and distrust signals and is generated by running the EigenTrust algorithm on the reputation graph data.

• We initialize the reputation graph by selecting a few trustworthy users, called pre-trusted peers. These are reputable people in the context of software security and software development. This list of people can be modified at any point by the community.
• These pre-trusted peers start endorsing or reporting other users. This helps build the reputation of those trusted or distrusted by these pre-trusted peers. We then apply a threshold score for 'highly trusted' peers. For this experiment, we use the lowest EigenTrust score of the user that is trusted by pre-trusted peers.
• Once we have the user EigenTrust scores, these scores are used to weigh users' opinions about a Snap. A Snap gets a score and confidence level based on what users say about the Snap, and the user reputation scores of those who issue attestations for the Snap.
• This system helps surface the community sentiment of Snaps. Also, in case a Snap is malicious, the community can use the community reputation system to quickly call out a malicious Snap. The same principle applies to a user who might be acting maliciously. The scores can be computed every few seconds.

For this experiment, the computation updates the scores every 10 minutes. The reputation scores, users, and Snap badges will get updated based on any new attestations received by users or Snaps.

The computation is verifiable by anyone — you can simply run the EigenTrust compute on your machine on the open reputation graph data. Also, the threshold scores for 'highly trusted' peers can be modified easily based on community participation.

Frequently asked questions (FAQ)

1. Where is the data being stored in this prototype? How will it be managed in a future production-ready system?
   Right now, we're using an off-chain registry for this experiment. You can find the detailed spec in this CAIP. After the experiment, we will transition to an open, verifiable data storage layer for storing the attestations and trust computer results. The compute will also be easily verifiable.
2. I already see that my profile has a badge, what does it mean? If I don't have badges, how do I get them?
   If you have a 'Highly Trusted' or Reported badge, it means that someone might have issued you some attestations and the Trust computer has generated reputation badges based on these attestations.
   If you don't have a Badge, you'll have to wait to get attestations from other Highly Trusted users.
3. How does my reputation or badge affect my Report/Endorse actions?
   If you are a Highly Trusted user, your Endorse or Report attestations will carry more weight. If you are a Reported user, your attestation won't carry as much weight. If you don't have a Highly Trusted badge, your attestation will still matter, but on its own, it won't be enough to modify the reputation of the user or Snap that you want to attest to.
4. Is there a quantitative score for a Snap? When will that be shown? How is that calculated?
   A Snap does get a score from the Trust computer and it is used in calculating the community sentiment badge for a Snap. It is calculated using EigenTrust. It is accessible to anyone, but for simplicity purposes, it is not shown on the experimental front-end.
5. Can I change my attestation for a user or Snap?
   Yes, you can update your attestation any time, and the updated attestation will be used in the trust computation.
6. A user is shown as a reported user even if only reported by one other user? When will a user be shown as 'reported'?
   For this experiment, if a user is reported by a 'Highly Trusted' User, they will have a reported badge.
7. Is there a quantitative score for a user? When will that be shown? How is that calculated?
   A user gets a score from the trust computer and it is used in calculating the user badge. It is calculated using EigenTrust. It's accessible to anyone, but for simplicity purposes, it is not shown on the experimental front-end.
8. How do I look up an address to see if it is an existing user in the system?
   You can search for any address/ENS name in the Search bar, Or you can modify the profile page URL, replace the address by the desired user profile you want to see: https://permissionless.snaps.metamask.io/account/?address=0x17FA0A61bf1719D12C08c61F211A063a58267A19
9. What benefits do I get if I have these badges?
   First of all, you are building a valuable white hat or community reputation in one of the most trusted communities in web3. This reputation will go a long way and become interoperable in other systems going forward. We will also issue participation and reputation NFTs as a token of recognition for helping us in this experiment.
10. What is the relationship between receiving endorsements and getting the badges?
    If you are endorsed by trustworthy users (with high reputation scores), you may get badges as a result. You can read the full details of this in the algorithm implementation.
11. Will I be able to see the address of the account that provides malicious reports?
    Yes, you will be able to see all attestations via the reputation graph explorer. In the full feature front-end release that is coming soon, you will be able to see which addresses endorsed or reported which Snaps, both on the Snap profile page and on the user profile page.
12. Can I use the community sentiment badges in other/outside on-chain scenarios?
    Yes, any developer may leverage your reputation badges and compose them with other use cases or applications.
13. Where can I see who rated me for what?
    You can go to the reputation graph explorer, search for your EOA/DID and see who all rated you.
14. How do I dispute ratings about other users or Snaps?
    For this experiment, we are simply letting users rate other users and Snaps. In the next phase, you will be able to dispute or endorse the issued ratings. But you can always endorse or report a user in case you trust or distrust them.
15. Where do I see how ratings affect Snaps?
    You can see the historical changes in Snap community sentiment on the graph explorer. Soon, we will publish a Dune dashboard to monitor historical user and snap community sentiment.
16. What does the reputation graph explorer show?
    The reputation graph explorer shows the live attestations in the network. Each node is either a Snap or a user, and each edge is an attestation being issued. Red lines represent reports of malicious users or Snaps. Green lines represent endorsements of trusted users or Snaps.
    You can search for a user or Snap to see incoming and outgoing attestations. Upon clicking any node in the network, you’ll also see the list of peers and Snaps interacting with that node.

Are you new to MetaMask Snaps? Take a look at our guide on getting started with MetaMask Snaps.