@draint/snap
v0.1.1
Published
drain't MetaMask Snap — pre-sign warnings that stop wallet drainers: EIP-7702 delegations, Permit/Permit2 phishing, and malicious approvals. Wallet drain? Didn't happen.
Readme
@draint/snap
drain't MetaMask Snap — pre-sign warnings that stop wallet drainers: EIP-7702 delegations, Permit/Permit2 phishing, and malicious approvals.
Wallet drain? Didn't happen.
What it does
Two intercept points:
onSignature— Detects typed-data (EIP-712) signatures asking for Permit/Permit2 spending approvals. Classifies the spender via draint-be. If risky, shows a critical warning before the user signs.onTransaction— Inspects transactions of type 0x04 (EIP-7702 SET_CODE). Extracts every delegation target in theauthorizationListand classifies. If any target is a CrimeEnjoyor-class drainer, blocks with a critical warning.
Run locally
Install MetaMask Flask (developer build):
- https://docs.metamask.io/snaps/get-started/install-flask/
Then:
bun install
bun run start # mm-snap watch — auto-rebuild on src changeConnect to http://localhost:8080 from a test dApp (we use draint-fe dashboard) and call wallet_requestSnaps.
Build
bun run build:clean
# Output: dist/bundle.jsPermissions
endowment:signature-insight— read raw signature payloads pre-signendowment:transaction-insight— read tx payloads pre-submitendowment:network-access— call drain't backend/api/classifysnap_dialog— render warning UI
Architecture
User signs/sends in MM
↓
Snap handler fires
↓
extract Permit spender / 7702 delegation target
↓
POST https://draint-be.vercel.app/api/classify
↓
Render warning UI based on severityLicense
MIT — part of the DraintAi/draint-fe project.
Built for MetaMask Smart Accounts Kit x 1Shot API Hackathon, 2026.
