Unmasking MetaMask

Get rekt fee’s

How much is too much of a fee?

Shady ‘Blacklisting’ practices

While mentioned in their official FAQ as an afterthought, metamask keeps an updated list of permanent banned websites, that you must dig through their repo in order to find. Here is a link of the extracted ‘white list’ / ‘black list’.

Closed source MetaSwap contract

Sure, consensys diligence may have done an audit, but without seeing the source code who can know how well their codebase was covered? An example is how the currently implemented fee adaptor is potentially implemented. To quote,

All your trades are stored in their backend, plaintext.

Needless to say, this opens up end users to targeted phishing attacks (since hackers would know their end user uses metamask). Here is an example of a wallet trade, no authentication needed to read:

Gas Pricing has zero documentation or visibility into how its calculated

The endpoint is located here:

Decompiling into a potential source code base

The decompiled codebase looks remarkably similar to Totle’s contracts when you decompile them and examine them together. In fact if we look back at the audit and see when the second assessment was done (October 2020), we find that a feature was added for CHI (1Inch’s improved GasToken),

Intrusive Tracking and no-opt out updates:

See the following specific commits, these are true for both MetaMask extension and the MetaMask Beta Snap version:

Most of all: They think you are an idiot

To ensure the longevity of the services we have been providing to the
world, we feel that it is time that we establish some defensibility for
our work from large commercial forks.
This license preserves free usage for any non-commercial use or any use
under 10k monthly active users.

Reference GitHub Repo:


Reference: MetaSwap

  • the main contract
  • 0x74de5d4FCbf63E00296fd95d33236B9794016631
"similar" contract logic / bytecodes:



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store