Asentum MetaMask Snap

TL;DR

A MetaMask Snap that derives a Dilithium3 keypair from your existing MetaMask seed phrase and signs AsentumChain transactions inside the Snap sandbox. Your standard secp256k1 Ethereum accounts sit alongside the Asentum account in the same MetaMask UI. Backing up the MetaMask recovery phrase also backs up the Asentum account, no extra seed to remember.

The Snap only signs. It does not broadcast. Dapps call the Snap to get a signed transaction, then submit it to the chain over JSON-RPC themselves.

Install the Snap

1. Install MetaMask Flask. It runs side-by-side with regular MetaMask and uses a separate browser profile.
2. From a dapp that integrates the Snap (or the test page), trigger the wallet_requestSnaps call. MetaMask Flask will prompt you to install npm:@asentum/metamask-snap.
3. Approve the permissions. The Snap requests snap_getEntropy (to derive the Dilithium3 key) and snap_dialog (for transaction confirmation popups). Nothing else.

That is it. The Snap derives your Asentum address deterministically from MetaMask's seed. The same MetaMask install always yields the same Asentum address.

Using the Snap from a dapp

Three steps for a dapp: request the Snap, get the address, request a signature. Then submit the signed bytes to AsentumChain yourself.

// 1. Make sure the Snap is installed
await window.ethereum.request({
  method: 'wallet_requestSnaps',
  params: { 'npm:@asentum/metamask-snap': {} },
});

// 2. Get the user's Asentum address
const address = await window.ethereum.request({
  method: 'wallet_invokeSnap',
  params: {
    snapId: 'npm:@asentum/metamask-snap',
    request: { method: 'asentum_getAddress' },
  },
});

// 3. Build a transfer and ask the Snap to sign it
const { signedBytes } = await window.ethereum.request({
  method: 'wallet_invokeSnap',
  params: {
    snapId: 'npm:@asentum/metamask-snap',
    request: {
      method: 'asentum_signTransfer',
      params: { to: '0xabc...', amount: '1.5', chainId: 1337, nonce: 0 },
    },
  },
});

// 4. Submit it yourself, e.g. through @asentum/sdk
import { AsentumClient } from '@asentum/sdk';
const client = new AsentumClient('https://testnet.asentum.com');
const { hash } = await client.submitRawTx(signedBytes);

RPC methods

Every signing method pops a MetaMask confirmation dialog that spells out the to-address, value, method, args, and gas. The user has to click Approve.

Security model

• The Dilithium3 private key is derived deterministically inside the Snap sandbox via snap_getEntropy. It never leaves the Snap and is not exposed to the dapp.
• The Snap requests only two MetaMask permissions: snap_getEntropy and snap_dialog. It cannot make network requests, read storage from other Snaps, or modify MetaMask state.
• Every sign operation triggers a confirmation dialog. The user sees the full payload before approving.
• The Snap does not broadcast. If the dapp is malicious and asks the Snap to sign a bad transaction, the user still has to click Approve, and even then the transaction does not go anywhere unless the dapp submits it.

Limits

• Flask only for now. Production MetaMask cannot install Snaps that are not in the public Directory. We are in the queue.
• One Asentum account per MetaMask install. The address is derived from MetaMask's root seed, so all Snap-derived Asentum accounts on the same MetaMask are the same address.
• The Snap signs, the dapp broadcasts. You will pair this with @asentum/sdk (or your own JSON-RPC client) to submit transactions.