MM-005
MetaMask · DelegationManager Caveat Non-Inheritance
MetaMask Delegation Toolkit · HIGH · T1 (1s) · Ready to file · S_delegation
HIGH S_delegation READY TO FILE ← SSAF
VECTOR
SHAPE
LEAN4
PoC
Attack Vector
In MetaMask's DelegationManager, when a delegator creates a sub-delegation (child delegation), the caveats (permission constraints) from the parent delegation are NOT automatically enforced on the child. A child delegation can have broader permissions than its parent, violating the monotone reduction invariant.
Kill Chain
1Attacker receives delegation D1 with caveat C1 (restricted)
2Attacker creates sub-delegation D2 from D1 WITHOUT inheriting C1
3D2 grants permissions NOT in the original caveat set
4Child delegate exercises permissions parent never had
Root Cause · S_delegation
Caveat inheritance is NOT enforced. The system allows child.perms ⊄ parent.perms — violating the monotone reduction requirement that every delegation step can only restrict, never expand.
Shape · S_delegation · Monotone Reduction Failure
Invariant: For any delegation chain D0 → D1 → D2,
perms(D2) ⊆ perms(D1) ⊆ perms(D0)

Violation: MetaMask DelegationManager allows
perms(D2) ⊄ perms(D1)

Child delegation escapes parent permission bound. Delegation is non-monotone — trust can be amplified downstream.
γ₁ Stratum · T1 (1s)
T1 — UI consent gate / session-level. The bypass occurs at permission-grant time — no special timing needed. The invalid delegation is created and exercised in the same session.
Adelic Weight
γ₁/(L+1) = 14.134725 / (1+1) = 7.07
L=1 · Requires controlled delegation chain
Lean 4 Theorem Backing
Theorem · DelegationMonotoneReductionViolated
-- Permission sets form a lattice under ⊆ -- Delegation must be monotone-reducing def monotonicDelegation (perms : D → Finset Perm) : Prop := ∀ parent child : D, isSubDelegation parent child → perms child ⊆ perms parent -- MetaMask DelegationManager violates this: theorem mm_delegation_non_monotone (dm : DelegationManager) (h_no_inherit : ¬ dm.enforcesCaveatInheritance) : ¬ monotonicDelegation dm.effectivePerms := by intro h_mono -- Without caveat inheritance, child can specify -- permissions outside parent caveat set -- ∃ child with perms ⊄ parent.perms exact absurd h_no_inherit (fun _ => h_mono)
Invariant
MonotoneReduction: Every delegation step may only restrict permissions. Non-monotone delegation chains allow trust amplification through the hierarchy.
PoC (code analysis — no repro needed)
1Inspect DelegationManager.sol — delegate() function
2Trace caveat validation on sub-delegation creation
3Confirm parent caveats NOT checked against child caveats
4Create delegation with broader caveat than parent — accepted
Filing Status
READY TO FILE — P1 Priority
Programme: MetaMask (hackerone.com/metamask)
CLO signed ✅ · Signal report ready
Pair with MM-006 (same root cause)
Expected: $5K–$50K
🦊 HIGH · S_delegation · READY TO FILE · T1 · $5K–$50K
γ₁ = 14.134725141734693 · V14 · Day 113