This introduction to MetaMask was originally published at Bruno’s Bitfalls website, and is reproduced here with permission.
In this article, we’ll explain what MetaMask is, what it’s used for, and how to use it.
For a better understanding of the content that follows, please read:
MetaMask is a Google Chrome, Vivaldi, Opera and Firefox extension for the browser which makes it easy for web applications to communicate with the Ethereum blockchain. In other words, MetaMask is a wallet for your browser.
You can download it from the official website or you can get the Brave browser which is a fork of Google Chrome and comes with some very cryptocurrency-friendly features (a built-in MetaMask among others).
Immediately before installing it, MetaMask will request some rather liberal permissions:
It wants full control over copy-paste commands, permission to talk to external resources (websites and nodes of the blockchain), and the option to look at and modify the contents of every website you visit. In other words, it wants everything. For as long as a reputable company is behind it, this is nothing to worry about. Still, these permissions are worth keeping in mind; it wouldn’t be the first time a malicious actor got hold of a popular extension and wreaked havoc.
After installing, the extension’s icon will become available in the toolbar. Clicking it will reveal the popup with the user interface. The first screen will warn us that we’re dealing with beta software and that the address we generate and use with MetaMask is visible to every page we visit, unless we sign out of MetaMask before visiting it.
The following screen warns us about Terms of Service and the fact that MetaMask is not to be blamed for anything bad that happens, should something bad happen.
Scrolling the text to the bottom will make the Accept option available. We then proceed to the password selection screen.
The password will, just like with Mist, encrypt the JSON file that gets generated which contains information about our wallet. The password will be required of the user every time the user signs into MetaMask.
After inputting the password, MetaMask will show a seed — a list of words from which generated addresses can be regenerated if we lose access to the browser or the wallet files due to a hardware or software error.
The list should be printed and stored in a safe location if you intend to keep using these wallets. Consider it a paper wallet.
After this process has been completed, a new screen with a single account will open: Account 1.
Should you place the mouse cursor on the account name, the Edit option will appear, letting you rename it.
In the upper left corner, you can switch networks. Click Main Network and choose another one like Ropsten. You can find out more about these testnets here.
The three dots next to the account name are a menu. They offer some options about the account like checking the account on Etherscan (possible only when MetaMask is connected to the Mainnet or a public testnet), showing the QR code of the address for easy scanning with a phone or printing a paper wallet, copying the address to the clipboard (i.e. for pasting into a wallet software) and Export Private Key which lets you create a private key from an open account — a collection of numbers and letters not unlike a password. This can be used instead of the encrypted JSON file many wallet tools generate to import the wallet into another software.
There are two buttons above the three dots: three horizontal lines leading us to the settings menu (currently not interesting to us) and an icon of a human silhouette surrounded by curved arrows. That’s the Account menu which lets us create new accounts or import previously created ones.
The Create Account option instantly creates a new account, making it available in the UI.
The Import Account option leads us to the screen which lets us import JSON files or private keys (like the one exported via the option mentioned before). JSON files will usually be generated with programs like MyEtherWallet or Mist. Concretely, this means that any of those wallets can generate data that is compatible for consumption by any other wallet, thereby keeping your funds safe and portable across software.
Sending and Receiving
Let’s try sending and receiving some Ether now.
First, let’s switch to the Ropsten network. If you haven’t already, select Ropsten from the top left menu in MetaMask. Notice that the address remains the same: that’s because the algorithm used to generate a pair of keys is identical and technology-dependent, not network-dependent. A private key on one network can unlock the wallet on another network, so be careful about sharing even a Testnet private key! Only the balances of these accounts differ. Learn more about this here.
Next, let’s select Copy Address to Clipboard for that account.
Then, let’s get some free Ether from one of the faucet sites — sites made specifically for that purpose.
- https://faucet.metamask.io automatically reads the MetaMask address of your browser and sends Ether to it.
- http://faucet.ropsten.be:3001 requires you to manually input the address to which to send the Ether. Use the first field to paste the previously copied address into it if you’re using this site.
Either of these options is fine. Because these faucets use the real Ethereum blockchain (but on a Testnet), it can take up to a minute for the funds to arrive.
Now that we have Ether on one of our accounts, let’s try sending it to another. First, we pick the account we created and copy its address. Then we switch to the account with Ether and go to Send.
This is the screen on which we input the recipient’s address. Under amount, let’s put something like 0.1 and we’ll leave the transaction data field as it. Click Next.
MetaMask will generate a transaction (TX) for signing and present it to you.
Gas Price and Gas Limit are changeable and depend on the busyness of the network, as explained in this article. On the Ropsten network, both values are fine at their defaults. Pressing Reject will cancel the TX and return to the previous screen, Reset will return default values if you changed anything, and Submit will send it.
After a few minutes at most, the transaction should be confirmed.
Support for tokens in MetaMask is limited at best. They currently only support standard ERC20 tokens and only partially: they’re not easy to send from MetaMask, only relatively easy to view. Luckily, for as long as the MetaMask account is unlocked and open, visiting any of the three pages below will allow sending of tokens from the currently open address:
It’s important to keep in mind that MetaMask injects Web3.js into every website you open while you have your MetaMask extension unlocked. Web3 is a software library which allows websites to easily communicate with the Ethereum blockchain.
While Web3 injection isn’t a security risk in and of itself, it doesn’t mean it can’t become one. Not only do all visited websites see your MetaMask Ethereum address when you’re logged in, but it’s also possible that if someone should ever inject some malicious code into Web3, MetaMask itself, or even the web page you’re visiting, they could glean more private information than you’d be willing to share (your user account on a website and its connection to an Ethereum address, effectively identifying you).
Therefore, it’s recommended to keep trivial amounts of Ether on your MetaMask wallet, and to use MetaMask only in a clean browser without any other extensions.
We’ll cover Web3 in detail in an upcoming post.
MetaMask is a very practical solution for using the Ethereum blockchain and keeping Ether in your browser. While it may have some security implications, MetaMask contributes greatly to the mainstream-ization of blockchain technology and cryptocurrency in general with its simplicity and ease of use — something you’ll see in our post about running your own private blockchain.