Prototype pollution risk in snaps controllers `setState` handling possible `__proto__` assignment

[ptrgits]

There appears to be a prototype-pollution source in the snaps codebase where user-controlled keys may be assigned directly into objects/state without filtering or sanitization. The vulnerable code paths are in the SnapController and the setState RPC handler. An attacker controlling a key such as __proto__ can modify Object.prototype and thus influence many objects across the runtime.

snaps/packages/snaps-controllers/src/snaps/SnapController.ts

Lines 3983 to 3987 in 5a10086

	accumulator[assets.asset] ??= {};
	accumulator[assets.asset][assets.unit] = result;
	}
	return accumulator;
	}, {});

snaps/packages/snaps-controllers/src/snaps/SnapController.ts

Lines 3946 to 3952 in 5a10086

	Record<CaipAssetType, Record<CaipAssetType, AssetConversion>>
	>((accumulator, conversion) => {
	const rate = conversionRates[conversion.from]?.[conversion.to];
	// Only include rates that were actually requested.
	if (rate) {
	accumulator[conversion.from] ??= {};
	accumulator[conversion.from][conversion.to] = rate;

snaps/packages/snaps-rpc-methods/src/permitted/setState.ts

Lines 263 to 265 in 5a10086

	if (FORBIDDEN_KEYS.includes(currentKey)) {
	throw rpcErrors.invalidParams(
	'Invalid params: Key contains forbidden characters.',

Prototype pollution allows to add or modify properties on Object.prototype. Because most objects inherit from Object.prototype, those newly added properties can change application logic, enable gadget chains, or lead to client-side XSS or server-side RCE in some contexts. and then merges/assigns state into an internal object without sanitizing keys, the __proto__ setter will pollute Object.prototype so every object {} .isAdmin === true which can be abused if later code checks obj.isAdmin before privileged operations.

References Prototype pollution

lodash
jQuery
extend
just-extend
merge.recursive.