OpenSea administrators can take any tokens minted on OpenSea Shared Storefront
blog.phor.netI have been keeping tabs on digital currency/NFT news just out of sheer malicious curiosity. The "positive" news mostly seem to be "company X is trying out NFTs!". The high profiles cases don't seem to end up with a usable product or are outright cancelled Y months later with the whole thing labeledd as an "experiment". The negative news on the other-hand are pretty scarring - insane amounts of theft, bankruptcies, price drops, dead-end ideas, echo-chambers. I hope this keeps up.
Sales volume dropped from >$150M per day in the beginning of the year to ~$8M today (and the trend is still going down).
Keeping in mind this is an established market now (5+ years old) - and that the vast majority of sales are known to be wash trades - this is a small, extremely insignificant market.
Magic the Gathering, at this point, is substantially larger than the non-wash trade NFT market.
My barometer for this stuff is the UFC, which is the perfect platform to market to this crowd. They're already very loudly sponsored by vechain and crypto.com, plus a ton of crypto gambling sites that have come and gone.
Last year there was an NFT advertisement every 10 minutes during UFC broadcasts, telling you to pick up the latest UFC NFT packs. For the past 6 months I haven't heard the announcers mention NFTs a single time.
If you can't even market this stuff to the UFC crowd, it's completely dead.
Lol @ the association with UFC. It feels right, but I can’t put my finger on why. Any idea what makes the UFC crowd the ideal audience?
Early adopters with disposable income and a desire for excitement?
Hmmm. If you are seeing commercials for something you are definitely not an early adopter. For me early adopter for crypto is like the Silk Road Mt. Gox days.
Idk about disposable income, but my frame of reference there is biased from seeing too many Googlers. But maybe aspirations + risk tolerance?
In a way it's like watching a freight train, loaded with nitroglycerin, running downhill with all breaks failing.
You know that you shouldn't watch, but you just can't help it.
The sad thing is that a lot of people will get burned by this.
The train blew up a while ago and we’re now watching the ruins smoldering until they eventually go out and we can go in and clean up.
Damn! And I thought that I have a great metaphor going here.
But yours is more on point, I dare say.
The Shared Storefront is OpenSea's proprietary NFT contract that artists can use to create for free on. OpenSea will allow you to create NFTs for free using their centralized servers as a temporary backend and they only get minted on-chain if they sell. It's understood that the Shared Storefront is controlled by OpenSea. While it's a nice feature for beginner artists it is also frequently abused by scams and copyright violators and unoriginal dupes. High quality NFTs issue their own contracts and open source the code.
I think they should open source the code for the contract and be transparent about it, but it's not surprising they maintain control over it.
What makes a 'high quality' NFT, in your opinion or experience?
An open source contract that adheres to the ERC721 or ERC1155 standard. I'm indifferent to the metadata URI, but some collectors prefer metadata to be fully on-chain or IPFS based. There's trade-offs with each one, so it really depends.
I sense a trap...
i assume the implication is that successful/desirable nfts also tend to have a well-thought-out implementation, the union of which being hqnft
perhaps, but isn't the desirability of something due to its (high) quality? how can its quality be measured from its desirability?
seems the wrong way around
I am not talking about high quality art. That is fairly subjective.
I am referring mainly to the smart contract itself. One should be able to audit the contract to understand the transfer mechanics. Most NFT contracts are forks of popular open source implementations of ERC721 such as OpenZeppelin's (https://docs.openzeppelin.com/contracts/4.x/erc721). You want to know things like max supply, mint mechanics, transfer mechanics, etc. And you want to be able to inspect the contract, such as this example: https://etherscan.io/token/0x1CB1A5e65610AEFF2551A50f76a87a7...
I did not mention art :)
Ok, sure so 'quality' here is literally just the technical implementation of this pointer to a thing. Good to know, thanks.
I find it really weird that they had to decompile the smart contract.
That surprised, me I thought the whole point of these smart contracts were that everyone could see them like the transactions that take place.
Seeing the contract doesn't mean it's in easy to read format. Any software of sufficient size becomes something which you need to put in effort to analyze even if you have source code. And that's ignoring possibility of obfuscation. The stuff that uploaded to Etherium blockchain and executed is bytecode for Etherium virtual machine. Which makes sense, because it's much easier to precisely define semantics and ensure that multiple different implementations behave exactly the same for a small vm than it is for higher level programming languages.
Some websites like etherscan show the the source code with the version of compiler which was used to compile it. I assume that it works by author of contract uploading original source to the website as gesture that there is nothing to hide. But not every author does that. Assuming a reproducible build the website and anyone else who wants can then verify that it's the original (ore equivalent to original) source code by compiling it with specified compiler version. If the compiled output matches with what's on blockchain, it's then relatively safe to assume it's the original source code and analyze that instead of decompiling bytecode.There is still a chance that clever person hid a backdoor by exploiting a bug or quirk of compiler, making it harder to find unless you reverse engineer compiled bytecode or aware of specific bug in that version of compiler.
This is the result of optimizing for storage constraints. Storage is expensive on the ETH blockchain, so compiled bytecode is sent to the blockchain instead of raw source.
There has been a move toward centralization in the NFT space with Opensea and Magiceden marketplaces completely dominating the space, largely to the detriment of projects and / or users. One recent example: project royalties are now optional, so projects relying on these royalties from sales have had the rug pulled out from under them.
I expect we'll start to see some backlash where major new NFT projects build more safeguards into their contracts to try and reel back in some of the control the marketplaces have gained.
The way NFT royalties were marketed was always highly misleading IMHO. A lot of the news articles made it sound like royalties were a property of NFTs themselves via some kind of smart contract. But it is in fact a feature of some NFT exchanges and you always had the option of trading the NFT via other means if you wanted to avoid the royalty payment. So royalties were always optional. The marketing just made it sound like they were not[1].
Given this, it must be asked how NFTs are in any way different from the traditional art markets for the artists themselves.
[1] https://techcrunch.com/2022/11/02/whats-going-on-with-nft-ro...
This is a bad title on the HN submission. I suspect the title is intentionally designed to capture people's attention and mislead them. The article title is much better: Does OpenSea Shared Storefront have a backdoor?
The submission title does not specify who can take anybody's tokens. Anyone who reads the article can see that the author claims that Open Sea administrators can seize anybody's tokens, and questions whether it is legal for them to retain this ability. This is much more of a nuanced situation than "omg open sea has a backdoor all your nfts are belong to us". The author also says that they will write more about this in a follow-up post.
I believe the author is correct. This is behaviour pertinent to Open Sea's ERC1155 contract (called the Open Sea Shared Storefront), and not their marketplace as a whole.
I'm not sure if it's intentional, but the title is written in such as way that it is very easy to misparse as something like "Backdoor in OpenSea allows anybody to take tokens..."
That actually is how I first read it. Not saying that doesn't make this a bad thing, but the HN title should really be reverted to the article title.
This title rewrite is really bad. One interpretation of it is basically slandering opensea. I suspect OP (the person who decided to make up a title instead of using the article title) is not a native English speaker, and there are two ways to interpret their title and intentions:
1. they meant it as a question "does backdoor in opensea allow to take anyone's tokens?".
2. they meant it as a statement "backdoor in opensea allows you to take anyone's tokens"
Obviously #2 is a lot worse. Hopefully they just forgot the question mark and weren't intentionally being malicious.
The original title is bad as well, because it is clickbaity.
Best title for submission would be: OpenSea administrators can take any tokens minted on the OpenSea Shared Storefront
Ok, done. (Submitted title was "Backdoor in OpenSea allows to take anybody's tokens".) Thanks!
I guess a back door does qualify as “Open”.
With some legacy exceptions, anything called "Open[Something]" is a farce.