dare
15.8K posts
dare
@xtrvth
a random meta player collecting art
Houston, TX Katılım Nisan 2015
812 Takip Edilen3.5K Takipçiler
dare retweetledi
Introducing DN404: a solution to the critical issues arising from the newly popular "ERC404" tokens.
Huge shoutout to the all-star team who has worked around the clock for days to make this a reality:
@0xQuit
@0xCygaar
@optimizoor
@0xjustadev
@PopPunkOnChain
@AmadiMichaels
And a special thanks to our working group who offered feedback and suggestions. Your insights were crucial.
For a deep dive into some of the security concerns with ERC404, check out my earlier thread:
x.com/0xquit/status/…
This post will discuss them from a more high level.
ERC404 sought to merge ERC20 and ERC721 into a unified token standard. While it successfully integrates functionalities from both, issues arise in functions that are shared between the two standards, like transferFrom, which has been redesigned to behave differently based on parameter values.
This redesign birthed several critical vulnerabilities.
transferFrom requires 3 parameters: a source address, a destination address, and a number.
In ERC721, that number is a token ID.
In ERC20 it's an count of tokens (in wei).
The "standard" differentiates between which token path to use (ERC20 or ERC721) based on how large the number is, but protocols can't know that.
In the thread linked above, I outlined an exploit in which a user is effectively able to trick a contract into trading token dust (a tiny fraction of a penny) for an arbitrary number of 404 NFTs. This was a basic and contrived proof of concept, but the reality is that very many protocols currently live on mainnet that work in exactly this way. In fact, I found and reported the bug in the wild to more than one affected protocol, and they were thankfully able to disable the collection before it was exploited.
Perhaps an even simpler example is to consider a Seaport collection offer. You can accept a collection offer for any ID in the collection. ERC721 contracts with revert safely if attempting to accept an offer using a nonexistent ID, but in specific circumstances, a malicious user could accept a collection offer for `(minted + 1)` tokens, and again they are able to trade dust for multiple ether.
The crux of the issue lies in an attacker's ability to maliciously craft calldata to coerce a contract into conflating an NFT with ERC20 tokens given the arbitrary logic switch based on that singular numerical input.
CellMates' ERC20721 attempts to solve this issue by having a set range of ERC20 token supply (0-256), followed by an equal number of NFT IDs. Each token type has it's own namespace, and tokens are not divisible (1 token = 1 NFT). This eliminates the attack vectors above, but opens up a new one, which I discussed with the Cellmates team earlier today (it was a very productive conversation, shout out to them for being so receptive).
Imagine User A has NFT #257, and User B has NFT #258.
User B asks the vault to deposit 1 token, the ERC20 flow is correctly followed and User B properly receives 1 credit within the vault.
User A asks the vault to deposit 257 ERC20 tokens. transferFrom is called and ERC20721 routes it through the ERC721 logic, pulling token #257 to the vault. The call was successful, so the vault provides User A with 257 credits (after all, it asked for an ERC20 transfer).
Now, User A requests a withdrawal for 2 tokens. This is far lower than their allotted credits, so the vault proceeds with his withdrawal and sends not only his own token back, but User B's token as well. After this, User A still has 298 more credits to use.
This is the issue with overloaded functions - either every protocol needs to be rebuilt to account for the new behavior defined by these hybrid tokens, or we accept catastrophic loss on a regular basis.
This means there are two ways we can go:
1) Ask protocols to build around this new standard, in which case we can remove unpredictable branching altogether by coming up with new function signatures unique to 404...a true new standard.
2) Just...use two contracts?
We chose the latter.
DN404 was built from the ground up using a novel approach that separates ERC721 and ERC20 functionalities into distinct contracts, linked from inception. DN404 handles all the logic, storage, and permissions, but only exposes an ERC20 interface. DN404Mirror serves as a passthrough - an ERC721 interface that defers all logic to DN404, but emits its own events.
The result is that everything returns to the way it should be. The ERC721 and ERC20 contracts both exist, and both function as standalone products, but under the hood they run on shared 404 rails. Protocols always know exactly what you're transferring, because each contract address follows just one standard.
I want to be clear - while I had a ton of fun building this, I still see 404 as more of a gimmick than anything else. However, the space has shown a desire to continue using it, and so we decided it was worth making an implementation that was efficient and safe to use.
That's it. For more on the DN404 architecture and optimizations, see Cygaar's thread here: x.com/0xCygaar/statu…
English
dare retweetledi
Someone just took a $1,100,000 on-chain loan from a stranger using an NFT representing ownership of a complete set of Supreme Box logo T-shirts as collateral
The 1000lb+ set was sent to an escrow company who then sent back NFTs representing ownership of the shirts
The borrower then used the NFT to tap into global liquidity
If they default? The lender can use the NFT to redeem the shirts
Sotheby's appraised the collection of 291 shirts at ~$2.5m a couple of years ago
Pretty insane to see the owner of a grail streetwear collection come on chain and utilize the proof of ownership that NFTs provide
English
@Fitz01_eth @Gfunkera86 @gmoneyNFT @beaniemaxi horrible take on 21' utility era. if merch was all that impressed you.. you should try Veefriends.. Veecon was far more utility lol and thats just one example
English
@Gfunkera86 @gmoneyNFT @beaniemaxi Tbh - I minted got my merch(kit is pretty nice tbh) wasn’t expecting to flip for profit and experiment didn’t work out. Not sure who was hurt then again I only minted 1 NFT so overall better utility than 99.9% of all the 2021 era NFT projects!
English
Is WAGMI United quietly winding down operations? Its deck was stacked with all the top web3 names. They had Daryl Morey from 76ers on the board. I didn’tget involved b/c the model of backing an NFT into everything doesn’t work. Makes people hate NFTs. Ask any Crawley Town FC fan.
English
dare retweetledi
dare retweetledi
@GrimDegen idk where you came from but welcome mate, it’s a bit hot rn but can’t beat these cheaper prices. 🫡
English
dare retweetledi
dare retweetledi
Most collectors are money motivated and don't truly care about artists careers. Its not hard to tell the difference between the small group of true art collectors in the space and the art investors who only care about number go up. There is also a big group of collectors that wear two hats as a collector and investor. I would even go to say that most of the NFT collectors are half investors/half collector.
Not to say wanting the value of your purchase to rise is bad or being an investor is bad but when collectors pressure artists to never change styles or use buying their pieces as a way to leverage their personal brands, I have an issue. I also think many investors dont truly collect what they love. They collect what they think is hot or could be hot. This is going to send ripple affects throughout the market sooner than later. Artists and investors/collectors alike will feel the pain.
We also see collectors elevate artists throughout the beginning stages of their career to then relist those same 1/1s they were posting within 4-6 months of purchasing. In the traditional market rarely can you even bring back a piece purchased at an auction house to reauction within a few years. No one buys a painting and then tries to sell it immediately. Curating your collector base is more important than ever.
Prints of high profile artists resell consistently but that's the expectation. Editions = Prints. The reason to drop editions is primarily for secondary market movement and a cheaper entry point into an artists work. Editions should never be the focus. Paintings or 1/1s are usually and should not be resold as often. Having a few edition works available at different price points promotes healthy movement and is sustainable. Dropping editions very often (unless done very intentionally) doesn't feel sustainable long term.
Artists need room to grow, experiment, and breathe without constantly thinking about market conditions and pressures from collectors. If most of your art is editions, I believe you will be pressured more often by investors and can become a slave to market conditions.
The space is small and everyone sees everyone's movements. Many artists here to me feel like craftsman's with the ways they mold to the market or copy other artists and release works that they think collectors will like rather than finding their own path. A focus on 1/1s instead of editions will allow you to attract more true art collectors. Editions are more liquid and will attract more investors. I believe selling more 1/1s at a cheaper price is better than selling editions constantly.
It feels as if we as a digital art space have strayed so far from truly supporting artists and the arts. This is one of the main reasons im hesitant to mint more art or even think about selling my physical paintings.
I do know art investors arent new. They have always been present in the traditional markets and are the main reasons why many artists get big. But this doesnt mean we as artists should cater towards their needs. Make art for yourself.
I am not the biggest fan of commercial artists either and I will continue to be outspoken about this topic. I believe art can be sacred and spiritual but there are only a few artists that treat their work at this level. Those artists will make it long term.
I have almost fully stopped collecting art unless I truly believe the artist is making art for themselves.
Overall I think the market needs a hard reset. I think many prices will come down to more sustainable levels and artists will eventually thrive using this technology. The ability to see every minted work from an artist will either become a blessing or curse to that artist.
Do I know everything? No. Am I the smartest person here? No.
Am I hyperaware of what is happening in the NFT space? Yes. Do I truly care about artists and the arts? Yes.
move intentionally and my dms are open if you ever want an opinion
English
Looking for the next generation of hosts … people who want to interview people for 15 min or so over specific topics on video and do it often … who’s looking for that ???
English
English
dare retweetledi
