Hacker News new | ask | show | jobs
by homedepotdave 1884 days ago
This isn’t a big deal. This guy just created his own smart contract with a special code snippet that, after he mints an NFT to beeple’s address, allows his address to still transfer it to another address (himself). On Rarible/etc this then makes it appear that Beeple minted it and then transferred it to him.

This is why you need to publish the code for NFT smart contracts... which pretty much everyone does, which makes real NFTs auditable and secure (enough). He wouldn’t be able to mint a duplicate NFT from the same smart contract Beeple originally used.

Lol, self-proclaimed “banksy of NFTs”, come on
3 comments
simplecto 1884 days ago
No. It is a big deal.

Forgery is forgery, and this is a fundamental flaw in the ERC-721 token.

Provenance matters, and this is more than a shot across the bow. This is a direct hit on trust.

I only have to fool you long enough to get the tokens into my wallet. This kind of forgery seems to do the trick.

link
homedepotdave 1884 days ago
Ok -- sorry -- sure. This hack may trick some people and that sucks. I too am generally skeptical of the NFT world.

But if you just use the general rule of only buying NFTs that are minted to smart code with published code, that basically solves this problem.

Also worth mentioning that two weeks ago this guy -- before posting all this BS -- first tried to sell this fake for 369,122 ETH lol.

https://rarible.com/token/0x5fbbacf00ef20193a301a5ba20acf047...

link
vmception 1884 days ago
Its up to the market to discern the earlier date of the original issuance. Its always been this way. The blockchain just allows for easier provenance instead of hearsay.

If you buy a duplicate art piece or an art piece that was "sleepminted" just because a popular artist addresses "dropped it", that's really on you

this sounds more like a UI problem that can be easily solved

try not to get scammed, ripped off, or if you want to buy things with resale value in the future maybe just avoid the entire NFT market and not worry about a UI issue

link
BelenusMordred 1884 days ago
> you need to publish the code for NFT smart contracts... which pretty much everyone does

How do you not publish smart contract code on a public blockchain? This statement makes no sense. At best you could pull some obfuscation tricks which only serves to makes you look dodgy as fuck.

link
homedepotdave 1884 days ago
When I push a smart contract to the blockchain, it's in bytecode format -- impossible to read. There are some tools that try to decompile the bytecode back to the (readable) source code, but most I've seen aren't great.

Take Rarible's smart contract: https://etherscan.io/address/0xd07dc4262bcdbf85190c01c996b4c... They published the actual code on Etherscan, so when you click "Contract" you can see the Solidity code. Etherscan compiles this Solidity code to confirm it matches the bytecode exactly. It also allows normal people to review the code.

Compare that to the smart contract this 'banksy of nfts' published: https://etherscan.io/address/0x5FBbACf00ef20193a301a5BA20acf...

You can't review the Solidity code, all there is is bytecode.

Basically, you shouldn't buy an NFT that hasn't published the source code of its smart contract because you have NO idea what you are getting.

link
kolinko 1884 days ago
You can also check the decompiled source on eveem.org - doesn’t work with everything, but even if sources are public it’s good to double-check them there.

(I’m the creator of eveem)

link
miracle2k 1884 days ago
Thank you for your work. I would imagine working on decompilers is quite thankless, but immensely important.
link