[BelenusMordred]

> you need to publish the code for NFT smart contracts... which pretty much everyone does

How do you not publish smart contract code on a public blockchain? This statement makes no sense. At best you could pull some obfuscation tricks which only serves to makes you look dodgy as fuck.

[homedepotdave]

When I push a smart contract to the blockchain, it's in bytecode format -- impossible to read. There are some tools that try to decompile the bytecode back to the (readable) source code, but most I've seen aren't great.

Take Rarible's smart contract: https://etherscan.io/address/0xd07dc4262bcdbf85190c01c996b4c... They published the actual code on Etherscan, so when you click "Contract" you can see the Solidity code. Etherscan compiles this Solidity code to confirm it matches the bytecode exactly. It also allows normal people to review the code.

Compare that to the smart contract this 'banksy of nfts' published: https://etherscan.io/address/0x5FBbACf00ef20193a301a5BA20acf...

You can't review the Solidity code, all there is is bytecode.

Basically, you shouldn't buy an NFT that hasn't published the source code of its smart contract because you have NO idea what you are getting.