Redefining NFT Collections: The Race to Decentralization
In reference to: https://github.com/BurntFinance/Collections
Non-fungible tokens (NFTs) reached new levels of adoption and activity in 2021 with blue-chip enterprises, crypto enthusiasts, and the mainstream public all increased their level of exposure and interest in the space. The surge in interest spurred rapid innovation but such fast-paced innovation, especially in emerging technologies, can oftentimes lead to vulnerabilities.
For instance, countless bugs have arisen in the decentralized finance (DeFi) sector after its rapid proliferation in recent years. These issues have caused billions of dollars in losses to speculators in the field. It is unsurprising that such vulnerabilities are now extending themselves to NFTs.
Due to limitations in the code of some NFTs, it has become possible to make unlimited replicas within certain NFT collections. These replicas are identical to the original NFTs and are indistinguishable in every manner.
This poses a significant risk to some NFT holders as they may have exposure to an NFT that could end up having an unlimited number of identical replicas. At Burnt Finance, we are building infrastructure which is resilient to such attacks. In this post, we will detail the technical issues which have led to such attacks while also explaining how Burnt is structured to prevent such attack vectors.
NFT Verification Issues
The metadata related to NFT contracts is not always stored on-chain. Especially when it comes to Ethereum-based NFTs, storing NFT metadata on-chain can be both costly and cumbersome. Creators often choose to store their metadata in off-chain data storage such as Amazon Web Services (AWS) Servers or another centralized cloud computing storage solution.
However, storing metadata off-chain has made some NFT contracts vulnerable to exploits. Issues may arise with the off-chain data, allowing attackers to create replicas that are difficult to distinguish from the originally minted NFTs in a contract. The infrastructure storing the metadata may become compromised or cease to work altogether. Moreover, there may be a lack of information that distinguishes the original mint from future replicas.
In August, the Degen Apes collection was subject to such an attack. The only factor distinguishing original mints in the collection from future replicas was 6 SOL sent to a specific address. However, the body of the transactions which received the SOL did not clearly specify where the funds were received from, creating an opportunity for attackers to create replicas. These replicas even managed to find themselves on secondary marketplaces, subjecting the original minters and holders to severe potential losses.
This event was closely preceded by a similar one where replicas from the Bold Badgers collection also appeared on secondary marketplaces. The lack of clearly distinguishable on-chain metadata caused a struggle to discern what was an original mint in the collection and what was a later minted fake.
Burnt Finance Fixes This.
Burnt Finance is quickly approaching the launch of a Solana-based decentralized infrastructure that allows users to mint and auction NFT assets in versatile ways. Burnt eradicates the possibility of the NFTs which comprise a collection being replicated. To create collections, Burnt users execute two on-chain signatures. One signature broadcasts the collection to the Solana chain while the other mints the NFT into the collection. This second signature ensures that the NFTs within a collection are verifiable.
Verification issues are particularly pertinent when an NFT that was originally underpinned on one chain is being transitioned to another chain to participate in a marketplace that operates on the second chain. In the case that the metadata is stored off-chain, the initial input variables which create a hash on the initial chain, Ethereum for instance, are changed with different input variables that create an entirely different hash on the second chain, Solana for instance. With Burnt, the metadata related to NFT creations are always signed on-chain and are therefore verifiable even in the case that the NFT is transitioned to another chain. The low-fee costs associated with the Solana chain are also favorable to such signing as creators will not incur excessive costs to sign NFT metadata on-chain.
Moreover, the hash of a Burnt collection is derived from the collective hashes of the individual NFTs that comprise the collections. Which NFTs comprise a collection will be clearly evident as the hash of these NFTs will be used to create the hash of the overall collection.
Redefining NFT Collections
With both collections and the individual NFTs that constitute collections being signed on-chain, creators and purchasers can participate in a more secure NFT environment within Burnt. In instances where NFT metadata is stored off-chain, both creators and collectors could incur the risk of tremendous losses. Burnt is creating an environment where NFTs are easily verifiable. The easy verification will benefit buyers in the Burnt marketplace while simultaneously ensuring that sellers are protected. It will also be beneficial in cases where the NFT is transitioned to other chains as the original signature will still exist on the Solana chain.
Welcome to the future of NFT collections on Burnt Finance.
About Burnt Finance
Burnt Finance is the first fully decentralized NFT auction protocol on Solana. Burnt allows users to take auctions into their own hands, enabling the minting and trading of any NFT in an entirely permissionless ecosystem. The platform can support auctions for NFTs, digital assets, synthetics, and much more. Given its unique Solana-based architecture, Burnt is able to achieve the fastest transaction speeds with negligible fees.