Making Metaverse NFTs a Little More Trustworthy
Critics of Non-Fungible Token (NFT) have some good points.
There *are* some serious flaws in the vision for decentralized digital assets that current Web3 standards don’t address.
Why don’t we take a lesson from Web 2.0 and at least fix an easy, low-hanging fruit: making NFT metadata a little more trustworthy (even when it’s stored off-chain) using Subresource Integrity (SRI).
You Can’t Trust Every NFT
Did you know that NFTs can lie?
“Impossible!” the blockchain white knight retorts, “They’re immutable! Censorship resistant! The very model of a modern major decentralized digital asset!”
Yeah… that sounds nice on paper. But it’s not the reality.
I’m certainly not the first person to say it out loud, and despite how important I think decentralized technology is to building an open Metaverse, I also readily admit that prominent blockchain critics like Moxie Marlinspike, Lars Doucet, and Molly White have some really good points worth listening to.
Lies and the Lying Liars Who Centralize Them
Let’s start with Moxie Marlinspike, the creator of Signal and rockstar member of the cryptography (not crypto!) community, who wrote a thoroughly entertaining (and thought provoking) critique of Non-Fungible Tokens (NFTs) in July, 2022.
My favorite part?
When he went ahead and wrote his own NFT that could change from some neat abstract art 🖼️ into a pile of poo emoji 💩 depending on what platform you were looking at it through.
Yep.
Marlinspike was able to manipulate the code on his website, where the NFT smart contract pointed, so that he could change what “metadata” (all the fun stuff that tells you what an NFT *is*, including what image to show you) was sent to viewers depending on their “user agent” (the unique piece of text that each browser/platform sends to web servers so they know if they’re Chrome or Edge, etc).
And it worked a treat!
He got OpenSea, Rarible, and MetaMask to all display different results for the same NFT.
Naturally, it was quickly banned by OpenSea — the largest NFT marketplace — and then it disappeared from MetaMask too.
Wait, what?!
Yes, that’s right, the moment OpeaSea — a privately held NFT trading market — removed Marlinspike’s NFT from their website it also disappeared from one of the most popular “decentralized” Web3 browser wallets in existence.
Doucet’s Degraded Blockchain
Lars Doucet, game developer and author of “Land is a Big Deal”, calls this the “degraded blockchain problem.”
He points out that anytime we have to use an off-chain solution for interacting with “decentralized” digital assets, we’re risking not just the “ideals” of decentralization, but the stone-cold safeties we were promised about trust and immutability.
Marlinspike clearly demonstrates this in his post, because it turns out when MetaMask wants to display NFTs in your digital wallet, it just makes an API call to… OpenSea.
Let that sink in.
For the sake of convenience, rather than pushing forward some sort of, I don’t know, decentralized NFT lookup service, we’ve just decided as a community to put our faith in centralized markets.
And they can decide to do whatever they want to do with the metadata they’re given: including delist it, ban it, alter it, ignore it, or be tricked by it.
Into the Metaverse with Metadata
We keep using this word: metadata.
I really want to hammer this home: most NFTs, especially complex Web3/Metaverse gaming NFTs, don’t store their images and attributes on-chain — the NFT’s metadata is stored off-chain.
Molly White, Fellow at the Library Innovation Lab and creator of the popular counter-crypto-culture website Web3 is Going Just Great, writes extensively about this in her article “Blockchain-based systems are not what they say they are.”
White, as a Web3 skeptic who heavily researches crypto, documents multiple concerns she has with the lofty promises of decentralization being ignored for the concrete convenience of centralization.
She points out that not only can these centralized services censor content (which, she also moralizes as being necessary to combat despicable or illegal content), they can also be manipulated (as Marlinspike demonstrated), or even outright fail due to external dependencies (such as cloud-service provider outages).
The collapse of FTX and all of its associated NFTs demonstrates not only the technical dangers of centralization, but the natural human inclination to seek authority during conflict.
What happens when judges hand down court orders enforcing Cease & Desists or other legal actions when two Metaverse companies have a dispute?
Will we see a future full of Web3 Intellectual Property (IP) conflicts between gaming companies? Can “Company A” willy-nilly file an injunction against “Company B” and force all centralized markets to delist “Company B’s” Metaverse NFTs until their lawsuit is resolved several years later?
Can you imagine losing access to the NFTs you paid for until a multi-year legal battle you had nothing to do with is resolved in some foreign jurisdiction?
Especially if it’s your “+15 Sword of Smiting Banefire” that you invested 60 hours of your time earning in your favorite Web3 game?
That’s not very “Metaversy.”
What Should/Can We Fix?
After OpenSea originally took down Marlinspike’s “lying” NFT for ostensibly violating their Terms of Service, they ended up restoring it after the blog post I linked to earlier went viral.
You can see one version of his NFT in action here — relisted by OpenSea.
The key lesson?
For all our talk about decentralization & Web 3.0 we never really escaped the centralization of Web 2.0!
We’re *still* subject to the whims of our corporate overlords!
Now don’t get me wrong, OpenSea did what any legitimate corporation would do: they saw a “deceptive” NFT in play and acted to protect their customers.
But MetaMask relies on their API instead of giving you some other opt-in way to view NFTs, so in a way OpenSea already has unilateral control over the way we “see” the emerging Metaverse.
Wow.
So I thought about these issues that Marlinspike, Doucet, and White have been talking about: a lot of them require serious technical and moral investment by the larger community (especially if we try to solve some of them by making a decentralized cache of NFT metadata — which I’d love to work on!).
However, I think there’s one, really low-hanging fruit we could implement right now.
Here’s the idea: We can make NFT metadata, even when it’s stored off-chain, just a little more trustworthy by storing a hash of its content on-chain.
Let’s end a key complaint our Web3 detractors are making about NFTs by providing an on-chain mechanism that can prove an NFT’s off-chain metadata hasn’t been tampered with.
Web 2.0 Already Figured This Out
The World Wide Web used to be a much wilder place.
Do you remember when most URLs used to start with http:// instead of today’s well-enforced https:// protocol?
The “s” stands for “secure” and the difference is night and day. When you access a website with naked http you have no guarantee someone between you and the hosting website didn’t either A) modify the webpage content on its way to you, or B) steal any data you’re sending back and forth.
Nowadays modern browsers use https by default and encrypt the connection between you and your favorite websites, which means while your ISP can see “who” you’re connecting to (like medium.com), they can’t see “what” you’re getting from them.
But there was still a big problem.
Webpages have lots of links inside of them to load things like CSS frameworks and JavaScript libraries — all stored on yet more websites or Content Delivery Networks (CDNs) and not necessarily the original website you were connected to in the first place.
Sure, we might trust the webpage we connected to, but what if someone hacks the external resources and your browser happily loads a malicious JavaScript snippet that steals credit cards or drains your Web3 wallet of all your crypto?
Billions upon billion of dollars have been lost through injected code vulnerabilities in Web 2.0 — in part because browsers used to just load whatever external resources web pages naively told them to (like critical JavaScript & CSS frameworks) even if they’d been compromised by hackers such as in the infamous Magecart attacks.
So in 2016 the W3C (World Wide Web Consortium) came up with a simple idea rooted in cryptography: integrity hashing.
Whenever you need to load an external resource on a webpage, like the Bootstrap CSS framework, you (the webpage designer) include some code in your HTML to tell the browser what hashing algorithm to run on it once it fetches it, and then what “digest” (a fixed snippet of data) to compare the results with to make sure some evildoer hasn’t replaced the expected known-good file for a hacked piece of garbage that’s trying to steal your Coinbase login cookie.
This system is called Subresource Integrity (SRI) and all major browsers support it.
It just requires a little bit of extra data whenever you’re pointing to an external resource.
Making the Metaverse Just a Little Bit More Trustworthy
Remember, I didn’t promise we could fix all of our centralization problems right this second, but I can at least point out that we can use Subresource Integrity (SRI) to bind on-chain NFTs to their off-chain content in an immutable, provably non-manipulated way.
Marlinspike, for instance, was surprised we weren’t already doing something like this — since, you know, we keep talking about cryptography being important in crypto.
And why shouldn’t we get called out for that?
After all, isn’t crypto all about proving things? Like ownership? And… integrity?
Let’s take one more step towards a decentralized Metaverse where NFTs are more trustworthy for Web3 gaming & apps by agreeing to implement this valuable lesson from Web 2.0!
Oh, and it turns out it’s gonna be super easy, barely an inconvenience.
A Simple Example of SRI in a Smart Contract
For example, in Solidity you can just add an _integrities mapping of <uint256, uint256> to track the relationship between a Token ID and its SHA256 metadata content hash.
Expose it with a getIntegrity(tokenId) method and voila, you have a quick and free way to grab an NFT’s integrity digest so you can double-check it against the JSON metadata file being pointed to by either ERC-721’s tokenURI(tokenId) or ERC-1155’s uri(tokenId) methods.
Sure, it costs an additional 20k gas in Ethereum (~$0.35 USD) to store the integrity digest, but is that such a large price to pay for peace of mind? (Well, if it is, the end of this document suggests some price-control/mitigation strategies.)
Here’s an example using the “Founder Society” NFT collection I made (I got tired of not having a Twitter hexagon border) with NFT #1’s “Alexander Hamilton” made up with some Dungeons & Dragons-style attributes.
You can see the contract code on Etherscan, which implements the mapping described above, as well as play with the getIntegrity(tokenID) method in Etherscan’s contract reader.
If you compare the SHA256 hash from the getIntegrity(tokenId) method to the SHA256 hash of the minified content of the full JSON file, then you’ll get an exact match.
Naturally, in real world usage this wouldn’t be done by hand, but in an automated way (the same way, in fact, that web browsers do it).
You can see that I even added in an additional field inside the JSON metadata called “image_integrity” that provides one more layer of veracity: a hash of the binary data that makes up the NFT’s image.
How has this not been a thing already?
And the beauty of this system is that it’s established tech — standardized tech — that we know already works for Web 2.0 and there are tons of tools to make automating both the generation and verification of integrity digests easy.
Wait a Sec, What About IPFS?
“But Tim,” you interject at last, “That’s neat and all, but why should we use SRI-style integrity hashing if we just publish our NFT metadata on IPFS?”
The InterPlanetary File System (IPFS) is great for storing immutable data in a decentralized way, which is why so many NFT projects use it for storing NFT metadata.
But we still have a degradation problem between IPFS and your Wallet.
What software and services are placed in-between the two that are actually fetching the files for you? You, the user, are probably not running a P2P IPFS node on your phone, right?
So can we always trust those intermediary services and gateways, perfectly?
No! Bad things happen to well-intentioned people. No centralized service can be perfect.
There’s still a need for SRI-style integrity digests.
It’s all about the difference between immutability and veracity.
We’re talking about veracity.
But Why Don’t the Standards Already Do This?
Well, this isn’t exactly a big secret, but the ERC-721 and ERC-1155 standards (which many other non-Ethereum NFTs also inherit their ideas & implementations from) weren’t really that focused on the “metadata” part of the standards versus the core problem of making NFTs safe to mint and trade.
They do have a section about how to do “Optional Metadata”, and good libraries like OpenZeppelin do implement the tokenURI() method, but the keyword at the beginning of the sentence was “optional.”
All the early standards were busy solving the “foundational” problems with NFTs, and we were all mostly left to fend for ourselves as far as off-chain metadata stuff goes.
But Don’t We Need Industry Buy-In?
Of course, we always need buy-in.
There’s software to write, APIs to define, standards to debate, interfaces to design, and reference implementations to publish.
But the only way we’re going to get wallets and centralized markets to start recognizing, let alone rewarding, the use of SRI-style integrity digests in NFTs is if we start using them in our NFTs.
All this SRI-implementation does is make the underlying tech just a little less terrible — just that little bit more trustworthy.
And if we’re going to be basing Metaverse/Web3-gaming economies on this stuff, shouldn’t we be pushing the envelope towards our shared dream of decentralization?
How You Can Help
As far as I know there isn’t a standard for implementing SRI-style integrity digests into smart contracts.
I checked with the Ethereum Magicians and Cat Herders, and after running through the open Ethereum Improvement Proposals (EIPs) I think we have a chance to forge our own destiny here.
Here are a few ways I think you, the reader, can help.
- If you’re not technical, just share this blog post with your social network. The more eyes we have on it the quicker we’ll be able to make this a reality.
- Comment on the thread I opened on the Fellowship of Ethereum Magicians site, it’s tagged as “Primordial Soup” so we can gather feedback, suggestions, and objections.
- Visit me on the Future of Gaming FOGDAO Discord server so we can discuss drafting a formal standard for Ethereum. Discord ID: tim | scrypted#4489
- Connect with me on LinkedIn to talk about anything Web3/Metaverse/gamedev related: https://www.linkedin.com/in/timcotten/
- If you’re working in the Web3 product space (NFT creator, wallet developer, market, etc) let’s get in touch and talk about how we can streamline a technical implementation into your platform so you can be one of the early adopters of SRI in NFTs.
Thanks!
P.S.
Limits on Implementation & Mitigations
Deploying a smart contract with the integrity digests already built in would be prohibitively expensive for any non-trivial implementation that uses gas-based smart contracts, such as fixed sized collections with 10,000 NFTs in Ethereum.
Here are a couple of mitigations I thought of:
- Letting the minter (the user/owner who redeems the NFT and pays the associated gas fees) also specify the integrity hash at the time of minting. This can be enforced using a merkle tree to store a root node in the contract representing the root of all integrity digests, and the minter has to supply both digest + a merkle proof in order to mint. The NFT buyer won’t have to do any additional work — just pay a little more gas — but this gives the contract owner a flexible way to add more NFTs by updating the merkle root.
- Treat the Token ID as the integrity digest (I’m doing something similar with procedurally generated NFTs in my next project). The caveat here is that you abandon “Pretty IDs” like #1, #2, #42 and such in favor of IDs that are big long hexadecimal representations of 256-bit unsigned integers. So a minter actually is handed the SHA256 integrity hash of a JSON file containing the NFT metadata, and *that* becomes the Token ID as well.
If You Liked This Article
Like, Share, Subscribe, and Read More!
Cotten.IO
- ChatGPT Isn’t Magical Witchcraft
- That Time We Burned Down Players’ Houses in Ultima Online
- Thinking in Solidity
- Bitcoin Money Laundering and Mueller’s 12
Future of Gaming
- Web3 Games and the Resurrection of Staking
- Blockchain won’t disrupt the gaming industry, it will complement it
- Analyzing a blockchain gaming community: Is it all about the money?
About the Author
Tim “Draconi” Cotten is a startup founder with two decades of experience in enterprise software, blockchain, and MMO game development.
Once upon a time he was the lead game designer of Ultima Online: Stygian Abyss, and when he’s not writing up stories from the wild west days of online gaming he’s working on applying all those hard-won lessons to his Metaverse startup: Scrypted.
