The Motivation
According to this Dune Analytics dashboard and by the end of July 2022, NFTs blacklisted by the marketplace came to 24,000 ETH. This number is according to the floor prices of each aforementioned NFT collection. Centralized marketplaces such as OpenSea blacklists an asset and prevents it from trading after it is tagged as stolen or suspicious. With the emergence of more and more decentralized NFT financialization protocols such as NFT AMM, NFT loan, or NFT fractionalization, there is a solid need to source the NFT before a user can trade or perform other financialization tasks. Otherwise, blacklisted NFT will flow into the permissionless decentralized protocols and cause unfair trading for the user. The initial motivation for 0xSauce is to build a NFT sourcing oracle as a guard for future NFT financialization.
The Approach
The general idea is to collect blacklisted NFTs and store these data in the blockchain through a smart contract. Other NFT Dapps can call the 0xSauce contract to check if the specific NFT is suspicious or not before a user initiates an NFT financialization task. However, storing and updating each blacklist item and corresponding collection is expensive. We come up with the idea of performing Merkle tree as data verification and synchronization. The generated root is a 32-bytes. Instead of storing all the blacklisted addresses with a specific ID, we only need to store a 32-bytes root. When the dynamic database updates and monitors a change in blacklisted items, 0xSauce oracle will generate a new Merkle tree and update the most current root to the blockchain.
The leaf of generated Merkle tree is then stored publicly and permanently on IPFS. The figure above illustrates a sample leaf, also called proof. For the convenience to query the proof, we have created a subgraph in The Graph. Other Dapps can easily query the most updated token proof in the 0xSauce subgraph.
The Data Source
Our current blacklisted NFT data come from two sources: NFT marketplace snapshot such as OpenSea and blockchain security groups such as SlowMist and Scam Sniffer. The first source is constantly snapshotting OpenSea blacklisted tags and updating to 0xSauce dynamic DB. The second source is that we monitor all the NFT scam addresses that are tagged by blockchain security organizations and we blacklist the current holding NFTs in the scam address or any incoming NFTs. This is our current approach to reaching blacklisted NFT data. This method is still quite centralized and exposed to certain attacking risks. We have some ideas to improve the existing data sourcing platform and we would love to hear any suggestions from you.
We created two data streams for all the labeled scam addresses and share them on Dune. If you are interested, welcome to query or make a dashboard with this data.
ETHGlobal x 0xSauce
With this initial idea, we are participating in ETHGlobal ETHOnline 2022 Hackathon. Our team consists of two devs: tztztz.eth and fun0.eth. TZ is a defi engineer and Fun is a blockchain security engineer. We are very excited to contribute to the Ethereum community and build a safer and more reliable NFT infrastructure.
ETHOnline project page: https://ethglobal.com/showcase/0xsauce-76sd6
Website: http://0xsauce.xyz/
