1/ On dropping NFTs safely for your collectors
This is a thread for artists and developers who have existing collectors and want to give them something extra - a free NFT or preferential access to a new collection
This is a thread for artists and developers who have existing collectors and want to give them something extra - a free NFT or preferential access to a new collection
2/ In this thread, I will propose best practices that:
✅Do not encourage bad safety habits in NFT security
and
✅ Do not annoy large collectors
Doing this is all upside, no downside for you, person issuing NFTs
✅Do not encourage bad safety habits in NFT security
and
✅ Do not annoy large collectors
Doing this is all upside, no downside for you, person issuing NFTs
3/ For those new around here, my long overview on NFT safety is here:
https://twitter.com/punk6529/status/1461742366696652809
4/ For those more technically oriented, the elegant and long-term solution to the problem I am about to discuss is rights delegation embedded into NFTs/wallets.
But until we solve this problem in the future, we need to operate better in the present.
But until we solve this problem in the future, we need to operate better in the present.
https://twitter.com/punk6529/status/1471832930066604039
5/ There are broadly speaking three popular ways to give preferential access to NFTs to existing collectors.
a) Airdrop the NFT
b) Use the NFT as a mintpass
c) Use a snapshot of the wallet as a mintpass
a) Airdrop the NFT
b) Use the NFT as a mintpass
c) Use a snapshot of the wallet as a mintpass
6/ Airdrop
In airdrops, you send the NFT to the wallet of people who have your existing collection.
While generally it is bad form to airdrop random things into people's wallets, it is not necessarily so with your existing collectors
In airdrops, you send the NFT to the wallet of people who have your existing collection.
While generally it is bad form to airdrop random things into people's wallets, it is not necessarily so with your existing collectors
7/ For smaller collections (e.g. 1 of 1 artists), you might even manually check with all your collectors if they want the airdrop.
For larger collections, it is a judgement call.
Generally people will be OK with it, if they are already a collector.
For larger collections, it is a judgement call.
Generally people will be OK with it, if they are already a collector.
8/ This is an awesome outcome for a collector because you don't have to do anything and time is the most precious thing!
Don't have to find your hardware wallet, don't have to carefully check if you are minting on the right site, don't have to de-cold storage multi-sigs.
Don't have to find your hardware wallet, don't have to carefully check if you are minting on the right site, don't have to de-cold storage multi-sigs.
9/ For the artist, it can be a bit of a logistical nuisance and you have to pay the gas fees, but depending on the situation, you may consider it a cost of doing business.
10/ The second model is using the existing NFT itself as a mintpass.
This can be done more or less safely for the collector by moving the NFT to an empty address and then minting from that address.
That way, the worst case is that you lose 1 NFT, not your whole wallet
This can be done more or less safely for the collector by moving the NFT to an empty address and then minting from that address.
That way, the worst case is that you lose 1 NFT, not your whole wallet
11/ "But wait 6529, I don't plan to rug my collectors"
Sure, but things happen - maybe your contractor goes rogue and injects malicious code in your site.
If everyone mints from their wallet on every new contract, eventually one of them will be a rug.
Sure, but things happen - maybe your contractor goes rogue and injects malicious code in your site.
If everyone mints from their wallet on every new contract, eventually one of them will be a rug.
12/ While this can be acceptable safety-wise for collector, the collector may have to pay gas 4 times (move to tx wallet, move back, move new NFT to archival, mint NFT).
Even worse, if you are in a multi-sig, this may require pulling keys out of cold storage.
Even worse, if you are in a multi-sig, this may require pulling keys out of cold storage.
13/ I have skipped multiple mints like this because it was just not worth it to go through the aggravation of moving something out of the multi-sig.
It has to be valuable and I and others need to be in the right places for this to be doable
It has to be valuable and I and others need to be in the right places for this to be doable
14/ Also, if you are going to do this, put LONG deadlines or no deadlines at all.
Nobody should be traveling with the keys to their archival wallets so, if there is a 2 week deadline for example, it is easy to miss the window to mint.
Nobody should be traveling with the keys to their archival wallets so, if there is a 2 week deadline for example, it is easy to miss the window to mint.
15/ There is a nuance of this model which is "sell a mintpass" or "grant/airdrop a mintpass" that is separate from the NFT artwork
In other words, instead of having to mint with an @lphaCentauriKid 1 of 1, mint with a mintpass airdropped to ACK 1 of 1 collectors
In other words, instead of having to mint with an @lphaCentauriKid 1 of 1, mint with a mintpass airdropped to ACK 1 of 1 collectors
16/ This is a lower risk model for me.
I would be comfortable keeping a mintpass in a single signature hardware wallet, while I would not feel comfortable keeping my ACK 1 of 1s in anything less than a multi-sig.
And if a collector sells their mintpass, so be it IMHO
I would be comfortable keeping a mintpass in a single signature hardware wallet, while I would not feel comfortable keeping my ACK 1 of 1s in anything less than a multi-sig.
And if a collector sells their mintpass, so be it IMHO
17/ The worst model is using a "wallet snapshot" as a mintpass.
This checks which wallet held a specific NFT on a specific day and allows only them to mint.
This is basically a disaster security wise for any high quality NFTs.
This checks which wallet held a specific NFT on a specific day and allows only them to mint.
This is basically a disaster security wise for any high quality NFTs.
18/ It is logical to believe that people keep their best NFTs in their most secure wallet/address.
If you snapshot that address, you are asking (training) them to connect their prized wallet to random contracts.
This is a very bad habit and, as a field, we should stop it
If you snapshot that address, you are asking (training) them to connect their prized wallet to random contracts.
This is a very bad habit and, as a field, we should stop it
19/ I think it is fair to say that 6529 Museum and 6529 Capital will almost certainly not participate going forward in any drops done in this model.
Our core NFTs are all in multi-sigs and we are generally not willing to connect that multi-sig to new untrusted contracts.
Our core NFTs are all in multi-sigs and we are generally not willing to connect that multi-sig to new untrusted contracts.
20/ I have no interest in auditing the contract, in trying to figure out how it works and so on.
Life is short, I am busy and also I am not taking on the responsibility of being sure a contract is safe.
Computer security and bugs are HARD!
Life is short, I am busy and also I am not taking on the responsibility of being sure a contract is safe.
Computer security and bugs are HARD!
21/ So, to recap-the most elegant solution is rights delegation so, say, The Tulip sits in a wallet that never acts, but either the NFT or the wallet delegates minting or airdrops to a transaction wallet.
We need to get there to have composability & safety.
And we will.
We need to get there to have composability & safety.
And we will.
22/ Until then though, here is my tl;dr
Best Choices For Safety (collector dynamics to consider)
✅Airdrops
✅Mintpasses separate from the art NFTs
Acceptable For Safety (a bit inconvenient)
✅The art NFTs as mintpasses
Unacceptable For Safety
✅Wallet snapshots as mintpasses
Best Choices For Safety (collector dynamics to consider)
✅Airdrops
✅Mintpasses separate from the art NFTs
Acceptable For Safety (a bit inconvenient)
✅The art NFTs as mintpasses
Unacceptable For Safety
✅Wallet snapshots as mintpasses
23/ I hope this makes sense to everyone.
Let's see if we can work together to make NFT land a bit safer, while we work on better UX models for wallets
🤝🚀🥷
Let's see if we can work together to make NFT land a bit safer, while we work on better UX models for wallets
🤝🚀🥷
24/ If this is your first time here, we fight for an open metaverse running on decentralized rails.
Many more tweetstorms are here
Many more tweetstorms are here
https://twitter.com/punk6529/status/1448399827054833668
• • •
Missing some Tweet in this thread? You can try to
force a refresh
