Under the escrow turmoil, is Magic Eden's Solana NFT transaction throne difficult to guarantee?
This article comes from DecryptThis article comes from
, the original author: Andrew Hayward, compiled by Odaily translator Katie Ku.
There is no bigger player in the Solana NFT space than Magic Eden. Launched last fall, the marketplace typically accounts for 90% or more of all Solana transactions. It was valued at $1.6 billion in its latest round of venture capital funding in June.But with the rise of Magic Eden, members of the Solana NFT community (both creators and collectors) have grown concerned that the platform has become too centralized as it grows. They pointed out thatmostRecent updates restricting access to third-party aggregators and tools, as well as the way Magic Eden hosts users' NFTs, may leave users' assets vulnerable.
In its response to Decrypt, Magic Eden did not specifically mention the risks of the custodial-based transaction model, but said it believes the alternatives are currently less secure for users. The marketplace plans to adopt a no-custodial system in the future, but "the technology is not yet secure enough."
secondary title
Magic Eden NFT custody model questioned
The debate over Magic Eden's ability to hold user-listed NFT assets in escrow wallets is heating up. Magic Eden escrows all listed assets, instead of allowing them to stay in the user's own wallet, the user's NFT is kept in the escrow wallet through the market smart contract. This approach was common in the early days of the Solana NFT market, but companies that entered the Solana ecosystem later, such as OpenSea and Hyperspace, did not take this approach.
Last Wednesday, OpenSea launched the topic "Against Solana Market Managed NFT" on Twitter. Although Magic Eden was not directly named, the goal is obvious. OpenSea tweeted at the time: “We believe a marketplace for hosting users’ NFTs limits choice and utility, and compromises security.”
Metaplex's auction protocol enables Solana to trade NFTs without the need for a marketplace to escrow assets. An unnamed Metaplex source confirmed to Decrypt that Magic Eden's marketplace contract is based on an early version of the auction house, a permissionless peer-to-peer trading system. However, Magic Eden made significant changes to the contract code as well as the launch platform contract based on Metaplex's Candy Machine's Mint tool. Magic Eden also isolates them from the rest of the community. "They are closed-source and licensed derivatives of the open-source technology provided by Metaplex," the source said.This approach increases the potential risk for NFT traders. Closed source software cannot be audited by the community, or benefit from bug bounty programs. Not even Metaplex knew what was in Magic Eden's market contract code.
What happens if Magic Eden's escrow wallet is stolen? Or what would happen if Magic Eden suddenly went down, as some other crypto companies have in recent months during the recent market crash? As of last week, “centralized” custodial wallets held about 180,000 NFTs, Metaplex sources said.In response to a question from Decrypt, Magic Eden co-founder and CTO Sidney Zhang said,The farm plans to transition to an unmanaged model at some point, but in his team's view, the current solution is not secure enough. He wrote: “We are actively exploring a custody-free model and plan to move to a custody-free model, but we believe that the smart contracts currently used by other markets to achieve a custody-free model are not safe. This transition will bring many security issues. , we want to proceed with caution to ensure that our users do not inadvertently lose assets by not having an up-to-date listing.”
secondary title
Several recent changes to Magic Eden
Beyond the hosting model, Magic Eden has seen a lot of new changes: increased scrutiny of how its platform operates and how third-party apps are built on top of it.Last week, the topic of Magic Eden's hosted mode went viral as user "Pland" went viral on Twitter:Due to recent smart contract changes, Magic Eden "is no longer a permission-free Dapp", which most users didn't notice, but did have a big impact on the ecosystem.Smart contracts hold the code that powers Dapps and NFT assets.
Developers who spoke to Decrypt said that the contract change made Magic Eden have to sign every transaction that happens on its marketplace, unlike before. As a result, some third-party apps that aggregate multiple marketplace listings, as well as so-called "sniper bot" tools that can be used to purchase specific NFTs, were compromised.
Magic Eden acknowledged the contract change to Decrypt, explaining that transactions now require two signatures: one from the end user and one from an API key provided by Magic Eden. API keys are used to authenticate developers and third-party programs that wish to access an application or service. Ethereum-centric marketplaces like OpenSea also have API systems.
Magic Eden has made more than 300 API keys available to developers, Zhou said, including aggregators like Tensor and NFT Soloist, and wallet app developers like Exodus and Slope. He also noted that the developers of the Solana wallet Phantom required Magic Eden to have an API to verify that transactions came from their servers. "We believe in the goal of supporting a formal developer ecosystem in order to achieve a safe and secure marketplace," Zhou added. "We keep an open mind to evolve the API based on the needs of our co-developers."
secondary title
Mandatory "Operation Anti-Involution" by Magic Eden
However, some developers in the Solana space see this shift as a rejection of the principles of decentralization. A representative for NFT marketplace aggregator Hyperspace told Decrypt: "We're surprised they're doing this because it's completely centralized and doesn't do the end user any good. Because it increases the reliance on their servers, which leads to transaction failure rates increase."
Before the contract change, Magic Eden contacted Hyperspace and threatened to “shut down Hyperspace if we didn’t change Hyperspace’s platform and serve them,” the person said, speaking on condition of anonymity. Magic Eden allegedly wanted Hyperspace to Provide Magic Eden with "exclusive listings and only through their API.
A Magic Eden representative denied threatening them in the discussions: "We encourage our partners to integrate as deeply as possible with Magic Eden in order to provide the fullest technical and operational support possible. Unfortunately, Hyperspace is not comfortable with such collaborations." interest, and has been hostile."
Hyperspace said it discovered a solution to the Magic Eden API and continued to provide aggregated listings, but other aggregators such as CoralCube apparently lost functionality as a result. "Since then, they have been trying and actively researching how to stop us," the Hyperspace representative claimed.
“CoralCube used to have a migrate list button, but Magic Eden has recently moved to a centralized platform for Web2. Without Magic Eden’s centralized signature, projects cannot be deleted. That’s why we removed the migrate button and now the NFT is stuck in Magic Eden’s escrow.”Hyperspace has been speaking out against this strictly anti-competitive practice because it violates the principles of the open web.
secondary title
Magic Eden's new feature comes under fire
Additionally, Magic Eden has come under fire for seemingly being inspired by external Solana applications when implementing new features. Last week, Magic Eden’s go-live feature, which allows projects to create user allowlists before NFTs are deleted, was met with resistance due to its close resemblance to Blocksmith Labs’ Mercurytool.
Anonymous NFT collector Topo Gigio told Decrypt about Magic Eden's new addition: "It seems like an out-of-the-box attempt to exclude anyone who can do better." Meanwhile, Zion Labs' Marty claimed: "Magic Eden Is 'using venture capital as a weapon' and rapidly expanding into an all-in-one Solana NFT resource."
Magic Eden's Zhou responded that Magic Eden is a "user-first company" that adds features primarily based on user requests. He claimed that the expanded functionality on the platform serves NFT collectors and rejected the centralization debate. Zhou said: “This conversation is not about centralization and decentralization, it never was. Since our founding, there have been collaborative tools based on Magic Eden’s growing market experience, and we do not intend to change this approach.”
For some players in the Web3 space, the overall conversation around Magic Eden is about centralization vs. decentralization, including how key players in the space should approach things like asset custody, open source code, and blockchain assets and protocols Composability and other issues. Between continuing to use third-party hosting and making API-centric changes, Magic Eden's recent decision hasn't been for everyone. But Magic Eden is still the best option for Solana collectors to buy and sell NFTs.
