Risk Warning: Beware of illegal fundraising in the name of 'virtual currency' and 'blockchain'. — Five departments including the Banking and Insurance Regulatory Commission
Information
Discover
Search
Login
简中
繁中
English
日本語
한국어
ภาษาไทย
Tiếng Việt
BTC
ETH
HTX
SOL
BNB
View Market
An article to understand EIP-5058: Can NFT project parties be prevented from running away with buckets?
十四君
特邀专栏作者
2022-06-07 09:00
This article is about 3471 words, reading the full article takes about 5 minutes
Explain in detail the vision and implementation of EIP5058

Original Author: Fourteen Jun

It seems that the project party running away is inevitable in any industry. If there is a pain point, there is an opportunity. Then in the web3 blockchain industry, based on cryptography and trust in open rules and contracts, can it be optimized from the ERC721 protocol to avoid What about this situation?

first level title

Contents of this article:

First of all, for Xiaobai popular science, what is the relationship between EIP and ERC?

Second, briefly describe the core points:

a: The vision and implementation of EIP5058;

b: The problems existing in ERC721, take the example of Boring Ape Mortgage Ownership which causes APE airdrop to be attacked by flash loan.

first level title

What are EIPs?

What are EIPs?

The full name is Ethereum Improvement Proposals (Ethereum Improvement Proposals), which are improvement suggestions put forward by the Ethereum developer community. Improvements, programming tools, and more.

Entrance: https://eips.ethereum.org/all

What are ERCs?

The full name is Ethereum Request For Comment (Ethereum Request For Comment), which is used to record various application-level development standards and protocols (application-level standards and conventions) on Ethereum. Such as typical Token standards (ERC20, ERC721), name registration (ERC26, ERC13), URI paradigm (ERC67), Library/Package format (EIP82), wallet format (EIP75, EIP85).

summary

summary

The ERC protocol standard is an important factor affecting the development of Ethereum, such as ERC20, ERC223, ERC721, ERC777, etc., have had a great impact on the Ethereum ecology. EIP can further observe the dynamics in the industry and understand what pain points are the current bottlenecks. Therefore, I refresh the latest EIP every week, starting from the problem to find the trend.

first level title

What is EIP-5058 trying to solve?

Entry: https://github.com/ethereum/EIPs/pull/5058/files

In essence, it is an extension of ERC721, allowing the project party to perform lock instead of transfer of NFT assets. It has added functions setLockApprovalForAll() and lockApprove(), so that locked NFTs cannot be transferred before the end of the lock-up period.

  • For users, the assets are still in my account, and the assets will not be lost when they expire or there is a problem with the project party.

  • As far as the official is concerned, if it is not a malicious hacking of user assets, it is just a matter of locking and preventing users, rather than requiring a transfer.

  • Authorized object: It can be a third party, just like introducing a regulatory agency that can freeze accounts with one click.

first level title

How will the EIP-5058 proposal be implemented now?

In essence, it is to manage the lock state of NFT, so that the project party can provide the function of lock and transfer in the NFT project inherited from 5058, and can also realize more functions such as royalties in the inheritance

In the current proposal, he encapsulates and provides several methods:

  1. User authorization project party: lockApprove (permission to lock a single NFT), setLockApprovalForAll (permission to lock all NFTs under this address)

  2. Project contract call: lockFrom (lock user's NFT), unlockFrom (unlock user's NFT)

To set a lockout period:

  • When the project party (third party) locks NFT,

  • The block height at which the lock expires needs to be specified, which must be greater than the current block height.

  • After the lock expires, the NFT is automatically released and can be transferred.

There are also many considerations in the security measures of 5058 itself. It will be audited when the lock is implemented.

  1. Prevent yourself from locking yourself by mistake:"ERC5058: lock caller is not owner nor approved”

  2. Prevent malicious locking of others:"ERC5058: lock from incorrect owner”

  3. The expiration time must be greater than the block number:"ERC5058: lock caller is not owner nor approved”

From the records of the eip discussion process, it can be recalled that early authors used timestamps to represent expiration, which was rejected by the official suggestion, because it may cause more security risks, and miners should never be trusted.

As for how the locking is done,

He uses a series of protocols to manage the locking status and unlocking methods of the NFT, and defines two virtual functions so that subsequent contracts that inherit the 5058 code can change this part.

  1. _beforeTokenLock(operator, from, tokenId, expired);

  2. _afterTokenLock(operator, from, tokenId, expired);

first level title

How to solve the liquidity problem?

first level title

What are the problems with ERC721?

Indeed, ERC721 has ushered in a huge explosion in the past two years, but the first problems are scalability, security and liquidity, and it is also a game between impossible triangles. Of course, the current NFT proposals that are in full bloom are already on the way to break the triangle.

first level title

Security & Liquidity Contradiction - APE Incident

In March, during the APE airdrop, the project party can obtain APE tokens by holding the Boring Ape NFT, https://apecoin.com/about, but as a top-ranking high-value Boring Ape before, many holders It will be placed in NFTX, that is, fragmented and converted into erc20 tokens, thereby generating fine-grained tokens that are easy to transfer and obtain high liquidity.

And the APE token, also known as the"Apecoin", if you hold it, you can join ApeCoin DAO and have certain governance rights

  • Distribution mode: It is the first mode in which NFT is held according to the address to airdrop ERC20.

  • Activity rules: access him with a wallet, he can exchange quantitative tokens if he recognizes the following nft

text

The overall process of being attacked

text

The approximate steps are

  • 1: The arbitrageur first obtains a sum of money through a flash loan,

  • 2: Use this fund to buy vToken on sushiswap,

  • 3: Then swap out the nft on the nftx.io platform,

  • 4: After getting the nft, go to receive the airdrop token APE,

  • 5: Finally, let’s talk about nft pledge back to nftx.io in exchange for vToken,

  • 6: Pay back the flash loan

The traces of the attack are as follows:

https://etherscan.io/tx/0xeb8c3bebed11e2e4fcd30cbfc2fb3c55c4ca166003c7f7d319e78eaab9747098

The picture below is the conversion of the ETH obtained by the flash loan into wETH (the packaging token of the ERC20 protocol for native tokens)

The picture below shows the last transaction price of No. 1600 Boring Ape NFT at that time, 85.5 ETH, about 23W USD

One of them is this avatar

It can be seen from the figure 1060 that it was taken out from the contract address of NFTX.io, and then transferred back after 3 blocks.

And look up the attacker address

https://etherscan.io/address/0x29b8d7588674fafbd6b5e3fee2b86a6c927156b0

text

who lost

first level title

Summary - rationality is beautiful, reality is far away

In fact, the separation of property rights does have a certain degree of practical significance, but there is still a long way to go before it is included in the standard protocol. As for the risk of the project party running away with a bucket, as users who have not yet chosen, it is not popular It doesn't make sense.

In fact, the risk of more NFTs lies in being zeroed rather than being recycled by the project party. The APE token incident is just a description of the separation of property rights that leads to the plundering of income.relatively extreme case

Of course, I pay attention to the latest EIP, not simply looking for usable protocol codes, but more concerned about the trend changes of pain points.

In other words, there are still many NFT protocol standard proposals, which ones do you want to hear?

  • ERC2981 NFT Royalty Standard

  • EIP4907 rentable NFT

  • EIP2309 can create transfer-destroyed NFTs in parallel

  • ERC721A, released by Azuki, customized to reduce batch mint gas

  • Original link

  • ......

Original link

NFT
Welcome to Join Odaily Official Community