ERC721R contract test! A contract designed to prevent rugpulls can actually be used for rugpulls!?
This article is provided by The Z Institute
Table of Contents
Foreword:
There are several NFT protocols, what are the differences between ERC721 / ERC721A / ERC721 psi / ERC721R? As protocols continue to iterate with technological advancements and project requirements evolve, as a developer, how can one understand which protocol is suitable for which application scenario?
Igniting Twitter discussions, what is the logic behind the ERC 721R protocol, which claims to refund NFT within a specified time limit and recover minting fees? How can this be practically applied in writing smart contracts? Can refunds truly be unlimited after minting?The Z Institute blockchain online academy will be conducting live testing of this latest protocol, discussing and improving any vulnerabilities in the protocol.
The Past and Present of NFT Protocols:
ERC 721: The most common NFT protocol, first introduced in 2017 with the Crypto Kitties project, different from the concept of tokens with shared IDs in the past, each NFT has its unique Token ID.
ERC 1155: Multiple different Token IDs can exist within a single contract, and a Token ID can have multiple NFTs.
ERC 721A: Released by the NFT project Azuki, this protocol was developed to reduce batch minting Gas fees, saving the work of writing data to the chain in smart contracts, and improving the efficiency of simultaneous multiple minting through algorithms.
ERC 721Psi: Built on ERC 721A, further optimized to reduce Gas fees.
Origin of ERC721R
Developed by the NFT project Crypto Fighter, an extension of the ERC721A protocol, improved to prevent rug-pulling by project parties, designed as an NFT refund mechanism to demonstrate the long-term operational integrity of project parties.
Project parties can predefine an appreciation period (refund deadline) in the contract, during which NFT owners can directly apply for a full refund through the contract mechanism, only requiring payment of Gas fees.
Design and Refund Logic of ERC721R
- When the contract is initialized, a function sets the final refund date based on the current time plus the period specified in the contract, initiating the countdown for refunds, during which NFT owners can refund at any time.
- If the refund mechanism is activated and funds are returned to the NFT owner's wallet, the NFT will not be burned, but returned to the contract owner (project party).
- Before the refund period ends, minting income will be locked in the contract address. When the target date is reached, the project party can extract the minting income from the contract to ensure that there are sufficient funds in the contract to refund NFT owners.
(Reference tx:https://rinkeby.etherscan.io/tx/0x9b78e13bfbbaee027a08afa79a31cf8c705539d4e38f603691dbbd56a9f304b4)
Vulnerabilities in the ERC721R Mechanism
How project parties exploit vulnerabilities for rug-pulling:
- Project parties first mint a NFT using their own contract, holding a NFT in their possession.
- Project parties activate the refund mechanism, funds are returned from the contract address to their wallet, and the NFT is also returned to the project party's wallet.
- Once the NFT is back in the project party's hands, they "again" execute the refund mechanism, causing the NFT to return to their possession, creating an infinite loop of refunds and NFT recovery until the funds locked in the contract are emptied by the project party, resulting in a RUGPULL!
How to Address the Contract Vulnerabilities of ERC721R
Include additional rules in the contract: Each Token ID can only be refunded once to resolve the issue of repeated refunds.
After the live broadcast, The Z Institute has proposed modification suggestions and implemented code fixes for the ERC721R contract: D
(Reference link:https://github.com/exo-digital-labs/ERC721R/pull/9)
Is ERC721R a Good Mechanism for NFTs?
Some developers and community participants believe that ERC721R, through decentralized contract mechanisms, can ensure the integrity of project parties for long-term operations, safeguarding the rights of primary market participants.
However, on the other hand, this protocol may lead to project parties facing a lack of development funds before the refund period ends; or disrupt NFT ecosystem rules, with whales minting and refunding non-rare NFTs. Additionally, the spirit of blockchain itself does not encourage refund mechanisms.
Video and Shared Notes from this Live Broadcast
Institute Introduction:
The Z Institute aims to be auniversity of Web 3 Metaverse that integrates industry and academia. Since 2017, we have been providing blockchain consulting, corporate training, project development, smart contract auditing, international resource matchmaking, and other services. We also offer online blockchain courses and training workshops, dedicated to promoting future technologies widely and addressing the talent needs at the forefront of blockchain.
To date, the institute has trained over 2,000 students from various professional fields, guiding many Web 2 talents to transition to the domestic and international Web 3 industries successfully. We firmly believe that talent training is the foundation of the industry, with the goal of propelling Taiwanese talents onto the global stage and accelerating the development of Taiwan's blockchain industry.
We are currently planning new courses, and welcome you to fill out the course survey form to have your opinions heard and receive the latest course information and promotions! Form link:https://forms.gle/hStDkWzitpem1YNA9
Related
- Private space company SERA launches NFTs on Base, buyers have the chance to ride Blue Origin into space.
- ApeCoin DAO proposal to spend $350,000 to build a boring ape-themed hotel, offering a free night's stay for APE holders!
- Chain game "Shrapnel" launched on Epic Games Store, injecting new hope into the chain game industry.