Skip to content
This repository has been archived by the owner on Jul 18, 2024. It is now read-only.

Feature Request: Mint on demand and directly buy #33

Open
schmidsi opened this issue Mar 21, 2021 · 2 comments
Open

Feature Request: Mint on demand and directly buy #33

schmidsi opened this issue Mar 21, 2021 · 2 comments

Comments

@schmidsi
Copy link

schmidsi commented Mar 21, 2021

Problem

A creator want to put several works on sale but does not want to pay for all the minting-gas-costs up front. Only if a buyer actually wants to buy a work, they should pay for the gas. The creator should be correctly set as the Cryptomedia's creator, but the newly minted token should be directly assigned to the first buyer. Furthermore, the price for that token should be paid during this transaction also.

Possible Solution

Introduce a new function:

function mintAndBuyWithSig(
      address creator,
      address buyer,
      uint256 amount,
      address currency,
      MediaData memory data,
      IMarket.BidShares memory bidShares,
      EIP712Signature memory sig
  )

And the following MintAndBuyWithSig:

{
  MintAndBuyWithSig: [
    { name: 'tokenURI', type: 'string' },
    { name: 'metadataURI', type: 'string' },
    { name: 'creatorShare', type: 'uint256' },
    { name: 'amount', type: 'uint256' },
    { name: 'currency', type: 'address' },
    { name: 'nonce', type: 'uint256' },
    { name: 'deadline', type: 'uint256' },
  ]
}

Like this it will be possible to mint and buy a Cryptomedia in one transaction. The creator has still the possibility to set the price.

@schmidsi
Copy link
Author

Hmm, I think this solution is vulnerable to the following attack:

  • A bad actor gets the content-hash from the off-chain source
  • They front-run the minting and mint the exact same hash but assign themselves as the creator
  • The original creator cannot mint the token anymore, because the hash is already used

But this vulnerability also applies to the existing mintWithSig function.

@schmidsi
Copy link
Author

Another possibility would be to make permit deterministic. Instead of identifying a token with it's tokenId, you could identify it with it's hash:

function permit(
        address spender,
        uint256 tokenId,
        EIP712Signature memory sig
    )

to

function permit(
        address spender,
        bytes32 tokenHash,
        EIP712Signature memory sig
    )

Having these changes, the creator could give two signatures to the future minter: Permit and MintWithSig. That would be already possible, as long as no other token is minted between the two transactions.

Another downside of this approach is, that the buyer needs to make two transactions to receive the NFT.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant