-
-
Save Anish-Agnihotri/8c16906310f406d0d79cab0e45594191 to your computer and use it in GitHub Desktop.
getting too easy | |
Times mainnet auction address for tomorrow: | |
https://etherscan.io/token/0xdd69da9a83cedc730bc4d3c56e96d29acc05ecde |
@Anish-Agnihotri any ideas on how to create a bot fighter in the smart contract to block this type of behavior, and make sure the minting process is decent and front runners don’t have this "privileged access"?
coz this is so unfair and will harm the NFT industry as a whole, I will reach out to the alchemist team to elaborate more on this issue
@Anish-Agnihotri any ideas on how to create a bot fighter in the smart contract to block this type of behavior, and make sure the minting process is decent and front runners don’t have this "privileged access"?
coz this is so unfair and will harm the NFT industry as a whole, I will reach out to the alchemist team to elaborate more on this issue
A thing you can do is deploy the contract unverified using a virgin address (no tx on any chains) loaded via Binance/Tornado (as long as they won't know who sent eth) then only verify the contract at announced time.
You can also make a honeypot that mints blank nfts.
But since people are smart they can still mint the second a contract gets verified.
Yeah I don’t think it all leaks, some people are greedy enough to run their bots once the contract has been announced, but I've approached alchemist team and their copper fair launch platform has a way to fight this
How can I call method to mint if contract has different method name?
@Anish-Agnihotri any ideas on how to create a bot fighter in the smart contract to block this type of behavior, and make sure the minting process is decent and front runners don’t have this "privileged access"?
coz this is so unfair and will harm the NFT industry as a whole, I will reach out to the alchemist team to elaborate more on this issue
Some smart contracts of recent NFT projects require a signature from the backend, in which the msg.sender
and quantities
are signed by their private key. On the contract side, they will validate the signature, if the signature is correct, the transaction will be processed.
However, the crawler can also request the signature, and commit the transaction, but more difficult than usual.
Black-hat perspective: how do you extract address from a frontend? Do you do this manually searching for "web3.eth.Contract" etc, debugger breakpoints; Or is there some smart automated way?
Black-hat perspective: how do you extract address from a frontend? Do you do this manually searching for "web3.eth.Contract" etc, debugger breakpoints; Or is there some smart automated way?
Damn, sorry, your second tweet literally answers this:
https://twitter.com/_anishagnihotri/status/1441072865764429825?s=20
An example script participating in gas auctions:
Ideally, you would use Flashbots with a sufficient bribe to prevent gas costs on the few reverts you'll have participating via optimistic blocktime script.