A designer has been radicalized after an asset duplication exploit was discovered in the non-fungible token platform Hic Et Nunc. As a born-again Bitcoin maximalist, Gabriel brings to light key vulnerabilities and looks forward to the ascension of NFT through the Bitcoin RGB paradigm.
HEN Exploit Death Knell
HEN brought me into the NFT game. The shiny lights of ThreeJS, GLTF & generative art were enough to make any motion designer froth at the mouth for a stack of TEZ.
HEN Exploit Details
A first-party post-mortem. The contract included an exploitable modulo operation allowing duplication of NFTs. An unaudited contract was live for the life of the product. The fact this exploit was possible reveals a severe flaw in the Tezos digital asset paradigm. I CANNOT recommend HEN as an acceptable platform for any artist to participate in.
The Tezos HEN NFT Paradigm is Wrong
The HDAO token was an early signal of poor governance. While tokens are common in NFT, the HDAO token was an easily gameable attempt at governance. The HDAO token was earned when an NFT sale was made within the first month. In theory this would give those with the most participation more direction in the project. In reality users bought their own artwork to stack unlimited HDAO tokens. This easily foreseeable shortcoming should have been a clear warning to avoid this product.
The HEN Founder
The recent AMA with the HEN founder will tell you everything you need to know about the direction of this product. Culpability is on the creators of a contract and those who advocate for the use of that contract. They must ensure that all security considerations are addressed. He refuses to take responsibility for the direction of his project and refuses to delegate tasks out of his own vanity. He dismissed any concerns with the idea that HEN is an experimental laboratory guided by a vaguely defined techno-political philosophy.
Artists were not aware of the “experimental” nature of the contracts. The founder’s false immutability claims gained the attention, popularity and traffic of the burgeoning NFT art community whilst failing to deliver a viable product.
The founder is the sole holder of the HEN private key, giving him complete access to contract funds. Beyond exit scam considerations, in 2021 there is no excuse for this lack of creativity. Mystery is part of the space and community foundation is strengthened through ritual. Sending coins to provable burns are a great way to show commitment to an ideal. Burn the keys.
The founder controls the web interface which is an additional point of failure. Simply clicking on a button can activate a contract. Having a single owner invites the swapping-in of malicious contracts. While Tezos contracts are open access and community members are able to create their own interfaces, the majority of users interact with the contract through the founder controlled, hicetnunc.xyz. There are multiple instances in HENs short history which show the ability to freeze contracts. The potential to freeze primary HEN contracts in no way contributes toward provenance. Having a project run on GitHub is not enough to build a successful open-source product. Governance structure needs to be defined from best practices at the beginning of the project.
We can look at open-source communities that have process. Open-source guides are available. When applied correctly, open-source principles provide tremendous benefits in community health including processes for code review from competent developer communities. Building an open-source product requires leadership, definition, feedback and buy-in.
The Bitcoin Developer Community
Bitcoin Core is the primary Bitcoin implementation. They can also be called the custodians of Bitcoin. Censorship-resistance is core to the Bitcoin ethic. Satoshi was anonymous to maximize the decentralization of the network. The Bitcoin core development process is run primarily by email in a Socratic discussion format in which Bitcoin improvement proposals are put up for debate. A similar process is shared by layer 2 Bitcoin projects Lighting & RGB. When trusting a contract, trust is being placed in a community & Bitcoin has the best. With experienced developers in short supply, there is no better place to build the metaverse than Bitcoin. Solidarity in the Bitcoin community means you don't need to worry about scammers.
Bitcoin RGB Provides a Paradigm for Hard Asset Ownership
RGB is a scalable & confidential smart contracts system for Bitcoin & lightning network. Bitcoin is scaling with layers. In this diagram:
Layer 1 is the Bitcoin Blockchain
Layer 2 are Bitcoin RGB digital assets
Layer 3 are galleries & curators
The paradigm change of RGB includes two levels of ownership for assets. Access & Ownership. Access can be thought of as a public asset key while ownership can be thought of as a private asset key:
Ownership (Private key)
Access (Public key)
In the RGB paradigm, an artist maintains ownership of their asset while selling access rights to platforms which act as galleries & curators in industry, marketing their work to ultimately be sold through a local RGB contract run on the artist's node.
Layer 1 process includes minting an RGB asset from your node, including public & private keys for each asset.
Layer 2 process includes broadcasting an RGB asset on your node over the lightning network
Layer 3 process includes selling access in the form of a public key to galleries and curators
The RGB paradigm gives artists the ability to sell access to multiple RGB platforms. If Tezos were Bitcoin, HEN would be operating on layer three, whereas on Tezos HEN, operating at the first layer.
This is where I would like to make a clear distinction between a Tezos HEN NFTs and a Bitcoin RGB hard asset. There is no possibility for the HEN exploit to happen on RGB. Because an RGB asset is minted on-chain utilizing UTXO commitments in the same manner as Lightning network. There is no possibility for the manipulation or duplication of assets at the platform layer. Artists interacting on the platform layer can be assured ownership by holding the private key. Galleries at the platform layer are granted only access rights. Contract-level code in general would have no possibility of asset manipulation. Despite a harsh contrast in provenance design, the Tezos NFT paradigm allows free definition on layer 1, preventing interoperability, which was formerly deemed acceptable to myself and many in the community.
Provenance is of Secondary Concern in NFT
A standard remains undefined. An NFT can be anything. What is claimed in regards to provenance often does not meet the standards of discerning artists and collectors. On-chain immutability claims have been made of JPGs hosted on private databases. RGB provenance is provided via timestamp to Bitcoin. In this way, Bitcoin can be thought of as a timechain. Commitments are made on layer one via seals to Bitcoin transaction outputs. Custom asset definition and schema means an asset can be anything. While the specification for interoperability is restrictive, the characteristics of an RGB asset are not.
Bitcoin derives security from the PoW consensus mechanism. Majority hash rates provide the highest level of security compared to any other chain. The proven security model of SHA256 forces all chains running the same consensus mechanism to compete for hashpower. Replacing PoW with proof-of-stake as a solution to censorship-resistance & scaling is dubious.
The integrity of the HEN contracts went unquestioned. In order for the industry to mature, the community must be more discerning of the technology. Exploits hinder acceptance into the broader art community by failing to meet provenance standards. NFT is saturated with aspiring artists whose fledgling careers quite literally rely on the integrity of the functionality. Reputation in the art community at large remains paramount. An issue arises when advocating for artists to mint on unaudited contracts. Significant competition between platforms will bring about more robust standards for client-side validation.
Bitcoin RGB is not immune from client-side error and does not solve data storage. Standardization is needed for a thorough client-side specification in order to prevent poor user experience. The desired level of data storage centralization will vary between users. Client-side contracts hold the biggest potential for bad user experience. Product & interaction design can remove layer 1 and 2 complexities when assets are built under a standard. The Umbrel node has an elegant interface that allows plebs to participate in the peer-to-peer Bitcoin lightning network. With an app store style plugin library, Bitcoin provides an environment to build decentralized applications & interfaces. Chain exclusivities touted will be available with RGB and TAPROOT. There needs to be fool proof standards and implementations for client-side interface.
The Bitcoin Metaverse
An propelled NFT to its height of popularity. The same unconstrained vision must be fostered within the Bitcoin community in an effort to build the Bitcoin metaverse. Artists have concerns about collaboration, community, commission, provenance, royalties and transaction fees which Bitcoin product designs will need to consider.
It will be useful to consider what made the HEN successful. Clean product design with open access along with healthy community adoption among generative artists & creative coders contributed greatly. HEN grew organically through the endorsement of artists. The community was decidedly ignorant to the actual securities provided by the HEN contracts. It will be important to listen to the concerns of leaders in NFT to give direction to the RGB paradigm.
A hardcore cypherpunk ethic remains in the most diehard of the Ethereum NFT community, but a lack of standardization leads the fairweahter noob to oblivion. When the hoi polloi of the art world invade, cryptography at layer one will be least of their concern. Not until after price bloodlet & broken promises do we take a discerning look and find the systems broken. The death knell of Tezos NFT ushers in a brighter vision.