Hey guys, I'm trying to build a domain locked NFT minting smart contract. I have been doing whitelisted nft mints to prevent botting attacks, but those are tedious. Nobody wants to participate in my whitelisted mints because they're such a pain in the a**. I have to give the minters time to give me their Ethereum addresses so I can add them to the whitelist to make the merkle root and that takes a really long time. Plus if you miss the whitelisting you can't get one. Once I deploy the merkle root, anyone who never gave me their Ethereum wallet can't mint the NFT.
So I've concluded that I have to mint from a website protected with a captcha. This is really hard because people can just write scripts/bots that call the contract directly.
My 2 plans of attack are:
- I could incorporate some type of CORS policy in the solidity contract that only allows minting function calls from the actual domain of my minting site... Does something like that exist. ?
- I could make a proxy contract that does all of the minting and my captcha webpage uses this proxy contract to call the NFT contract, mint an NFT, and sends it to the person trying to claim an NFT. The biggest problems that I have with this are that:
- I think I will have to pay the gas fees for my proxy contract to mint and send the NFT. I don't know if there's a way around this.
- Also I will have to expose my proxy contract owner's private key in my website deployment. This means the website can't be static, not to mention keeping a private key on a server is a security vulnerability.
P.S. I want this site to be static if possible because I want to use a Handshake domain.
Does anyone know how I should procede? Is there a third option that I'm missing?
[link] [comments]
You can get bonuses upto $100 FREE BONUS when you:
π° Install these recommended apps:
π² SocialGood - 100% Crypto Back on Everyday Shopping
π² xPortal - The DeFi For The Next Billion
π² CryptoTab Browser - Lightweight, fast, and ready to mine!
π° Register on these recommended exchanges:
π‘ Binanceπ‘ Bitfinexπ‘ Bitmartπ‘ Bittrexπ‘ Bitget
π‘ CoinExπ‘ Crypto.comπ‘ Gate.ioπ‘ Huobiπ‘ Kucoin.
Comments