Skip to content

Convex-Labs/honestnft-shenanigans

Repository files navigation

Twitter follow Discord Join medium_com medium_com medium_com docs

HonestNFT

Table of Contents

Click to expand!

Motivation

At Convex Labs, we’re NFT fanatics. We believe that NFTs represent a revolution in the art and collectibles spaces. Unfortunately, as described in Paradigm's Guide to Designing Effective NFT Launches, the current systems being used for NFT launches are often unfair to average users. Hasu and Agnihotri describe several pitfalls which can give sophisticated users an edge and allow such users to extract value from both creators and other collectors.

We have developed and deployed tools for the purpose of gaining an advantage when buying NFTs and we aren’t the only ones; we’ve been observing people using such tools for months and recently numerous paid services such as traitsniper.com have appeared. We’ve open sourced our tools, describing how we use them, and how to detect when someone else has used similar methods to gain an advantage in an NFT launch.

Continue reading about our motivation / background here.

Bug Bounty

Our bug bounty program is an experimental and discretionary rewards program modeled after the Ethereum bug bounty program. We will give NFTs, Ether, or other prizes to participants who improve our codebase or find dishonest drops.

We are seeding our initial bug bounty pool with 100% of the profits we made trading NFTs with our code. We encourage others to donate to our bounty pool multisig.

Our Gnosis Safe Multisig: 0xa94a1B82B441DAA23890FF5eEb84a66D323Fd6c1

Read more about our rewards program here.

Installation

1. Prerequisites

  • python
  • git

2. Instructions

  1. Download the github repo: git clone https://github.com/Convex-Labs/honestnft-shenanigans.git
  2. Change directory to the downloaded repo: cd honestnft-shenanigans
  3. Install the tools and requirements with: pip install --editable .
  4. Rename .env-example to .env
  5. Add your personal API keys and web3 providers to .env

Note: The repo takes a few minutes to install. We've provided a decent amount of test data so the repository is rather large.

Simple Tutorial

  1. Download metadata with pulling.py
  2. Generate rarity rank with rarity.py (ranks are based off rarity.tools algorithm - we reverse engineered it)
  3. Generate rarity map (scatterplot) with rarity_map.ipynb
  4. Pull minting data with find_minting_data.ipynb
  5. Generate ks-test scores with ks_test.ipynb (ignore ks-test results for drops with skewed rarity maps)
  6. Tell us what you find!

Video Tutorial

Tutorial: https://vimeo.com/638878051

API References

Web3 Provider: https://www.alchemy.com/ (Recommended)

Basic IPFS Endpoints: https://ipfs.github.io/public-gateway-checker/

Note

When you click one the gateways, you might be redirected to a long URL. Please note that only the hostname + /ipfs/ part is necessary.
E.g.

Correct: gateway.ipfs.io/ipfs/  
Wrong: gateway.ipfs.io/ipfs/bafybeifx7yeb55armcsxwwitkymga5xf53dxiarykms3ygqic223w5sk3m#x-ipfs-companion-no-redirect  
Pinata IPFS Endpoints: https://www.pinata.cloud/ (IPFS_GATEWAY in pulling.py is set to a public endpoint; can pull faster w Pinata)

How metadata leaks

A Guide to Effectively Cheating NFT Launches (and detecting cheaters)

Future Work Ideas

  1. Spikes in minting before rare tokens
  2. Median rarity in sliding windows of length N
  3. Unusually high amounts of "1 mint" buyers getting rare tokens (ie minting one token and getting one rare; ks-test isn’t super sensitive to this)
  4. Rare items getting listed at the same time. It is very interesting if multiple addresses list super rare items at the same time. Maybe these addresses all belong to one person?

Support

For help, visit the 🔨#support channel in our Discord.

Contributing

Contributions, issues, feature requests or even suggestions are welcome! You can open an issue/PR or join us on Discord to discuss your contribution. You can even earn a nice bounty.

Don't forget to check out our contributing guide.

Acknowledgements

The Etherscan team for providing the free API keys for: