wonderwomancodeWith all the talk about security since the @[email protected] hack, I wanted to talk a little bit about how you can use @[email protected] to build security into your NFT project for the benefit of holders. 🧵
@[email protected] generated NFT minting contracts have some special roles and titles that can be used in different ways, depending on your needs, to secure or retrieve the contracts themselves and the NFT's generated from them. https://docs.unlock-protocol.com/core-protocol/public-lock/access-control
KeyManager titles have the right to transfer an NFT and that wallet address can be separate from the wallet address that has the title KeyOwner. So what does that mean?
If I set a KeyManager to a cold wallet, separate from the KeyOwner hot wallet I use, then I decouple transfer capabilities from the storage wallet. I can sign smart contracts for token gating, airdrops, etc. without fear a bad actor might steal my NFT.
Even if I have accidentally given them access rights to transfer tokens, they won't be able to transfer my @[email protected] NFT since the KeyOwner address is not the address with the transfer authority.
We shouldn't continue to rely on wallets and browser extensions to pick up suspect links or signature requests. We need to start standardizing around protocol-level security measures and that can be done with @[email protected].
If you'd like to know more about this and other features of @[email protected] and you're having an event for @[email protected] then reach out to me about giving an in-person workshop.