Motivation
Bug Bounty
Installation
Simple Tutorial
Video Tutorial
API Endpoints
How Metadata Leaks
Grifted
Grifters? Smart Money? Luck?
Future Work
Contacts / Social Media
Contributing
At Convex Labs, we’re NFT fanatics. We believe that NFTs represent a revolution in the art and collectibles spaces. Unfortunately, as described in Paradigm's Guide to Designing Effective NFT Launches, the current systems being used for NFT launches are often unfair to average users. Hasu and Agnihotri describe several pitfalls which can give sophisticated users an edge and allow such users to extract value from both creators and other collectors.
We have developed and deployed tools for the purpose of gaining an advantage when buying NFTs and we aren’t the only ones; we’ve been observing people using such tools for months and recently numerous paid services such as traitsniper.com have appeared. We’ve open sourced our tools, describing how we use them, and how to detect when someone else has used similar methods to gain an advantage in an NFT launch.
Continue reading about our motivation / background here
Our bug bounty program is an experimental and discretionary rewards program modeled after the Ethereum bug bounty program. We will give NFTs, Ether, or other prizes to participants who improve our codebase or find dishonest drops.
We are seeding our intial bug bounty pool with 100% of the profits we made trading NFTs with our code. We encourage others to donate to our bounty pool multisig.
Our Gnosis Safe Multisig: 0xa94a1B82B441DAA23890FF5eEb84a66D323Fd6c1
Read more about our rewards program here: Coming Soon!
Navigate to a directory of your choice.
Option 1: Install the package locally using pip3.
pip3 install git+https://github.com/Convex-Labs/honestnft-shenanigans.git
Option 2: Clone from GitHub.
git clone https://github.com/Convex-Labs/honestnft-shenanigans.git
python3 setup.py install
Note: The repo takes a few minutes to install. We've provided a decent amount of test data so the repository is rather large.
- Download metadata with pulling.py
- Generate rarity rank with rarity.py (ranks are based off rarity.tools algorithm - we reverse engineered it)
- Generate rarity map (scatterplot) with rarity_map.ipynb
- Pull minting data with find_minting_data.ipynb
- Generate ks-test scores with ks_test.ipynb (ignore ks-test results for drops with skewed rarity maps)
- Tell us what you find!
Tutorial: https://vimeo.com/638878051
Infura: https://infura.io/
Basic IPFS Endpoints: https://ipfs.github.io/public-gateway-checker/
Pinata IPFS Endpoints: https://www.pinata.cloud/ (IPFS_GATEWAY in pulling.py is set to a public endpoint; can pull faster w Pinata)
- Go to contract
- Call tokenURI
- Paste link into browser to view metadata
What if metadata is hidden, but images are not?
If the explicit traits are hidden, but images are not, you can print all images to a directory and manually search for rare traits
If the contract is not verified you can sometimes find the metadata url on OpenSea API
Sometimes data even leaks on the cloud...
In the plots that follow we map the rarity of a token to its tokenID. We use the convention of rarity.tools and label more rare tokens with lower rank scores. For example, the rarest token in a collection has rarity rank 1. If rare tokens are distributed randomly throughout the collection, then rarity maps should be scatter plots without any discerning patterns.
Note: The founders (8 Bit Universe) minted the majority of these rare tokens and claimed that they airdropped them to random users on Discord. Convex Labs is not suggesting that this statement is false, but rather that this is not provably verifiable.
Note: In this case "Dejen" tokens were minted out of order in a pseudorandom way. Thus, taking advantage of skewed distributions is not possible in practice.
In the plots that follow we overlay all the mints from a single address with the rarity map. All mints from the address labeled in the title are shown in black. So, someone must be getting screwed over right? Yeah...
We observe a clear pattern of unsuspecting minters failing to mint a single rare token, simply becaues they mint at an unfavorable time.
With leaking metadata, insider information, or skewed distributions, some people must be cheating. So who are the grifters? Are these people just lucky? Decide for yourself...
- Spikes in minting before rare tokens
- Median rarity in sliding windows of length N
- Unusually high amounts of "1 mint" buyers getting rare tokens (ie minting one token and getting one rare; ks-test isn’t super sensitive to this)
- Rare items getting listed at the same time. It is very interesting if multiple addresses list super rare items at the same time. Maybe these addresses all belong to one person?
For help contact [email protected] or @bax1337 on Twitter.
We'd love your help making these tools more robust in an effort to make the NFT market fair and equitable. If you find a bug or have a suggestion on how to improve our code, check out our contributing guide.