How can the most valuable NFT project have such a massive design flaw?


A deep-dive into the CryptoPunks ownership model; and why I own one despite its most significant shortcoming

CryptoPunk 435, the cheapest CP listed for sale at the time of writing. Valued at $39k.
CryptoPunks is the grandaddy of all NFT art projects.

Apart from being the inspiration for the Ethereum ERC-721 token standard, which defines the basis of what an NFT should be, its market cap speaks for itself. The whole collection is comfortably valued at over $400 million — estimated by using the current value of the cheapest CryptoPunk in the collection.

Launched by Larva Labs in June 2017, CryptoPunks consists of 10,000 unique 8-bit-style, low resolution images of so-called punks, all stitched together forming a 100x100 grid.

Extract of the composite 100x100 image of all CryptoPunks.
There are 5 punk types: Alien, Ape, Zombie, Female, or Male.

In addition, each CryptoPunk (CP) has metadata associated with it, which indicates what attributes it possesses. The number of attributes per punk ranges from 0 to 7. The attributes includee Pigtails, Top Hat, Choker, Tiara, Hoodie, etc. As a curious fact, only 8 CPs have 0 attributes, and only one CP has the maximum number of attributes: 7.

The eight CPs with zero attributes

Some attributes are considered “hidden” as another can cover one in the CryptoPunk’s image.

The only CryptoPunk with 7 attributes. The last bid amount for this CP (#8348) was for over $1 million.

As the project was a precursor to the ERC-721 standard, Larva Labs coded a decentralized marketplace from scratch on the Ethereum Blockchain in a smart contract. The contract is very straightforward — it allows offering a CryptoPunk for sale, buying one that is for sale, transferring ownership, bidding, and accepting a bid.

Initially, CPs were given away for free to whomever claimed them during the drop. Thereafter, the smart contract methods need be used to purchase, sell, or transfer a CP.

How does the ownership model work?

Here’s where this gets interesting. Any reasonable person would expect that a project with market cap handily at $400 million and trade values in the hundreds of thousands of dollars for individual CPs would have a rock-solid foundation regarding ownership. I am here to argue that the ownership model design was naïve, and that the flaw should be used as an example of what not to do in future NFT-art projects.

So, what is the problem?

Larva Labs coupled the 10,000 CryptoPunks image to the marketplace smart contract by hashing the master-image and including the hash in the contract's initial state (i.e. by setting a contract variable equal to the image hash). The contract has an array that maps punk indexes to Ethereum addresses, thus establishing which addresses own which punk indexes. The problem is that there is no unambiguous way to identify which punk index maps to which individual punk within the composite image.

What can be proved by looking at the smart contract and blockchain state?

Hashing the image and plugging the result into the contract’s initial state implies that the CryptoPunks master-image and only that image is bound to the contract. In addition, it can be established that a particular Ethereum address owns a particular punk index. Ownership is established because the contract only allows sale or transfer of a punk index that is initiated by the address that maps to the punk index.

What cannot be proved?

Unfortunately, there is no way to prove that a particular punk index maps to a particular CP in the composite CryptoPunks image, by just looking at the smart contract and the blockchain state.

So, how do people “know” what CryptoPunk they are buying?

Actually, they really don’t. When you purchase a CP, you are really purchasing a punk index, and are trusting a centralized website (the Larva Labs CryptoPunk site) to figure out the mapping for you and show you which CryptoPunk image corresponds to the punk index you are buying, selling, transferring, or already own.

Now, to be clear, the designers didn’t concoct a random mapping — they actually gave the mapping function a sensible form — following western convention (left to right, top to bottom): punk index 0 corresponds to the CP at the top left of the composite image; punk index 1 corresponds to the CP to the right of CP 0; so on and so forth until you reach CP 99. Then, CP 100 corresponds to the CP under CP 0; 101 is to the right of 100, etc.

So, if the mapping makes sense, what is the problem?

The cold-hapless truth is that Larva Labs has the power to change the punk index → CP mapping at will, because they control the only map on their website. In other words, technically, you could own the highest value CP today, and wake up tomorrow to owning a much cheaper CP because Larva Labs decided to flip the mapping order to (for example): top to bottom, left to right.

Is this diabolic scenario likely to play out?

Probably not. It’s not in Larva Labs’ best interest to screw over their now-faithful market. But that’s beside the point — the point of moving to decentralized, trustless ownership models on the Ethereum Blockchain is precisely that you don’t need to even worry about such things happening — they shouldn’t even be possible. And the truth is that the CryptoPunks project design does allow for ambiguity, requires the need for trust, and relies on a centralized website (vs. a legitimate DApp).

Are there any sensible solutions?

The sensible solution would be for the CryptoPunks smart contract to provide a function that takes the punk index as input and output an image hash equal to the hashed individual CryptoPunk. Then, the mapping would be written in stone in the Blockchain. By the way, the cost of storing 10,000 hashes on-chain is negligible relative to the project’s market cap.

Isn’t it too late to do this now?

Yes, and no. The current contract is immutable. A new contract that provides the aforementioned function would have to be published. The current ownership state would have to be transferred to the new contract as part of its initial state. The community would have to reach a consensus to work with the new contract from that moment going forward.

And finally, why do I own a CryptoPunk anyway?

Because I think the project is historical enough that despite its shortcomings, it deserves respect and does hold value. Caveat: I do own one of the cheapest CryptoPunks though, in case the ownership mapping changes overnight ;)’=

Join Coinmonks Telegram group and learn about crypto trading and investing

Also, Read

Get Best Software Deals Directly In Your Inbox

How can the most valuable NFT project have such a massive design flaw? was originally published in Coinmonks on Medium, where people are continuing the conversation by highlighting and responding to this story.