Solving NFT access list, minting, and holiday problems with ENS

How many times are people going to be asked to prove ownership of NFTs by exposing the keys to their most valuable items over and over again?

How safe is it to carry your crypto with you when traveling for work or holidays? Answer — completely unsafe. So why do projects keep assuming we’re carrying sometimes hundreds of thousands of dollars or more of assets where-ever we go?

I’ve missed endless ‘perks’ as a result, even from beloved projects such as Cyberbrokers, because no, I’m not carrying my high value crypto at an NFT conference in a foreign country where we’re all clear targets.

Theft after theft after theft and still we do almost nothing. As users and project creators we need to fix this and fix it now.

Here is a starting point for an easy to implement solution using ENS, trivial for collab.land and NFT projects to support.

Users should:

• register mydomain.ens
  Point this at your main account.
• register a subdomain sign.mydomain.ens
  Point this at the account you want to use for signing messages, e.g. to prove who you are.
  Do not keep money or assets on this account.
• (optional) register a subdomain mint.mydomain.ens
  Point this at the account you want to use for minting.
  Keep only minting funds on this account, and NFTs of negligible value or use.
  You can forward on valuable assets after minting, e.g. using OpenSea’s NFT bundling system.
• (optional) register a subdomain vault.mydomain.ens
  Point this at the account you use for your vaulted NFTs.
  Keep your high value NFTs on this account.

For all of the above, set the Primary ENS Name Record for each of the addresses. This ensures that the Ethereum addresses are uniquely associated with that domain/subdomain, even if there are other domains that may map to it.

A Primary ENS Name record (formerly Reverse Record) makes your Ethereum address point to an ENS name. This allows dapps to find and display your ENS name when you connect to them with your Ethereum account. This can only be set by you so it is not set automatically upon registration.
To set the Primary ENS Name record, please click “My account”, and select “Primary ENS Name”.

How should projects use this?

• Proving identity: Ask user to sign a message with sign.mydomain.ens.
  It should never contain NFTs or funds so is completely safe. Users can change this at any time to a new account, use a mobile wallet, whatever they want.
• Check NFT ownership: Monitor NFT ownership at mydomain.ens and vault.mydomain.ens, or ask user which to use.
• Access lists: Snapshot NFT ownership from mydomain.ens and vault.mydomain.ens, or ask user which to use.
  Look up the mint address from mint.mydomain.ens if it exists, else get from mydomain.ens.
  Do this at a single fixed block since ENS records can change any time.
• Optional: Allow a minting address to mint to another address, or mydomain.ens.
• Optional: Don’t block smart contracts wallets like Gnosis Safe. They work with ENS too. Find another way to optimise your mint process.

What good will this do?

We need to educate users to only sign using their sign account, never to use accounts which hold assets, and to mint using a minting account from where they can forward assets on to their main or vault accounts. This will stop them continually exposing their assets to malicious websites, discords, and contracts.

We need to encourage good behaviour throughout the ecosystem rather than everyone using different techniques and users continually being exposed to poor behaviour, yet being blamed for losses.

They should never have to sign using any account other than their signing account unless directly interacting with a specific NFT, e.g. to sell on OpenSea or for staking purposes.

What can you do?

1. Engage with the topic on #safernfts and iterate this idea into one that works.
2. Demand that all projects implement the solution once consensus is reached.
3. Firmly reject any projects which do not until they do so.
4. Create reference code for tooling!

EDIT: Proposals to use the TXT record ignore that it’s poor UX and is harder to support. Existing ENS UX and web3 tool works with subdomains and primary/reverse look up.

However, the imperative is a solution so whatever can get accepted as an option for users.

EDIT2: Recent Proposal EIP 5131 could be the way forwards — my initial feedback https://twitter.com/sillytuna/status/1549169684024631296?s=20&t=BSzwkqQcFznmV_1Up9XPYA