Farcaster Devs

How the Faces of Farcaster frame works to mint personalized onchain art & how to map token #'s to FIDs safely

PROBLEM
The frame mints an NFT with a token # corresponding to the user's FID. It was technically possible to squat on someone else's FID.

I knew this when I launched, but shipped to prod anyway. I figured if the frame got no traction it didn't matter or if it did happen i'd upgrade the contract to pause minting, patch, and transfer tokens to rightful owner.

I also considered minting server side but then marketplaces view it as an airdrop and hide it.

Fortuntately the frame got traction and nobody did this! Then @fiveoutofnine.eth DM'd that they found the exploit so it was time to patch.

SOLUTION
Verify wallet:FID relationship off-chain and sign message. When minting check that the caller can actually mint that FID token # by validating the message signature and signer. Simple and safe.

Reserving token IDs for FIDs opens up fun mechanics that I want to keep exploring and hope others will too!

Creating content with code: @livecaster @harmonybot /bot-or-not | /blitkin | /orange-dao | IRL: YC W15 Construction tech founder

nice solution! gonna find a way to give this a go