Content
@
0 reply
0 recast
0 reaction
eggman 🔵
@eggman.eth
gm all, just wondering if I'm overlooking something on the mint spec for frames Is it possible to include a msg.value or eth amount with a mint? Or does this have to be built out using the custom tx spec?
9 replies
0 recast
19 reactions
horsefacts
@horsefacts.eth
Mint is kind of a weird vestige of the time before frames could do direct transactions. If you use a mint button, it's assumed that the client has a way to get the mint tx calldata and amount based on contract address. (We use Reservoir). I'd like to harmonize these with tx buttons eventually, so that they can also ask the frame server for tx calldata and fall back to a wallet transaction when "mint with Warps" is unavailable.
1 reply
0 recast
9 reactions
eggman 🔵
@eggman.eth
Appreciate it my man - shall build out the full tx! 1000 $degen
2 replies
0 recast
2 reactions
horsefacts
@horsefacts.eth
We were originally very concerned about loading untrusted calldata: how can we trust that a frame server will really tell us how to mint and not just steal the money? This is still a concern, especially if we are relaying the tx, but less so after seeing tx frames in the wild: we can simulate the results and will ultimately only allow domains we trust to use mint with Warps.
2 replies
0 recast
3 reactions
eggman 🔵
@eggman.eth
Yeah, I did actually fear we'd see an absolute hammering of drainer frames after tx functionality went wild; my assumption was the mint function was set up to essentially simulate the tx and check for any weird approvals, or require a mint function to exactly match a pre-defined block of code which can only use msg.value as a var. Problem is even then, there's still a million ways to mess with that ala dodgy overrides / helper functions etc. One solution could be having a proxy contract accept user eth to carry out the tx - so only the eth sent is at risk, but it then opens up a whole new bag of issues to content with too. It's unfortunately a v difficult problem to solve without resorting to centralization tbh. But on the bright side, been pleasantly surprised to have not seen any rogue drainer frames in the wild so far. Community on here goes hard.
0 reply
0 recast
1 reaction