Hic Et Nunc Exploit: Death Knell of Tezos NFT and a Bitcoin RGB Hard Asset Paradigm
TL;DR A designer has been radicalized after an asset robbery exploit was revealed in the non-fungible token platform Hic Et Nunc. As a born-again Bitcoin evangelist, Gabriel brings to light key vulnerabilities and looks forward to the ascension of NFT through the Bitcoin RGB paradigm.
HEN Exploit Death Knell
HEN brought me into the NFT game. The shiny lights of ThreeJS, GLTF and generative art were enough to make any motion designer froth at the mouth for a stack of TEZ. The current most popular article runs cover for HEN, but the error is indication of a dire situation. The contract included an exploitable modulo operation allowing robbery of NFTs. An unaudited contract was live for the life of the product. The fact this exploit was possible reveals a severe flaw in the Tezos digital asset paradigm. I CANNOT recommend HEN as an acceptable platform for any artist to participate in.
The HDAO token was an early sign of poor governance. While tokens are common in NFT, the HDAO token was an easily gameable. The HDAO token was earned when an NFT sale was made within forty-five days of product launch. In theory this would give those with the most participation more direction in the project. In reality users bought their own artwork to stack unlimited HDAO tokens. This easily foreseeable shortcoming should have been a clear warning to avoid this product.
The recent AMA with the HEN founder gives insight into the direction of this product. Culpability is on the creators of a contract and those who advocate for the use of that contract. They must ensure that all security considerations are addressed. The founder refuses to take responsibility for the direction of HEN and refuses to delegate tasks out of his own vanity. He dismissed any concerns with the idea that HEN is an experimental laboratory guided by a vaguely defined techno-political philosophy.
Artists are unaware of the “experimental” nature of the contracts. The founder’s false immutability claims gained the attention, popularity and traffic of the burgeoning NFT art community whilst failing to deliver a viable product.
The founder is the sole owner of the HEN private key, giving him complete access to contract funds. Beyond exit scam considerations, in 2021 there is no excuse for this lack of creativity. Mystery is part of the space and community foundation is strengthened through ritual. Sending coins to provable burns are a great way to show commitment to an ideal. Burn the keys.
The founder controls the web interface which is an additional point of failure. Simply clicking a button can activate a contract. Having a single owner invites the swapping-in of malicious contracts. While Tezos contracts are open access and community members are able to create their own interfaces, the majority of users interact with the contract through the founder controlled, hicetnunc.xyz. There are multiple instances in HENs short history which show the ability to freeze contracts. The potential to freeze primary HEN contracts in no way contributes toward provenance. Having a project run on GitHub is not enough to build a successful open-source product. Governance structure needs to be defined from best practices at the beginning of the project.
We can look at open-source communities that have process. Open-source guides are available. When applied correctly, open-source principles provide tremendous benefits in community health including processes for code review from competent developer communities. Building an open-source product requires leadership, definition, feedback and buy-in.
The Bitcoin Developer Community
Bitcoin Core is the primary Bitcoin implementation. The development process is run by email in a Socratic discussion format in which Bitcoin improvement proposals are put up for debate. A similar process is shared by layer two Bitcoin projects Lighting and RGB. When trusting a contract, trust is being placed in a community and Bitcoin has the best. With experienced developers in short supply, there is no better place to build the metaverse than Bitcoin. Solidarity in the Bitcoin community means you don’t need to worry about scammers. An ethic of censorship-resistance means there is no single point of failure. The anonymity of Satoshi laid the foundation for a maximally decentralized network.
Bitcoin RGB Provides a Paradigm for Hard Asset Ownership
RGB is a scalable and confidential smart contracts system for Bitcoin and lightning network. Bitcoin takes a layered approach to scaling. Layer one is the Bitcoin blockchain. Layer two are Bitcoin RGB assets. Layer three are Bitcoin RGB interoperable platforms.
The paradigm change of RGB includes two levels of ownership for assets. Access and ownership. Access can be thought of as a public asset key while ownership can be thought of as a private asset key.
In the RGB paradigm, an artist maintains ownership of their asset while selling access rights to platforms which act as galleries and curators in industry, marketing their work to ultimately be sold through a local RGB contract run on the artist’s node.
Layer one processes include minting an RGB asset from your node, including public and private keys for each asset. Layer two processes include broadcasting an RGB asset on your node over lightning network. Layer three processes include selling access in the form of a public asset key to galleries and curators. The RGB paradigm gives artists the ability to sell access to multiple RGB platforms. In Tezos, HEN operates on layer one, whereas on Bitcoin, HEN would operate on the third layer.
This is where I would like to make a clear distinction between a Tezos HEN NFT and a Bitcoin RGB hard asset. There is no possibility for the HEN exploit to happen on RGB. Because an RGB asset is minted on-chain utilizing cryptographic commitments to transaction outputs in the same manner as lightning network, there is no possibility for the manipulation or robbery of assets at the platform layer. Artists interacting on the platform layer can be assured ownership by holding the private asset key. Galleries at the platform layer are granted only access rights. Contract-level code in general would have no possibility of asset manipulation. The harsh contrast in provenance design highlights grave vulnerabilities in HEN NFTs. A pure layer one approach mixing contracts, ownership and access rights into a single layer was deemed acceptable to myself and many in the community.
Provenance is of Secondary Concern in NFT
A standard remains undefined. An NFT can be anything. What is claimed in regards to provenance often does not meet the standards of discerning artists and collectors. On-chain immutability claims have been made of JPGs hosted on private databases. RGB provenance is provided via timestamp to Bitcoin. In this way, Bitcoin can be thought of as a timechain. Commitments are made on layer one via seals to Bitcoin transaction outputs. Custom asset definition and schema means an asset can be anything. While the specification for interoperability is restrictive, the characteristics of an RGB asset are not.
Bitcoin derives security from the proof-of-work consensus mechanism. Majority hash rates provide the highest level of security compared to any other chain, contributing towards provenance. The proven security model of SHA256 forces all chains running the same mechanism to compete for hashes. Replacing proof-of-work with proof-of-stake as a solution to censorship-resistance and scaling is dubious.
The integrity of the HEN contracts went unquestioned. In order for the industry to mature, the community must be more discerning of the technology. Exploits hinder acceptance into the broader art community by failing to meet provenance standards. NFT is saturated with aspiring artists whose fledgling careers quite literally rely on the integrity of the functionality. Reputation in the art community at large remains paramount. An issue arises when advocating for artists to mint on unaudited contracts. Significant competition between platforms will bring about more robust standards for client-side validation.
Bitcoin RGB is not immune from client-side error and does not solve data storage. Standardization is needed for a thorough client-side specification in order to prevent poor user experience. The desired level of data storage centralization will vary between users. Client-side contracts hold the biggest potential for bad user experience. Product and interaction design can remove layer one, two and three complexities when assets are built under a standard. The Umbrel node has an elegant interface that allows plebs to participate in the peer-to-peer Bitcoin lightning network. With an app store style plugin library, Bitcoin provides an environment to build decentralized applications and interfaces. Chain exclusivity touted will be available with RGB and TAPROOT. Fool proof standards are needed for implementation of client-side interfaces.
The Bitcoin Metaverse
Only the Bitcoin community promotes sovereign ownership of digital assets. This is exemplified by the motto “Don't Trust, Verify.” Each artist has the opportunity to participate in Bitcoin network consensus by verifying transactions through a personal node and holding their private asset keys locally. I believe Bitcoin RGB provides a greater level of provenance than existing protocols via UTXO commitment.
An unconstrained vision propelled NFT to its height of popularity. The same unconstrained vision must be fostered within the Bitcoin community in an effort to build the Bitcoin metaverse. Lightning network and RGB assets will allow for rich economic commerce with secondary markets. Peer-to-peer channels will be opened to seed files from artist to collector, automated by contract and graphic user interface. Access will be sold to platforms which act as galleries and curators. Multi-network asset platforms will emerge as NFT standards become defined. Referencing the Bitcoin timechain to prove a work existed prior to a point in time will become an accepted form of digital rights management.
Clean product design, open access and grassroots adoption through artist endorsement brought a wave of generative artists and creative coders to HEN. The community was decidedly ignorant to the actual securities provided by the HEN contracts and my hope is that the community will persist regardless of platform.
The concerns of leaders in NFT will be important in giving direction to the RGB paradigm. Artists have concerns about collaboration, community, commission, provenance, royalties and transaction fees which Bitcoin product designers will need to consider. A cypherpunk ethic remains in the most diehard of the NFT community, but a lack of standardization leads the fair-weather noob to oblivion. When the hoi polloi of the art world inevitably re-invade the industry, cryptography at layer one will be least of their concerns. Not until after price bloodlet and broken promises do we take a discerning look and find the systems broken. The death knell of Tezos NFT ushers in a brighter vision with Bitcoin RGB.
Gabriel Vincent Moon is a designer for motion & interaction concepting asset interactivity for the RGB paradigm. View his work and hire him.
Thank you for reading. Email gabe@gabe.mn with feedback or suggestions.
Follow Gabe on Instagram, LinkedIn, Pinterest & Twitter.
Copyright © 2021 Gabriel Vincent Moon Design, All rights reserved.
