In the precariousness of Web3 open source code, iterative development and “move fast” ethos, things are breaking down. And by breaking, things are also made. A new project lets everyone make a copy of someone else’s NFT, aptly named “Mimics.”
But how does Mimics work, and what does it mean for the NFT art market to have a new variety of fakes? And will it result in token standards being upgraded and improved?
I met the anonymous founder of Mimics in a “Web3” office that was full of software developers writing lines of code as they nodded their heads in time to deep house and sip cups of tea.
On semi-regular occasions, I come in to visit some local developers in the blockchain space and learn more about what they’re working on. They have always been welcoming and jovial, inviting me to share in their ritualistic Friday afternoon “meme creation hour” and try to spin the DJ decks in the office.
They even offer me an office to work from there for free, provided I clean the office once a week. I told her where to go (they were joking, but maybe only half joking when I stared at the overgrown vines that lived in the bare beams in the roof).
It was at this office that I met the anon who would later take an extended sabbatical from her hand in successful engineering projects and, in her mind, discover a way and open source to mimic your NFTs.
Set up your NFTs
“I think I just broke the NFT market,” the anonymous founder told me flatly.
“Really? How?” I replied.
It turns out that art NFTs have a line of code in them called “tokenURI” or “URI” that acts as a pointer to the image being displayed. Because the code is public, you can redirect your own NFT to make it look like someone else’s. If you want your NFT a Cypherpunk, a Bored Monkey, or what about a Pudgy Penguin? You got it.
This means that your rare and expensive cartoon image NFT can be essentially cloned, not only by right-clicking on copy-save as, and creating another NFT of the same image, but as a verifiable copy that has remnants of the real thing via code. However, users who are in a hurry to clone a Bored Monkey should be careful:
“This could be a blatant copyright or other IP infringement,” said Australian crypto lawyer Joni Pirovich. “In order to determine any rights attached to the ownership of the token, and any image or metadata associated with the token, the buyer must try to identify whether all terms and conditions and any IP license apply to ‘sale ‘. “
Many projects launch or sell on NFT marketplaces such as OpenSea without setting their own terms or licenses and without revealing their identity. In these cases, they do not act to protect every IP they have or to allow a person to understand who the copyright author may be and whether there is a human or computer who has the art and / or data generated. In Australia, copyright comes into play when it is created by the author. In other countries, such as the United States, copyright is a registration system. NFTs (and associated metadata) are available worldwide and often without clear terms. This makes it unclear which IP laws apply.
Noting that a few others have cotton on the branches of how the NFT metadata works, the Mimics maker (s) have open-source how you can do it, of course.
In the code
When it comes down to it, NFTs are really just tokens with a bunch of metadata. This data item contains all the information necessary for another to find and use it.
NFTs that can be imitated through their metadata (to date) are the ones that adhere to the most common ERC-721 and ERC-1155 standards.
The ERC-721 and ERC-1155 standards provide two core sets of functionalities: checking token ownership and obtaining token data. The latter feature usually returns the appearance of an NFT to a website or wallet to display the NFT as “called” by a smart contract.
The trick with Mimics was to realize that the tokenURI can be called by a contract address. In particular, it can be called within the tokenURI function of another contract. Mimics hack the metadata, allowing you to create an NFT that mimics the digital media attributes of another, such as an image or animation. Anyone anywhere can perform this URI metadata function. Instead of the feature allowed in the ERC standards so that only the user can view an NFT or grant access rights to other sites to view it, it is public.
I ventured deeper into the Discord channel …
The Mimics project has an open source code base, so you can mimic the “targetContract” and “targetId” of another NFT and your NFT can look exactly like that NFT.
“How about these fun jellyfish?” presents the Mimicologists Guide docs.
On OpenSea we can copy them from the site URL, the “Token Id” is the number on the right, and the “Contract Address” is just to the left of it.
The Mimics contracts are now available. In true Web3 style, Mimics are available without permission, but technically a bit tricky to access.
Initially, there was no front-end of the website, so you had to go on an “expedition” to interact directly with the “guild contract” on Etherscan. This was recently updated.
How could Mimics affect markets in a year that has seen some great heat in NFTs? In the current context of market crashes, these lines of code and the token norms on which they signify have some serious consequences for NFT owners, developers and the market in general.
What does this mean?
At this stage, Mimics have no implications for NFTs outside of artwork (such as copying NFTs with different functionalities to attest membership). Only the metadata such as name, description, media and other attributes provided by the tokenURI can be imitated. For something to be proxyable, it must be an attribute that an NFT provides on a public feature or interface (meaning it is accessible to all users and other contracts on Ethereum) and not in any way validated by the Website, service or receiving contract it.
Instead of being “law” to enforce the rules of the system provably, code here is the undermining factor in NFT security. Mimics prove the thesis by well-known cryptographer “Moxie” that cryptography lacks in some respects – referring to cryptographically secure components of the codebase that make aspects of unique property demonstrable, private and / or permission. Ironically, someone has already used the mimicry contract to copy Moxie’s NFTs.
Somehow Mimics shows a coordination case in how open source standards are created, peer-reviewed and adopted in Web3. This is until you see that Mimics is actually part of the story of how these norms can evolve over time.
Set a default:
So, was this all a scam? A Ponzi scheme to shorten the market or flood it with fakes?
No. It’s a game. Mimics are another example of the playful aesthetics and hacker ethics of “Web3” culture. It’s a light-hearted hack with some serious consequences.
Just like in the traditional art market, NFTs can be faked through Mimics. And just like in traditional art markets, this fact challenges users to take responsibility for tracing the origin of what they buy. Identifying vulnerabilities is how infrastructure is strengthened.
“I think it’s cool to have copies, because the originals can always be easily verified,” says BokkyPooBah, serial NFT artist and open source software advocate. “Maybe it means educating people on how to verify authenticity, and marketplaces and tools should make it easier to verify.”
Bokky’s NFT collection features originals from well-known collections including MoonCats, a “Kevin’s Bored Ape” collection, and a “fast food” CryptoPunk.
The purpose of a blockchain ledger is to prove origin, yet it is still very difficult to verify that an NFT is from a legitimate artist. For example, on the Ethereum Name Service (ENS), people make dense copies of domain names of famous artists by replacing “1s” with the letter “l” to trick buyers into thinking it’s an original. For this reason, Bokky is working on a tool to investigate ENS names, hoping to help the community at large to spot real versus fake NFT collections.
Mimics also open up new possibilities for what humans will build next in the world of NFT art. Perhaps the first mimics will get their own value as “authentic” fakes.
The current Mimic contracts can only make one copy of an existing NFT. This can add more value to originals if people want to make verifiable copies of famous NFTs. For example, some claim that many of CryptoPunks’ clone projects actually add more value to the OG version.
The Mimics code base also includes a defense mechanism. By setting a “Shield of Essence” and activating the “aura”, the shield will protect all NFTs on the same account from copying (known as “poked”) by mimics.
Of course, the code is open source, which means shields only block mimics, not other iterations of proxy NFTs. Now that the secret is out, it is possible to copy the Mimic contracts yourself, make a few changes and mimic everything over and over.
Mimics are a call to action to improve NFT standards and decentralized infrastructure in general. The hacker developer behind Mimics not only wants to break things, but build.
“Current NFT standards do the opposite of protecting your art at the code level,” states the Mimics project blog post. While questioning whether they are breaking the NFT market, the hacker also provokes, “Maybe this article and the accompanying code will give some impetus” to a future where ERC standards are improved and iterated and are adopted even more widely. The aim is to build a better standard for their information infrastructure.
Improving token levels requires stronger code-level permissions – which means NFT creators express their code-level preferences. They would decide where that NFT is displayed instead of having it drawn publicly. Technically, you can create an NFT that blocks this at the code level and still comply with ERC-721 or -1155. However, people are not paying enough attention to the code level of the NFT market to put measures in place to detect contracts that try to execute the code and block it.
Mimics is one example of the broader ethos of Web3. The project depicts core themes of the Web3 ideal: participatory building, self-organization, and ownership of its own infrastructure (or at least, expressing preferences about how it is owned and managed).
Web3 comes from hacker communities. Hacking is about redistribution. “The politics of technology is about ways to build order in our world,” says infrastructure scientist Langdon Winner. The ways in which the dynamics of reimagining, deleting, and revising will evolve can never be fully anticipated.
Usually, in places where Web3 fails, it comes out of its own ashes like a phoenix. Epic failures like Mt. Gox and “The DAO” hack have helped lead to the proliferation of board composition and practice today. This concept helps to put the recent Terra’s LUNA and TerraUSD brand crash into context.
NFTs can be the same with projects like Mimics, which chip in the legitimacy of what currently exists to build something better.