Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
github.com/robriks/degobbleable-turkey-nfts-artgobblers
Gobble Gobble! It's been discovered that the alien species Art Gobblers are very fond of turkeys. Good thing it's almost Thanksgiving! Nothing like ringing in the fall season with a new NFT project specifically designed for $TURKEY-loving alien Art Gobblers!
Degobbleable Turkeys, ticker $TURKEY, are special NFTs that are designed to form a simple on-chain game around the mechanics of Paradigm's highly anticipated Art Gobblers. They are meant to be gobbled whole by Art Gobblers; but since Art Gobblers are aliens who evolved to possess gastrointestinal systems unfathomable by humans, strange things happen when Art Gobblers gobble turkeys! For reasons unknown, what to a human would normally be a run-of-the-mill delicious holiday meal is a reversible cloning process for Art Gobblers' digestive systems. That's right, after being gobbled (via the cook() function), Degobbleable Turkey NFTs can be resurrected by being de-gobbled: burned and reminted (via the deCook() function)!
Get it, Gobble-deCook? ;)
A few quick facts about the Degobbleable Turkey NFT contract are worth discussing:
Keep in mind that this contract is NOT audited and was spun up in one day, so be wary of bugs (and please report them to me to be fixed)!
What exactly happens when a gobbled Turkey nft is un-gobbled, you ask? Great question! Naturally, its tokenURI is updated to reflect a different image reflecting its new resurrected state, duh. But more importantly, the Art Gobblers alien physiology thereby produces a cloned Turkey NFT, which is the only way by which new Degobbleable Turkeys can be minted. I call it proof of burn!
Under the hood, the cook() hook uses SolMate's handy _burn and _mint functions, which delete the gobbled tokenId, burn it to the 0x00 address, and then immediately remint the deleted tokenId within the same transaction. In addition to recovering the Turkey's tokenId to the caller's address, a second additional Turkey NFT is minted to the caller: a clone of the original! This adds a cost to creating new turkeys (ie gas).
This process is very user-friendly as it happens automatically when an Art Gobbler owner calls gobble() on their Turkey NFT. This of course requires the user to also own a Degobbleable Turkey NFT, which only requires a simple claim to mint. Again, it's worth noting Turkey NFTs are only mintable by Art Gobblers holders.
As previously mentioned, cooking + deCooking is the only way that Turkeys can be minted. This effectively prevents rapid supply inflation, because cloned turkeys cannot be gobbled. This is enforced in a simple manner: tokenIds for cloned turkey NFTs are pushed beyond the ArtGobblerSupply. This is achieved additively by using a 10000 multiplier, causing every subsequent clone to have a tokenId 10000 higher than the last (ie Degobbleable Turkey #1's clones will have tokenId #10001, #20001, #30001 etc.)
To compile, run:
forge build
To run the Turkey NFT tests with plenty of verbose output from the test file:
forge test --match-contract TurkeyTest -vvvv
Feel free to mess around with the contracts!
If you have ideas about how to make this game more interesting, let me know! A limited time window element for gobbling/degobbling or other additional mechanic could be engaging. Ways to incorporate Goo, Pages, or Legendary Gobblers are also ideas with potential. Feel free to reach out on GitHub or Twitter with ideas. :)
Gobble Gobble!!
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.