Monday, October 11, 2021

APE Friendly Intro to Ethereum and NFT's | GAMESTOP NFT DEEP DIVE | NFL Tom Brady’s NFT Company Autograph and Draftkings Marketplace Might be Committing Fraud

TL;DR: 1. I explain how Bitcoin works, how it relates to Ethereum, then what NFT’s are. 2. I take you on a deep dive to show you that I think foobar minted GME’s NFT coin on 5/25 and messed up creating 2. That’s why the comment says “the one and only”. I also show you the video the GME NFT points to. Lastly I think I found evidence Tom Brady’s company Autograph, along with Draftking, still hold all the NFT’s it has minted and SOLD to fans. I put a lot of work into this and I think it’s worth the read if you have time.

I wrote all this last night, and woke up to the NFT Flordia Ryan Cohen tweets and now my titties are jacked and I’m going to release this afap (as fast as possible) to both get eyes on possible crimes, but also to educate you all on NFT’s before any big announcements. This is my first attempt at writing any sort of serious post, so please be kind. I’m a lurker at heart. I’m not sure how automod is setup for external links, so I will number all the links to sources and put them in a comment below. (Maybe a mod can pin it, can I do that myself, idk. (can you tell I don’t post)).

I’ve recently been looking into Ethereum and NFT’s to better understand how they work. I am no expert in this space so take everything you read here with a grain of salt. I’m sure I’ll make mistakes, I’ll try to make edits correcting anything I get wrong. My biggest fear is spreading misinformation; that is not my intention. I thought I might as well share what I have learned with all of you. Oh and this isn't financial advice...obviously. I’ll first go over Ethereum and how it works. Then we will look at how the first NFT projects were minted and compare it to how Gamestop’s NFT was minted. Oh, you’ve already seen Gamestop’s first NFT by the way (you’ll see later). Last I will show you why I think Tom Brady’s new NFT company Autograph and Draftkings are committing fraud. Before you go further if you haven’t read The Glass Castle DD by u/3for100Specials then go do that now; I’ll put the link below.

The Glass Castle DD

1. Ethereum

Ethereum is a decentralized, open-source blockchain with smart contract functionality. Ether is the native cryptocurrency of the platform.

If you are going, “What the fuck does that mean.” You aren’t alone. I’ll try to dumb it down as much as possible. First what is blockchain? Well duh, it’s just a chain of blocks. This (to my knowledge) was first introduced with Bitcoin. In order for someone to have Bitcoins in their wallet, that number must be derived from somewhere...the ledger. But how do I send the Bitcoins to another address to update the ledger? Here is where we get our blocks. A block is just a list of transactions. But there isn’t a single list that’s being updated like a google doc in a group project. Kyle can’t just say I sent him all my Bitcoins. (Fuck you Kyle). So there is going to be multiple blocks...a chain of blocks, and we have to make sure all the transactions are real...proof of work. Miners are the ones who do the work proving all the transactions are real. For each block of transactions a miner is taking all the transactions and hashing them with something call a nonce number. Each time the miner tries to solve the problem and fails the nonce number will increase (Hashing is a 1 way function. It will always convert the same data into the same hash, but minor changes results in wildly different hashes). Then the miner will hash again and see if that nonce solves the block (Hashrate is how many nonces you can check a second). If a miner solves the block they get both the reward for the block and the transaction fees in the form of Bitcoin. Other miners can then look at the block then hash it themselves and see if the nonce number was right. This is why you have to wait 45 minutes for confirmations on your transactions. You have to wait for the block with your transaction to be part of the longest blockchain to be considered final. Anybody can be a miner which is what makes Bitcoin decentralized. Daddy Uncle Sam can’t do anything to change the ledger to take your coins out of your wallet...or can they?

If some malicious person (Lets call them Uncle Sam for no reason) wanted to fake a transaction in the blockchain what would they have to do? First Uncle Sam would need to add or change a transaction in a block, then do the hashing for that block to prove it (remember doing that proof of work takes time and power) Uncle Sam would then have your Bitcoins right? Nope. The longest blockchain on the network is taken as the most likely to be true because the most proof of work has gone into creating it. So Uncle Sam would need to keep hashing blocks and out-compete all the other miners on the network who are currently working on the longest blockchain in order to surpass them to get their fake transaction on the longest blockchain. This would mean Uncle Sam would need at least 51% (hence 51% attack) of the hashing power on the network to fake a transaction. Cool. That’s a lesson on Bitcoin not Ethereum. You’re right. Lets get to Ethereum.

What makes Bitcoin and Ethereum different? SMART CONTRACTS!!!

What is a smart contract? Woah there bud. Lets backup and talk about Ether. Ether? Isn’t that just Ethereum? Not quite pal. Ether is the cryptocurrency that runs the Ethereum network. The Ethereum platform is built with a Turing-complete language, while Bitcoin is built on a scripting language. Wut mean? It essentially means you can write a program that is ran using Ether (gas) and this is what a smart contract is. This isn’t just any sort of program though. It is on the Ethereum blockchain. This means once it is launched there is a limited ability for changing the code for that contract, so you better hope there are no contract-breaking bugs. A bug could lead to your smart contract being hacked (I do a side note giving an example later).

Now what is an NFT (Non-Fungible Token)? An NFT is just a type of smart contract that mints unique tokens that have the ability to point to a peice of data (ipfs is the standard from what I have seen. More on this later). The standard that was adopted for this is called ERC721. Sound familiar? If not, then you didn’t read The Glass Castle DD by u/3for100Specials; this time you have to scroll up. The current popular use is tying the NFT’s uri (just think url) to an image, but the uses are endless. So now when you hear someone scoff at the idea of oWnINg a PiCTuRE you could’ve downloaded, you’ll know it’s not just the image that is valuable, but the ability to prove on the blockchain it’s the original made by Picasso himself. Can they prove the Mona Lisa is still the original?

2. THE GME NFT

Let’s get into the good stuff. This is what Wikipedia has to say about the early days of NFT’s.

NFT Wikipedia

If you are new here or are unaware, Gamestop hired one of the devs from Larva Labs (foobar) to do some contract work. And I’ll show you that some of that work was minting the GME ERC721 token...twice. But first lets look at how Larva Labs wrote the smart contract to mint the first NFT’s using non-fungible tokens. Source Code link in comments below [1]

CryptoPunks Source Code

(I'm not good at editing pictures btw) Here we see how the early NFT’s were minted. All of them at the start were sent to the owner address. All NFT’s have to be minted into someones address. In most cases it’s the owners of the project. There is then other code in the smart contract which takes care of auctioning off the NFT’s. (Remember. Smart Contract code can't be edited once on the blockchain) Do you notice how in the function setInitialOwner how the argument passed in is named “punkIndex” (more on this later). This index is very important. This is the index that points to which picture (or CryptoPunk) that NFT holder owns. Here is a picture of all the CryptoPunks.

All CryptoPunks

Each punkIndex (just a number, there are 10,000 punks so the punkIndex is from 0-9999. Programmers start at 0 because it's badass 😎) is referring to one of the CryptoPunk images. I assume it counts left-right and top-bottom, but I’m not sure. These were also minted before the standard for NFT’s (ERC721) so the smart contract code for the NFT itself is within the same contract which makes it both messy and non-modular (You’ll see how short the entire Gamestop Smart Contract is using ERC721). Now back to the punkIndex...some of you may be thinking to yourself, “Hey wait you dumb bitch. You said earlier that NFT’s link to images using a uri?” And some of you are also thinking, “Wait, so where are the pictures being stored? On the blockchain, right?” Nope. This is what had me confused for so long. The Ethereum network is not a cloud server that will store your pictures. So how do you make an NFT for an image when you can’t store the image on the blockchain? Why don’t we go and take a look at Gamestop’s NFT source code to get an idea. I’ll paste a link to the source code below [2]. You can find it yourself by going to nft.gamestop.com scroll down and copy the hexadecimal number. You can tell a number is hexadecimal if it starts with “0x”, and it will also contain letters a – f. (Ape version : Hexadecimal = 16 fingers, Decimal = 10 fingers) Almost all blockchain addresses and transactions will be represented as a hexadecimal number. Now go to etherscan DOT io and paste the number and search. Towards the bottom click contract and there is the source code. Now to the code.

GME's NFT Smart Contract

Hmm. Why would the ID variable for the Mint event be called “_punkId”? Maybe the developer who wrote punkIndex also wrote punkID, but idk. At the top we also see “contract Gamestop is ERC721” in software engineering we call this inheritance. It basically means ERC721 is the template and Gamestop IS one of those and now we have access to all the data and methods the ERC721 contract/class provides. Inheritance is used so programmers don’t have to copy and paste code as often, and it also comes with many benefits but I’ll save that for a later time. We also see a launchdate variable which is a number. That number is the UNIX timestamp for Wed Jul 14 2021 11:20:00 GMT+0000. (Remember the hype for July 14th. Seems like years ago) And if you look at the bottom function; it’s a setter for the launch date. That is all the code for the launchDate number. This smart contract minted the GME coin on 5/25/2021 and the launchDate doesn’t affect anything within the smart contract itself...

Side Note: Remember when I was talking about smart contracts being hacked earlier? The setter function for this contract requires the message to be sent from the owner address (see how every function has “public onlyOwner”. Then look at onlyOwner. Msg.sender must equal owner). Now imagine a contract which didn’t, and now also imagine if the launchDate actually did something within the contract. Someone malicious would then have the ability to change the launchDate and ruin the contract. Now back to GME.

The last thing you’ll notice is the token uri is pointing to something called “ipfsLocation”. What is ipfs? It’s where an NFT image can be hosted (decentralized, as long as there is 1 host the data will stay around) and much, much more, but that's for another time. Why don’t we take a look at the ipfs in GME’s smart contract. If you would like to follow along here it is: ipfs://QmaLEchFaE7FWhc4MCvYMqoTdK8rV1yfjEC5Bz4jzQRbjS

GME's NFT IPFS Search

OOOoooOOOOooOooo(spooky) an MP4! Here it is (Direct link [3])

THE GME NFT

Earlier in the post I said that foobar minted GME twice. I’m not sure if that is the reason we see 2 ipfs searches for the mp4 link, or if the ipfs which contains the link is used somewhere else. Foobar may have accidentally used the wrong ipfs link when minting the first coin, but I’m not sure. That being said let me show you how I know the Gamestop NFT was minted twice. If you go back up to the code for the Gamestop NFT contract you will see an owner address where the minted coin will be deposited. Lets take a look at the ERC721 transactions for that address.

GME NFT Owner Address Transaction History

We see on 5/25/2021 that 2 GME tokens are minted with the id 0 (Remember the punkID in the smart contract Mint event is hard coded to be 0). Then hours later 1 of them is burned. If you look through the source code for ERC721 one of the functions you can call is _burn which sends the token to the void or “Black Hole”. Now go back to the Gamestop contract source code and look at line 896. The comment says “The one and only”… well not only. Now for fun lets look at the transaction hash for the minting of one of the coins. But before that remember how I said Ether (gas) is what runs the smart contracts? Well now you remember...onto the transaction.

GME Coin Mint Transaction

Look at that transaction fee...ouch, $290 to mint 1 token. Just let me whip up 75 million of those…(minting more tokens at once may scale and be cheaper IDK, but still too expensive for a potential dividend) This is where Loopring and Ethereum Layer 2 ZK-Rollups come into play. Gas-free NFT minting allegedly... I’ve been looking into Ethereum Layer 2 but I still don’t understand it enough to explain how any of it works to all of you. Loopring is adding support for NFT’s in 3.9. I’m not sure if that is currently live or not, but I saw the commit on their Github page from 2 months ago. One thing I will tell you is that testing for software projects like this is extensive and takes time. Give Gamestop (And Loopring) time to release whatever they have in store with NFT’s; a delayed release is better than a botched one. That being said as I was researching I ran into something involving Tom Brady and NFT’s minted on Ethereum Layer 2 using Polygon.

3. Tom Brady’s Autograph and Draftkings Marketplace

If you aren’t familiar with Tom Brady. He’s a football player. Moving on.

As I was researching NFT’s built on Ethereum’s layer 2 I ran into Autograph and their NFT’s. When I was looking into the NFT’s Tom Brady’s company Autograph mints, I was shocked at what I found. But before I show you I want to explain something I didn’t earlier which is what lead me to finding this. The ipfs uri link in an NFT is retrieved by reading the contract with that token’s ID. If you go back to Gamestop’s source code link [1] but instead of clicking code, click read contract. It will list all the methods available to be read from the contract. For Gamestop the 11th method is tokenURI. If you ask for token 0 it sends back the uri for Gamestop’s NFT video, all NFT's are designed like this, different NFT's will point to different pictures, videos, ect (understanding NFT's better now?). I was attempting to do the same thing with Autograph’s NFT’s. I mean...come on...lots of big names here. Tom Brady, Tiger Woods, Wayne Gretzky...so it must be professionally done and I can learn from their professionally written code...maybe not.

https://preview.redd.it/t2l6vty3vvs71.png?width=916&format=png&auto=webp&s=f250593413c437bb97fb19dd2d621f60bc7c3b75

Lets first look at an NFT on Autograph’s website.

Tom Brady Autograph NFT

In the screenshot I have clicked the button exposing the Contract Address link which took me longer to find than I would like to admit. Lets click it.

Autograph ERC-721 Contract

Alright cool. It leads to an Autograph ERC721 token...but the Contract source code isn’t visible...and neither is any of it’s function calls to read the contract. This may just be a feature of Polygon, I have not really looked into Polygon. But okay fine Tom. You can keep your source code secret. Did anything catch your eye. It didn’t catch my eye the first time, but after I looked into Autograph’s partner in CRIME Draftkings it all made sense. If you look back at the Tom Brady NFT you’ll notice it’s sold out. ALL OF THEM ARE. WHERE DO I BUY MY FAVORITE FOOTBALL PLAYERS NFT NOWWWW!!!! Well sweety. Draftkings is the place you are looking for you. Check it out, a secondary marketplace for Autograph NFT’s!

Draftings Marketplace

Alright. Wow it said $1,500 on Autograph’s site, look at that ROI. NFT’s are HOT HOT HOT right now. But I love Brady (Not really) and want the NFT. So I’ll purchase it on Draftkings with some ETH I have sitting around and transfer it to my wallet, right? It’s on the blockchain after all... No need for T+2 settlement like stonks. Lets just go and look at the 50 transactions for this NFT below.

Tom Brady NFT Transactions (Draftkings Marketplace)

Wait. Those aren’t normal blockchain transactions. Why are there @ symbols. I can't click on them to explore the transaction on the blockchain... What is this? Where are my beloved blockchain HEXADECIMAL transaction hashes??? Well lets just go and look at the FAQ on Draftkings.

No ability to withdraw to wallet? Wut?

So you can’t withdraw your NFT right now? Some BS but okay. Let me just buy one.

Draftkings USD Only

USD ONLY! Hmmm.... Okay now go back and look at the polyscan for his NFT again. Does something catch your eye this time? I’ll let you struggle with it yourself for just a bit longer before I just go ahead and say it. So while we are waiting for me to tell you, are you curious at all when Autograph launched Brady’s NFT? I’ll just go right ahead and tell you it launched Aug 10th. Now if you go look at the oldest transactions (Minting tokens starting with ID 0 for the collection and so on) the minting starts Aug 10th. Cool? Why does that matter? It indicates that these are the tokens minted for all of the Autograph NFT collections (and its what they link to).

BUT LOOK AT THE HOLDERS

THERE IS CURRENTLY 1 HOLDER FOR ALL THE NFT'S MINTED BY AUTOGRAPH

WHAT THE FUCK! So you’re not only telling me each collection doesn’t have a token with a unique symbol for the athlete, but they are just minting a basic Autograph ERC721 NFT with a uri to a video. Alright fine. But why are the transactions for the NFT’s not appearing on the blockchain?

THEY ARE FUCKING SELLING IOU’s.....BUT WITH NFT’S!

Now before you call anybody stupid for buying one of these NFT IOU’s, remember this IS HOW THE STOCK MARKET HAS BEEN WORKING FOR YEARS. I only found this because I know how this technology works (Vaguely. Remember. I said I may be wrong) DeFi will be the end of crime like this. I hope Tom Brady and his team (Oh, and get this shit. As a developer I look for things like good tech leaders in a company. I mean come on. Look at Gamestop. Now go to the about page for Autograph. Not a single lead tech role. No head of blockchain. No head of engineering. No major technical roles for an NFT TECH COMPANY. That’s why I think the IOU’s are intentional. THEY KNOW WHAT THEY ARE DOING) can fix this mess and allow people to actually take possession of what Autograph and Draftkings SOLD them. They aren’t even transferring the NFT’s to a holding account for people. This is the equivalent of PFOF brokers not buying your shares but they are still in your account. All of this is obviously speculation, but damn it looks bad and I would like some wrinkle-brained apes to look into this further. If you’ve gotten this far without skipping I solute you. And thanks for reading.

TL;DR: 1. I explain how Bitcoin works, how it relates to Ethereum, then what NFT’s are. 2. I take you on a deep dive to show you that I think foobar minted GME’s NFT coin on 5/25 and messed up creating 2. That’s why the comment says “the one and only”. I also show you the video the GME NFT points to. Lastly I think I found evidence Tom Brady’s company Autograph, along with Draftking, still hold all the NFT’s it has minted and SOLD to fans. I put a lot of work into this and I think it’s worth the read if you have time.l


No comments:

Post a Comment