Unsigned Solana NFTs are Worthless
This piece discusses the spread of duplicate Solana NFTs and how you, as the collector or creator, can help prevent it.
By Derek Meer
The concept of non-fungible tokens (NFTs) on Solana is in its infancy, even in the fast-moving world of Web 3.0. In fact, Solana’s current NFT metadata standard came out in June 2021, a mere three months before this article was published. In that time, a number of marketplaces have launched to give people the platform to sell and re-sell NFTs.
The marketplaces have run into a few issues, one being the proliferation of fake NFTs:
To see why this could have happened, we need to explore the Solana NFT developer’s guide, created by Metaplex (who created the NFT metadata standard mentioned earlier). In it, they explain the concept of “Master Editions”:
A Master Edition token, when minted, represents both a non-fungible token on Solana and metadata that allows creators to control the provenance of prints created from the master edition. A Master Edition object can only be created for mints with supply of one and decimals of zero.
This means that each Master Edition NFT has a one-to-one relationship with its mint. Given this fact, and the fact that all identifying information is stored in publicly accessible metadata, someone could copy that metadata from an NFT and mint a fake version using the Metaplex Candy Machine. It would be like going to an art museum, perfectly duplicating a famous artist’s piece by hand, and selling it as if it were the original work.
This is bad since it makes NFTs on Solana worthless. Luckily, we have a good way to prevent it:
- creators: sign your NFT metadata with your wallet
- collectors: check each NFT’s metadata account for the creator’s verification
Metaplex provides an instruction for creators to do this: `sign_metadata`
. Each metadata account in Solana has a `verified`
field for each creator; if successful, `sign_metadata`
sets this field to `true`
. This is like an artist signing their art with ink only they have, making it impossible to replicate but easy to verify.
Each creator needs to be added as part of the minting process and is required to approve metadata that was used in his name using the
`sign_metadata`
endpoint. Unverified artwork cannot be sold with Metaplex.
A Metaplex core contributor talked about this on Twitter:
Later, he provided a JavaScript example for how to call `sign_metadata`
:
This signing can be done through a web interface when using Metaplex’s built-in marketplace. If you mint through another method, like Metaplex’s NFT Candy Machine, you’ll need to track and sign the metadata yourself after each mint.
*Note: the metaplex CLI now provides a command to sign all the metadata sold via a Candy Machine post-sale: `metaplex sign_candy_machine_metadata`
. We recommend you use this command instead of the methods provided below, as this article was written before `sign_candy_machine_metadata`
was available.*
You can do this in a couple ways:
- When a user mints an NFT through your interface, store the metadata account address in a database. Later, the creators can run a script which pulls all the metadata addresses from the database and calls
`sign_metadata`
on each one. Only a creator can run this script because their wallet signs the transaction. - Scan each new block on the Solana chain, searching for the transactions which minted your NFTs. If you’re using the aforementioned Candy Machine to mint them, you can use this NodeJS script to search for the Candy Machine’s
`mint_nft`
instructions, pull the metadata account addresses from them, and sign them with the provided creator’s private key.
If the signing process works, expect to see the appropriate transaction on each metadata account.
Solana’s NFT ecosystem is young, and the tooling for verifying NFTs will undoubtedly improve. Regardless, you can use what you’ve learned here to help ensure that the NFTs you buy and sell are legitimate.