You can find a little more information in this blog post I wrote.
It is common for NFT projects to rely on a "Whitelist" to control who can mint their NFTs.
This project implements the ECDSA signatures approach with random alphanumeric strings (Secrets) that are given to users who are allowed to mint. Compare to the common approach of using wallet addresses, using secrets allow the users to use any wallets they wish. Users can also decide on the wallet at the time of minting.
https://kanji-nft.flyingnobita.com/
The NFTs that you'll be minting are AI generated Kanjis that were produced with sketch-rnn. You can see the collection that has been minted so far in this OpenSea Collection.
The secrets are 80 of the most common pinyins for Kanji. Here's a hint
There are 3 components to this project:
- React for frontend
- Cloudflare for server
- Solidity for smart contract
The flow of the minting process is illustrated in the diagram below.
- the signing Private Key should not be stored on the server. The sigatures for all secerts should be pre-generated and stored on the server instead. When a secret is submitted, a lookup of the relevant signature (if the secret is valid) is performed and returned to the user. This prevents the private key from being lost or fall into the wrong hands.
- include chain.id in the signature to prevent a testnet/mainnet replay attack
- Contract Deployment/Owner Account
- Server Signing Account
- Payout Address
- Contract Address
- Contract ABI
- Update
.env
- Update & deploy
Kanji.sol
npx hardhat node
npx hardhat run scripts/01-deploy_kanji.ts --network localhost
- Get <CONTRACT_ADDRESS>
- Update & Deploy React App
- Update
Kanji.json
& Kanji address
- Update
- Deploy Cloudflare Worker
index.js
wrangler publish
- Update Cloudflare ENV variables (CONTRACT_ADDRESS & PRIVATE_KEY)
- Update Cloudflare KV KANJI_SECRET
npx hardhat clean
npx hardhat verify --network rinkeby <CONTRACT_ADDRESS>