Valid NFT Enforcers #69
Description
One attack vector is minting a lot of fake nfts, and fake scion nfts.
The only way to verify an NFT beforehand is with an outbound https request to the arweave api which is too complex. It also doesn't check for porn.
What we need to do is have a system where people are penalized by minting their own invalid nfts through our backend.
I'm not sure of the incentive system yet, but we can do 2 checks:
- If it's a valid arweave id.
- If it passes the porn check.
If either fails, the accuser takes the money from the NFT (and perhaps something else more consequential, like a slash from their topup account). This will disincentivize bad actors and clean up whatever damage they've done.
But there's one caveat. There are valid tx ids that have no assets attached. We need another specific check for if these types are used as an attack vector.