-
Notifications
You must be signed in to change notification settings - Fork 6.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Metaplex team should not updateAuthority in specific case on mint Token Metadata #1055
Comments
I see, mint lacks mint_authority, so Originally mint seems should be created by @islaperfito one of here case she owns 3fStvMDNKbG1FRu8reeMrz6V53fdtQFMs84enMGQVNXV not sure - public tools do not give UI to prove that transaction So token metadata program does not check mint_authority, but only update_authority, so technically it is possible to update without external solana wide governance process or metadata program update
if we mine prove of 3fStvMDNKbG1FRu8reeMrz6V53fdtQFMs84enMGQVNXV or 56MXtFPzsLMPhq4NjNMc7xa2E1ztB2M8RJ9EYyFzymeL created mint , could we change metadata to update_authority ? or, actually hypothetically we can think of metaplex as abuser or authority which occupied update authority, so that others doe not. while properly. mint tool should error in case same transaction does not sets metadata. from this perspective just removing authority is kind of good. but best seems replacing authority of update with pubkey which created mint. so would be transaction id of creator is enought for that and may be some nonce signed by creator key? |
as per https://solanabeach.io/address/2HeykdKjzHKGm2LKHw8pDYwjKPiFEoXAz74dirhUgQvq was mint authority at some point 3fStvMDNKbG1FRu8reeMrz6V53fdtQFMs84enMGQVNXV intresting how it was removed and how to return something back - metadata authority to 3fStvMDNKbG1FRu8reeMrz6V53fdtQFMs84enMGQVNXV |
This Issue has received no activity for 30 days. We will close it in 2 days, please reopen if you are still experiencing this issue. |
@aheckmann Hello, can I take my tokens update authority now? |
@aheckmann @metaplex are you in control of that adress? |
@aheckmann @metaplex We are having issues with a community token being displayed as NFT rather than a token because its missing decimals, and the new metaplex standard classifies it like this, so third parties follows it like phantom or solscan. And now our community token only could be edited with “Aq..”. Are you in control of that adress that you used for this? |
Hi, it seems this issue still exists because wormhole tokens deployed to Solana by their permissionless process do not have metadata URIs and therefore cannot have important metadata (like the token image) appear on explorers, wallets, or web3 UIs. Instead, all tokens created by the bridge forever have no metadata and it's impossible to update them. Is there a way to patch these tokens periodically such that teams who manage them can add images to their metadata? This will prevent users from selecting the incorrect token that a scammer deploys with the correct image, which right now in our case, 12 have popped up. All scam tokens are using our token image while ours (the real one) does not have it. Our token ID for reference: |
Hello, I have a token which was created through wormhole when the way to add metadata was done on GitHub token list repo. Mint address: Authority: |
Have you found any solution @Skelt24 ? |
Unfortunately no @mustvlad still stuck on this one |
Looks related #2282 Any proposed solution from the metaplex team? |
I am having the same issue, i have verified the contract from BNB to SOL using wormhole and contract authority is BCD75RNBHrJJpW4dXVagL5mPjzRLnVZq4YirJdjEYMV7 Meanwhile this token with the same authority managed to update the logo/socials Can someone explain how is this possible? |
Describe the bug
Metaplex team somehow is authority on third party token. Expected it should not be.
Here is new mint and metadata as I applied
https://explorer.solana.com/address/EuRVbM38Dvseeei6Be5q8SP31d7dKySsRAM5vV48DrBs/metadata?cluster=devnet
updateAuthority is my key.
Here is 2 tokens with updateAuthority on metadata AqH29mZfQFgRpfwaPoTMWSKJ5kqauoc1FwVBRksZyQrt
https://explorer.solana.com/address/2HeykdKjzHKGm2LKHw8pDYwjKPiFEoXAz74dirhUgQvq/metadata
https://explorer.solana.com/address/So11111111111111111111111111111111111111112/metadata
See that https://explorer.solana.com/address/metaqbxxUerdq28cj1RbAWkYQm3ybzjb6a8bt518x1s and https://explorer.solana.com/address/p1exdMJcjVao65QdewkaZRUnU6VPSXhus9n2GzWfh98 Upgrade Authority is same - Metaplex team as I see.
To Reproduce
I do not know.
Expected behavior
There should be a way to set https://explorer.solana.com/address/2HeykdKjzHKGm2LKHw8pDYwjKPiFEoXAz74dirhUgQvq/metadata updateAuthority as
3fStvMDNKbG1FRu8reeMrz6V53fdtQFMs84enMGQVNXV
or
56MXtFPzsLMPhq4NjNMc7xa2E1ztB2M8RJ9EYyFzymeL
(creator of mint).
Metadata URI should be set to https://raw.githubusercontent.com/SatorNetwork/sator-solana-contracts/main/assets/sao.json
Additional context
Sator token is on Wormhole.
Information about token and owners solana-labs/token-list#4877
The text was updated successfully, but these errors were encountered: