A fully-compliant implementation of IERC721 that selects token ids pseudo-randomly. You can read about its inspiration in this Medium article.
contract FashionHatPunks is ERC721r {
// 10_000 is the number of tokens in the colletion
constructor() ERC721r("Fashion Hat Punks", "HATPUNK", 10_000) {}
function mint(uint quantity) {
_mintRandom(msg.sender, quantity);
}
}There is also the function _mintAtIndex(address to, uint index) which allows you to mint non-randomly, but it will only behave as you expect if you:
- Use it before minting randomly
- Mint non-random tokens in decreasing order of id. E.g., if you want to mint id 200 to one person and id 100 to another person, you should mint id 200 first (because 200 > 100).
ERC721R pseudo-random numbers are generated like this:
uint256 randomNum = uint256(
keccak256(
abi.encode(
mintTargetAddress,
tx.gasprice,
block.number,
block.timestamp,
block.difficulty,
blockhash(block.number - 1),
address(this),
updatedNumAvailableTokens
)
)
);Miners can game this, but the assumption is that in most cases it will not be worth the cost on their part.
Finally, ERC721R exposes public totalSupply() and maxSupply() functions.
ERC721R uses the modern version of the Fisher–Yates shuffle which stores the list of available tokens and the list of minted tokens in one data structure to save gas.
- At this time ERC721R does not include
safeMint()functionality. This is the result of the original author's position that the benefits of preventing users from minting to the wrong contract are outweighed by the cost of increasing surface area for reentrancy attacks. - ERC721R disallows contracts from minting for security reasons. Read more.
This contract was extracted from Fashion Hat Punks, where it was first used. The core logic and code was copied from CryptoPhunksV2. The repository structure was copied from ERC721A.
Copyright (c) 2022 Tom Lehman. ERC721R is released under the MIT License.