ELI5 how opensea nft works

I’ve used Open Sea on rinkeby testnet and listed a NFT…

but I don’t understand why a proxy transfer took place and why the NFT never shows up in my wallet? (I understand lazy mint is in effect and the tokens only get minted when a trade is executed)
It never tells you why and for what purpose you are signing transactions! what if my browser is infected and everytime im on opensea it shows me some popup to sign some unknown message?

  1. Is opensea a marketplace or a NFT registry ? if its a registry, is it centralization on a decentral network?
  2. Do I even own the nft listed on opensea? or does opensea own it and internally just updates the owner address in a registry? (if opensea upgrades it’s proxy contracts, does it have the ability to destroy my assets?)
  3. are the opensea contracts open source? (can’t seem to find on github)
1 Like

Hi CodeZed, welcome to the forums!

I can’t do an ELI5, it’s impossible for me.

why the NFT never shows up in my wallet?

Did you add the custom token to your wallet?
Please link me your address so we can take a look.

Yes if you are using lazy mint, then it won’t happen until an exchange or sale or transfer of the token in some way happens. This is to save on gas, otherwise you would end up minting a ton. Open Sea’s strategy is to not have minting happen until absolutely necessary, which has both pros and cons.

It never tells you why and for what purpose you are signing transactions!

In my opinion, you should only sign transactions that are initialized right when you “do” something. Don’t sign or commit any transactions that just pop up out of nowhere.

what if my browser is infected and everytime im on opensea it shows me some popup to sign some unknown message?

You’re right, it’s very important to keep good operation security going at all times, especially when dealing with cryptocurrencies. This is philosophical question on how secure do you really want to be? - At the very minimum you should be running things like AdBlock Plus and uBlock Origin and making sure you don’t have sketchy extensions installed. Most modern browsers do a really great job at keeping users protected, but sometimes that isn’t enough. You need to be astute and pay attention when installing and clicking things.

  1. Is opensea a marketplace or a NFT registry ?

Both. You can buy and sell NFTs, thus making it a marketplace.
You can also register NFTs, but it’s debatable on when an NFT is actually registered.

if its a registry, is it centralization on a decentral network?

Both.
It’s centralized because the Front End interface is ultimately controlled by Open Sea. They don’t have to list your NFT and they might ban certain NFTs from existing on their website.
It’s decentralized because when the NFT is minted via a smart contract on the decentralized ethereum network, the NFT exists in your wallet in a decentralized manner.

What I’m saying is that after you mint your NFT and have it in your wallet, you can go to other dApp marketplaces and interact with your NFT there, as long as the other marketplace dApps can read NFTs generated by OpenSea’s smart contracts.

Do I even own the nft listed on opensea? or does opensea own it and internally just updates the owner address in a registry?

If it exists in your wallet. You own it. Otherwise it’s just a dApp saying you own it.

(if opensea upgrades it’s proxy contracts, does it have the ability to destroy my assets?)

The Open Sea contracts are here https://etherscan.io/accounts/label/opensea
I’m not exactly sure how Project Wyvern Proxy Registry works, but here’s an answer to that from reddit. https://www.reddit.com/r/opensea/comments/a3tax6/opensea_security/

Excellent question /u/ProficieNtOCE! OpenSea uses the Wyvern Protocol, an (audited, battle tested) system that creates a personal proxy contract for each user. We don't control the proxies that get created, and you have to approve access to each ERC721 contract individually (and some contracts, like CryptoKitties, you have to approve each asset individually) before the proxy can access any of your assets.

Once a proxy contract is approved, you can sign orders indicating that you are willing to sell a given asset for a specific price. The logic of the exchange contract only allows it to transfer an asset from your proxy only if A) you have signed an order, and B) it is properly matched by a buyer paying the appropriate funds. So not only does your asset never leave your wallet, it's only allowed to be swapped if an order you create is properly matched.

So, the bottom line is: you're granting extremely limited access initially. Then, as you start making listings, you grant further limited access on an as-needed basis. The proxy addresses are created programmatically and can't be changed.

are the opensea contracts open source? (can’t seem to find on github)

I hope this helps. I think it’s great you are being security minded when it comes to these things. Personally I do not think OpenSea will try to do anything malicious. It’s a long term project with a great team.

wait… you mean like on metamask?
metamask doesn’t support NFTs (ERC721 or ERC1155)
so it can’t really show up on metamask

what i understand is that OpenSea is sort of like another wallet system which uses metamask for authentication and supports storage of ERC721/ERC1155

metamask doesn’t support NFTs (ERC721 or ERC1155)

I disagree for ERC721
https://metamask.zendesk.com/hc/en-us/articles/360058238591-NFT-tokens-in-MetaMask-wallet
https://metamask.zendesk.com/hc/en-us/articles/360058488651-Does-MetaMask-support-ERC-1155-

I added my own NFTs using the ERC721 standard to my own metamask wallet.

Here is a resource on understanding how to do this with Open Sea.

Here is more of a resource on how to think of how Open Sea handles NFTs.

Not sure about other platforms but on MetaMask firefox(one I use), there’s only an option to add a custom token

To add an NFT you need

  1. Contract address
  2. Token ID
    only if you add these 2 ingredients can you know whether your address actually owns an NFT

As per ERC721 Interface,


even ERC721 would need contract address + token Id to know for sure which address owns the token

Please correct me if I’m wrong,
Thanks!