Hi CodeZed, welcome to the forums!
I can't do an ELI5, it's impossible for me.
why the NFT never shows up in my wallet?
Did you add the custom token to your wallet?
Please link me your address so we can take a look.
Yes if you are using lazy mint, then it won't happen until an exchange or sale or transfer of the token in some way happens. This is to save on gas, otherwise you would end up minting a ton. Open Sea's strategy is to not have minting happen until absolutely necessary, which has both pros and cons.
It never tells you why and for what purpose you are signing transactions!
In my opinion, you should only sign transactions that are initialized right when you "do" something. Don't sign or commit any transactions that just pop up out of nowhere.
what if my browser is infected and everytime im on opensea it shows me some popup to sign some unknown message?
You're right, it's very important to keep good operation security going at all times, especially when dealing with cryptocurrencies. This is philosophical question on how secure do you really want to be? - At the very minimum you should be running things like AdBlock Plus and uBlock Origin and making sure you don't have sketchy extensions installed. Most modern browsers do a really great job at keeping users protected, but sometimes that isn't enough. You need to be astute and pay attention when installing and clicking things.
- Is opensea a marketplace or a NFT registry ?
Both. You can buy and sell NFTs, thus making it a marketplace.
You can also register NFTs, but it's debatable on when an NFT is actually registered.
if its a registry, is it centralization on a decentral network?
Both.
It's centralized because the Front End interface is ultimately controlled by Open Sea. They don't have to list your NFT and they might ban certain NFTs from existing on their website.
It's decentralized because when the NFT is minted via a smart contract on the decentralized ethereum network, the NFT exists in your wallet in a decentralized manner.
What I'm saying is that after you mint your NFT and have it in your wallet, you can go to other dApp marketplaces and interact with your NFT there, as long as the other marketplace dApps can read NFTs generated by OpenSea's smart contracts.
Do I even own the nft listed on opensea? or does opensea own it and internally just updates the owner address in a registry?
If it exists in your wallet. You own it. Otherwise it's just a dApp saying you own it.
(if opensea upgrades it’s proxy contracts, does it have the ability to destroy my assets?)
The Open Sea contracts are here https://etherscan.io/accounts/label/opensea
I'm not exactly sure how Project Wyvern Proxy Registry works, but here's an answer to that from reddit. https://www.reddit.com/r/opensea/comments/a3tax6/opensea_security/
Excellent question /u/ProficieNtOCE! OpenSea uses the Wyvern Protocol, an (audited, battle tested) system that creates a personal proxy contract for each user. We don't control the proxies that get created, and you have to approve access to each ERC721 contract individually (and some contracts, like CryptoKitties, you have to approve each asset individually) before the proxy can access any of your assets.
Once a proxy contract is approved, you can sign orders indicating that you are willing to sell a given asset for a specific price. The logic of the exchange contract only allows it to transfer an asset from your proxy only if A) you have signed an order, and B) it is properly matched by a buyer paying the appropriate funds. So not only does your asset never leave your wallet, it's only allowed to be swapped if an order you create is properly matched.
So, the bottom line is: you're granting extremely limited access initially. Then, as you start making listings, you grant further limited access on an as-needed basis. The proxy addresses are created programmatically and can't be changed.
are the opensea contracts open source? (can’t seem to find on github)
I hope this helps. I think it's great you are being security minded when it comes to these things. Personally I do not think OpenSea will try to do anything malicious. It's a long term project with a great team.
