Prevent users from minting NFT directly from Etherscan

What are some methods to prevent or obfuscate a user from minting an NFT directly from Etherscan?

My smart contract's mint function takes in an IPFS hash as a parameter and sets it as the token uri. Typically the function should be called from a client app and a valid IPFS hash should be passed in. I realized however, if a user mints a token from Etherscan, they can pass in any random string and still successfully mint.

I understand that there is really no incentive for a user to supply a random string for a token uri because they are essentially paying a gas fee for an invalid token. I am just wondering if there are ways to further prevent this.

You could implement a lazy minting function that requires a signature from someone with a minting role to be called (like is done here).

Your NFT application could have a backend service that validates that the IPFS hash is valid before signing the calldata and returning it to the user's browser for them to then submit the transaction to the network.

Downside is that you have to maintain a persistent server for validating and signing the calldata for the users of the app but it would accomplish what you are looking for.

1 Like