As we know, we can call
tokenByIndex to retrieve a
tokenID by giving its
index on an enumerable ERC721. Pretty basic stuff.
tokenByIndex to “the public” allows anyone to iterate through our entire token supply and discover all known entities (by first calling
totalSupply to get the index range). In certain cases, this may make sense and is fine (who cares if we know every address that owns a CryptoKitty!?), but in others, could create a privacy risk. This also assumes that the
index !== tokenID and we’ve taken steps to make our
tokenIDs non-sequentially unique.
Any thoughts on extending
tokenByIndex to only be callable by the contractOwner? Any reason one shouldn’t do this?