Privacy Issues with tokenByIndex?

As we know, we can call tokenByIndex to retrieve a tokenID by giving its index on an enumerable ERC721. Pretty basic stuff.

However, exposing tokenByIndex to “the public” allows anyone to iterate through our entire token supply and discover all known entities (by first calling totalSupply to get the index range). In certain cases, this may make sense and is fine (who cares if we know every address that owns a CryptoKitty!?), but in others, could create a privacy risk. This also assumes that the index !== tokenID and we’ve taken steps to make our tokenIDs non-sequentially unique.

Any thoughts on extending tokenByIndex to only be callable by the contractOwner? Any reason one shouldn’t do this?

1 Like

I’m not really sure I understand what your concern is, as I see things - regardless of this method being public or not anyone can just simply access this information through the layer itself i.e through a synced node.

1 Like

Tell me more… are you saying it’s trivial to discover tokenID <-> ownerAddress mapping even without the tokenByIndex method?

1 Like

I mean, I’m not saying it’s like “let me press my getAllyourData button” hahaha - What I’m trying to say or rather - the point that I’m trying to make - is that , in my opinion, this doesn’t fix your privacy concern it just adds some overhead to the operation.

I’m pretty sure you could use something like TheGraph (to name something specific) for this exact purpose.

2 Likes

Fair. Your point is obfuscating one method is kind of pointless unless you go whole-hog and shut it all down… thus making it non-standard.

Edit: further, you’re totally right: best you’re gonna get is adding overhead to standard interfaces, but since it’s all out there anyway, things like TheGraph make it near-trivial to mine the data you’re looking for. So, if on-chain privacy is a concern, perhaps either wait until zk-proofs are better developed/understood/used, re-think what it is you’re building, or accept the world as-is. A LESSON WAS LEARNED. Thank you, @Madness.

2 Likes

Glad that was useful! As a rule thumb just assume everything you put on-chain is public.

1 Like

+++ to this :point_up:.

You can use access control to limit the conditions for writes, but everything can be read.

2 Likes