I'm trying to create an NFT that can occasionally co-owned by a primary and secondary owner. When the NFT is first created, it will be owned by only the primary owner. So, if a token was initially minted to Alice, both the primary and secondary owner will be pointing to Alice's address. Subsequently, if the primary owner decides to borrow ETH from another person, that other person will become the secondary owner of the NFT.
The role of the secondary owner is like a guardian and he doesn't really own the token. Certain actions the primary owner performs would require the approval from the secondary owner. For instance, if the primary owner wants to transfer the token to another owner address, the secondary owner has to approve it.
A standard multisig contract doesn't work because the owner addresses can keep changing, and sometimes it's just the primary owner only. The logic is different from a multisig contract. This isn't a fractional ownership too because the secondary owner is merely an approval of the primary owner.
Since the standard ERC721 can only have one single address as an owner of each token, I created another contract called TokenOwnership
which contains the state variables address primaryOwner
and address secondaryOwner
. There are also a a few functions in the TokenOwnership
contract to perform this approval by the secondary owner.
When a token is first minted for Alice, it will deploy a new TokenOwnership
contract, assign both the primaryOwner
and secondaryOwner
as Alice's address. Subsequently, if Alice decides to borrow ETH from Bob, the secondaryOwner
will then be set to Bob's address. And when Alice has paid the loan, Bob will no longer be the secondary owner and Alice will become both the primary and secondary owner again.
However, I'm starting to think that this isn't a good idea because there are a few scenarios that can really mess things up:
- When the token is first minted and both the
primaryOwner
andsecondaryOwner
in theTokenOwnership
contract are pointed to Alice, she is the full owner.- She could create a malicious
FakeTokenOwnership
contract, set herself as owner in the state variables of theFakeTokenOwnership
contract and transfer her token to this malicious contract address. - Later, when she borrows ETH from Bob, Bob cannot really stop Alice from performing actions even as a secondary owner because the
TokenOwnership
contract is a malicious one and the operations are different.
- She could create a malicious
- Every functions Alice wants to call on the token needs to be done through the
TokenOwnership
. - Minting becomes expensive because we have to deploy a new
TokenOwnership
contract for every mint.
Is there a better way to design and create an NFT that I'm trying to achieve?