zahhar
commented
3 years ago Justification: only Admin knows what is valid Collectible metadata to be stored on-chain, particularly Gate_ID that is generated off-chain in the Mintgate app. Nobody from NEAR users (but Admin) knows full set of arguments for creating a Collectible.
So Admin creates a Collectible of behalf of Creator.
Method signature to be expanded with CreatorAccountId attribute.
As of now: any NEAR account can call
create_collectibleandclaim_tokenmethods.This brings the risk that Bad Actor may put any random data to NFT contract paying only for the gas, and cause contract ran out of money for storage, or create too much garbage data inside. Also, Bad Actor can monitor contract and claim any new Collectibles sooner then anyone else claims.
To be: only AdminNEARAccount can call
create_collectibleandclaim_tokenmethods.