Thanks for the candor and nice to meet you.
1. Are you relying on the community maintained version of 0x or do you have your own implementation? (I ask b/c the community version has 1155 support). If you have your own are you merging community security updates?
Hawku uses a version of 0x deployed on Polygon by members of the 0x team. The contract is located here: Exchange | Address 0x0c58c1170f1ded633862a1166f52107490a9c594 | PolygonScan.
This contract (and its proxy contracts) are open-sourced and verified on Polygonscan and have had the owner/controller address burned so they cannot be modified. All approvals for ERC20s and ERC721s are made to that contract and its appropriate proxies.
All smart contracts Hawku use are open-sourced and verified. (OS uses a 0x contract too but for some reason it is not verified).
You are correct that the contract does support 1155 support and we will be using that when we implement 1155’s.
- If its the later how are you addressing the 0x04 venerability. I know that the core team has addressed this but the “revert with error” solution could theoretically cause a meta revert if it happens during a meta update from the LG server. How would you solve this? (polygon does not guarantee block order)
Our contract uses a 0x V3 deployment and was deployed by the 0x team in August 2021. The issue you have listed was from the V2 version from 2019 (aka 3 years ago). I have confirmed with the 0x team today that this does not appear to be an issue with the V3 version. To be clear - The V3 version has been battle tested and is currently used by multiple services like Uniswap, Opensea and Polygon.technology. Should an exploit be found our system can instead switch to an updated version of that contract (but given how prevalent the 0x contract is, honestly the whole ETH ecosystem would be in a world of hurt at that point).
As for Meta-reverts, if you are referring to 0x Meta-transactions, we are not using those at this time for our marketplace. If you are referring to something else, please let me know with some more information.
- Will you be pulling listings down as soon as they are locked into the game to prevent floor price manipulation?
I have addressed this in a previous comment so refer you to that comment. Thx!
- Would you be open to an upfront payment then a sub 1% fee? We believe that over the long run this would take much less of the value away from the community.
I am addressing the fee more specifically in a separate post.
As the founder of a gaming marketplace that already has multiple games up with live data, I can tell you that the work is nowhere near done when the first version of the marketplace is up. Games are constantly changing and adding new requirements and users are constantly asking for new functionality. It is very different from a standard PFP/art/avatar marketplace. Expecting that to be mostly handled in a one-time up front cost would be a poor financial decision for either the game - who would then need to continually pay additional development costs for upgrades or risk having no updates, or the developer who would be saddled with a perpetual amount of extra work without compensation.
1. Will the site have any advertisements or links to other community’s collections that would take a user away from the CU marketplace?
As mentioned in the proposal, we are not doing sponsored advertising at this time for the reasons listed in the proposal. In short we do not believe it is a good experience for the marketplace participants and allowing the seller to give context will end up being a venue for scams and spam that would need (likely human) resources to be continuously moderated.
1. Will you be open to doing any fully custom work for CU market like displaying the full decoding of the major, minor, and recessive genes or displaying a family tree for a Unicorn? (for a fee)
Our platform allows for a TON of configurations. We can include multiple types of parameters per token including both mint and updating parameters. The parameters you list I believe should be supported.
Hawku already handles family relationships (including searching by parent attributes) for ZED. You can see it live at That's All Folks!. Click on the filter button to filter by parent or click on any horse and the “family” tab to see the family information. We are adding this right now to our v2 platform and should have that ready by the end of this month. There are some other fun features we will be adding to that as well.
- How are you addressing the honeypot risk on the escrow contract? Is there any fraud detection system in place? Are you running a pausable contract?
Since we are using the 0x protocol, there is no escrow. Everyone’s tokens are held in their own wallet until sale. Again - we do not put any token into a separate escrow account. Like you, we agree honeypots are really bad. And yes, we do have multiple precautions including pausability capabilities.
- For upgradable contracts: can you provide a list of all persons and systems that have access to the private key(s) and how they are secured during deployment and otherwise?
The only contract that has authorization to transfer people’s NFTs or ETH is the hardened 0x contract. The owner of that contract has been burned and those contracts are completely immutable. We have no control over that contract and just call the 0x methods. We do not like upgradable contracts that are granted token approvals for the security risks they possess.
1. How do you secure our personal data? Do you sell it to anyone? Your [privacy policy](https://www.hawku.com/v2/privacy) indicates that personal data can be sold for advertising purposes. If it is, can you tell us who it is sold to (or provided to for advertising)?
We do not share personal data nor sell it for advertising. Our business model is based on marketplace fees and not paid advertising. We do use Google Analytics and they may inadvertently use the IP address of someone so we decided to be extra cautious. Adding personal information (like email address) is completely optional and up to the user. We have plenty of people using our site where we have no identifying information besides information held in their public wallet.
Thanks for the questions and hopefully this answers them!