How to DeRug a Solana NFT Collection - Updating NFT Authority
Terminology
- Update Authority (UA): The wallet address that has the power to modify an NFT's metadata.
- Creators: The list of wallets that are attributed as the creators of an NFT and can receive royalties.
- Metadata: The stored data related to an NFT, such as its name, image, and attributes.
- Unverify Creator: The process of removing a wallet's verification as a creator, necessary before updating metadata.
- Mint: The unique identifier (public key) of an NFT or NFT collection on Solana.
Introduction
Let's take a scenario where you gain access to an NFT collection owned by someone else. In this case, it is not very safe to keep it as is. The previous owners still have access to the NFTs, royalties, etc. So what should you do? In this article, I'll show you my approach to handling this issue.
In my case, it wasn't exactly derugging a collection. Instead, I helped the Trippin' Ape Tribe NFT collection migrate all their NFTs to a new Update Authority wallet to ensure the previous developers no longer had access to them.
My Environment:
- Language: TypeScript
- Tools: Multiple @metaplex-foundation tools (check imports for details)
Find all functions in this GitHub repository: https://github.com/carson2222/sol-tools
What We'll Be Updating
To ensure the NFT collection is fully migrated to the new authority wallet, we will update:
- The new update authority
- The new creators
- Verify/Unverify creators
This process needs to be done both for the collection itself and for each individual NFT.
Migrating Collection Authority
Initializing Wallets
First, we load two wallets and initialize a Metaplex Umi instance with them. The first wallet is the current NFT authority owner, and the second one is the new authority. Make sure both wallets have some SOL for transaction fees. Your wallet-loading method may vary depending on how your private key or seed phrase is stored.
For security reasons, I use a private key stored as a string in my .env file.
const privateKey = process.env.OLD_UA_SECRET_KEY as string;
const umi = createUmi(process.env.RPC as string, "confirmed").use(mplCore());
const signer = umi.eddsa.createKeypairFromSecretKey(bs58.decode(privateKey));
umi.use(signerIdentity(createSignerFromKeypair(umi, signer)));
const privateKeyNew = process.env.NEW_UA_SECRET_KEY as string;
const umiNew = createUmi(process.env.RPC as string, "confirmed").use(mplCore());
const signerNew = umi.eddsa.createKeypairFromSecretKey(bs58.decode(privateKeyNew));
umiNew.use(signerIdentity(createSignerFromKeypair(umi, signerNew)));
Setting Constants
Update mint with the public key of your collection. Since we are setting the new authority to the second wallet initialized, newAuthority remains as is.
If you want the new UA wallet to receive 100% of the royalties, leave the configuration unchanged. Otherwise, add more elements and adjust the share percentages, ensuring the total sum is 100%.
const mint = publicKey("DmL46V46U5VM4UgrJbVQvWhVyD1zjZGGVRWeMv46eWt9");
const newAuthority = signerNew.publicKey;
const newCreators = buildNewCreators([{ address: newAuthority.toString(), share: 100 }]); // Sum of shares must be 100%
Loading Collection Metadata
const initialMetadata = await fetchMetadataFromSeeds(umi, { mint });
Unverifying the Old Creator
On Solana, you cannot remove a wallet from receiving royalties while it is still verified. To unverify it, you need access to this wallet.
In this example, I assume there is only one verified creator—the UA wallet. Adjust the code if needed.
let tx = await unverifyCreatorV1(umi, {
metadata: initialMetadata.publicKey,
authority: umi.identity,
}).sendAndConfirm(umi);
Migrating the Authority & Creators
Here, we update the metadata to set the new authority wallet and apply the new creator structure. If you want to change other metadata properties, update the object accordingly.
Be sure to include all existing metadata fields when updating, or you might accidentally reset the entire data object.
tx = await updateV1(umi, {
mint,
authority: umi.identity,
data: { ...initialMetadata, creators: newCreators },
newUpdateAuthority: newAuthority,
}).sendAndConfirm(umi);
Verifying the New Creator
tx = await verifyCreatorV1(umiNew, {
metadata: initialMetadata.publicKey,
authority: umiNew.identity,
}).sendAndConfirm(umiNew);
Migrating NFTs Authority
Since a collection is technically an NFT, we will repeat a similar process. However, we need to do this for EVERY NFT in the collection. Doing this manually would be inefficient, so we automate the process.
Getting a List of All NFTs
There are multiple ways to retrieve all NFTs in a collection. My approach was to load all assets owned by a specific wallet and then filter them by symbol to target the ones I wanted to update.
const assets = await fetchAllDigitalAssetByOwner(umi, signer.publicKey);
const filteredAssets = assets.filter((el) => el.metadata.symbol === "ReSHAPE" && el.publicKey != collectionMint);
Then, we loop through the filtered list and repeat the same steps as we did for the collection:
- Unverify the creator
- Update authority and creators
- Verify the creator
Summary
In this guide, we covered how to migrate an NFT collection's update authority to a new wallet, ensuring that the previous owner or developer no longer has control over the assets. We went through:
- Initializing and setting up wallets
- Unverifying the old creator
- Updating the update authority and creators
- Verifying the new creator
- Automating the migration process for all NFTs in a collection
By following these steps, you can safely migrate an NFT collection and secure its ownership under a new update authority.
Conclusion
Migrating an NFT collection's authority is a crucial step in securing ownership and preventing unwanted access. Whether you're taking over a project or assisting in a migration, automating this process can save time and ensure a seamless transition.
If you found this guide helpful, consider checking out the full implementation on my GitHub: https://github.com/carson2222/sol-tools.
Top comments (0)