I’m reading through the developer docs on creating a token and it looks like multiple tokens with the same ticker can be made?
For instance, if I make the CAR token, it sounds like there can be a number of other CAR tokens out there.
I want to be sure I’m reading all this correctly. If so, this could cause confusion for some users and I’m imagining, if someone is wanting to buy your tokens, you need to be very explicit about being the official version. Tbh, it’s been so long since I’ve dealt with this on ethereum that I am not sure off the top of my head if this is the same policy they employ.
The token name is really the hash of the forging script, part of which is a key that only you have. So no, it’s not possible for someone else to make the same token. If you are suggesting that it’s feasible for the metadata to be identical, then sure, that’s possible because otherwise there would need to be some authority to prevent conflicts (such as ICANN as with domains).
The solution here is similar to that of stakepools. Two stakepools can have the same ticker, as no authority is managing the namespace for the pool names. This is a feature not a bug, as otherwise there would be centralization.
Do you know if there is any available metadata token registry already available on testnet ?
Is there any information on how to build these metadata ?
Using Daedalus 4.0 FC1, and the Cardano Faucet, I got Testcoin in my test wallet. The token displays with its metadata. But when I mint some token, no metadata is displayed in Deadalus. Any hint about it ?
I could create WorldMobileToken with Ticker WMT (which will have a different subject hash) and sell it to some unsuspecting user for half the price that WMT is currently selling for.
It is up to the user to check a difficult to find hash which he has to verify against the real WMT token (which BTW he has to find by searching the same list where my fake token is listed) to check if the token is really the actual token he is expecting.
The minting policy must be unique so rather than going off name alone the hash should be used for identification. However you do not manually need to check this necessarily even though you will always have the ability to do so with a public distributed ledger.
Conceptually if you acquire tokens from the creator and not some 3rd party listing then there is very little to worry about. If a dapp uses a particular token and you use their application common sense dictates you can be reasonably certain they are issuing you the tokens they create.
On the other hand if you download and install malware or go on youtube and follow a scammers instructions to get “discounted tokens”, “free ADA”, or any other nonsense then common sense dictates something else entirely.
Once applications and smart contracts become more mature many of the manual steps and workarounds currently requiring more advanced user skills will dissipate.
We are speaking of supporting users that do not know what ERC20 or ERC721 even mean … in the Cardano universe it should be as easy as buying something on Amazon. If not, the developer has failed. The user should have a better experience than memorizing steps to avoid being scammed.
There’s plenty of fake/knockoff stuff in Amazon that won’t be taken down until someone notices and reports it. The user needs to take responsibility and not blame anyone (Amazon or Cardano) for buying cheap fake stuff.
Given the decentralized nature of Blockchains, we shouldn’t expect or request any party to police. We keep on insisting on “better experience” and we put everyone at risk when doing so. Fraud is always going to be there, so we better educate ourselves and others, and create systems that intrinsically discourage bad actors. That’s what blockchain is all about, abstracting and democratizing trust.
I believe it’s better we educate people than make it “easy” for them. Not saying UX should be hard, but it should make the user aware of their actions, create an easy system of verification, and help them get in the habit of “good practices”: Password manager, 2-factor auth, and most importantly: “read before you click”.
I had a really interesting discussion on Discord about this and thought I would share it here:
Some of the rationale around not making the name unique is to prevent Token Name Squatting, proliferation of NFTs and to not limit future use cases.
Also, people were advocating that (D)Exchanges would create unique tickers in a similar way there can be different stock tickers for stocks with the same name.
I noticed that Binance for instance has gone for the opposite approach where they have unique symbol (Symbol plus 3 characters). To achieve this and to prevent squatting they made the Minting expensive and the verification/listing process prohibtively so.
So, in short, if you want an effectively endless amount of tokens that are very cheap to mint, then the current Native Token Minting method is the way to go.
I still see a bunch of possibilities for fraud though… (Be very careful if someone offers to sell you some WMT tokens!)
