Today’s blog focuses on reNFT, whose current mission is to provide businesses with rental solutions, and provide users with a frontend platform to rent NFTs. As part of this mission, they recently launched an audit with Code4rena.
We got to chat with Naz, reNFT’s Co-Founder and Head of Engineering to talk more about what the team’s doing, their approach to security, and what they’re looking for from Wardens in this audit. Read on!
What are you building, and what sets it apart in the space?
We have built permissionless, collateral-free EVM NFT rentals. This is a huge unlock for the long tail of NFT use-cases. What I am about to say gets overused in the space without the actual substance, but what we have achieved here is truly a zero to one moment for NFTs. From earning passively with your unused NFTs to unlocking the NFTs staked in protocols. On top of facilitating secure rentals, our protocol is highly customisable for specific per project use cases via hook technology. This is a seismic shift in NFT rentals. We have been working very hard these past 6 months building it and I am very proud of everyone at reNFT for their tireless dedication.
What’s your vision for your project? What are you building towards in the longer view?
Incidentally, we have already been in space for 3+ years. We have started from hackathons where we tested out the reception of the idea of NFT rentals. It was a huge success and ever since we iterated the product with a very small but extremely talented team. I have to pinch myself every time looking back and seeing how much we have done with our team. What we have built now is the ultimate product that we envisaged at the onset of our journey, so I am very excited to see where it takes us now. Immediately after launch I expect us to iterate on the product a lot, we have a ton of features in the pipeline. Moreover, it will be interesting to see how people use our hook technology to customize rentals.
What’s been the biggest challenge throughout the entire process? Did you have any security concerns?
There was no one big challenge. However, a recurring theme was making all the software tooling work well together. A lot of development libraries are in alpha and it’s sometimes challenging to get a single tool to work as you want it to, it’s even more difficult to combine them how you want. A great perk of using them, however, is that every maintainer is incredibly helpful and supporting, and that, I appreciate a lot about our space. When you look past the surface level happenings on Twitter (or X, if you prefer), there are hardcore builders propelling the industry forward no matter what. Back to the tooling, we have built a very solid architecture that will help us maintain incredible stability. Take, for example, our API server, it forks multiple chains at specific block numbers and does rigorous unit and integration testing in our CI pipeline. We have also built a repo that helps us commit the whole stack from commit hashes which performs multiple checks to ensure the deploy is bug free. Our software is a pleasure to work with, which, of course, helps with rapid feature development.
What’s been your security strategy so far, and how has it evolved?
Our previous iterations were minimalist in their design and that helped us maximally reduce the attack surface. Moreover, we have shared our previous contracts privately with very talented smart contract developers. We have seen how effective audits like the ones hosted by C4 can be and couldn’t resist co-operating. The team over at C4 has been incredible at accommodating our short notice deadlines.
Talk more to us about reNFT’s rental infrastructure for the metaverse. You mention that you can build your own marketplaces, use financialization protocols, and a whole lot more — which use case do you think will have the most impact on adoption for a typical gamer?
Undoubtedly that would be renting in-game items / characters from which the renter is priced out or simply wants to try out the experience before committing. A typical triple-A game could cost anywhere from $50 to $100 whereas quite a few of playable NFT characters exceed $1000. It’s natural to need a mechanism here that allows you to experience fully what the game has to offer as if you have actually owned the NFT itself. This is where we come in.
What role do you see reNFT playing in shaping security within the wider web3 ecosystem?
We would like to serve as an example, among many other projects before us, that it is important to take security seriously to minimize protocol risks for your users as much as possible.
What prompted you to engage with Code4rena?
We have spoken with pretty much everyone to assess the best route forward and C4 struck the best balance in terms of the cost, the effectiveness of the audit and many other factors. I am very happy we picked C4, your team is very responsive, fast, friendly and a huge pleasure to work with.
What’s the main focus of this particular audit with Code4rena? Are there any areas you’d like auditors to hone in on?
Anything that causes the rented NFT to either get stuck in the rental wallet or be transferred out of it would be very unpleasant indeed, if possible.
What technical tips would you give to an auditor looking to participate in your audit?
Our chad smart contracts developer made sure to cover the codebase with extensive tests. If I were to audit our codebase, I would start there. It’s also very useful to understand the flow and what goal our smart contracts are trying to accomplish. For that, please see the `docs` folder in the audit repo. It will guide you through the flow of the protocol. The TLDR; of it is: you are an NFT owner, and you wish to earn some money by letting it be used by someone else. You create a seaport order with rental details. Someone comes along and rents the NFT. Now this is where our protocol kicks into force. It might create a gnosis safe wallet for you, or it may use an existing one for this rental. Details are checked, written to storage and NFT gets sent to the renter. It’s crucial that this NFT stays in the wallet for the duration of the rental and goes back to the lender on rent termination.
About reNFT
Maximize discovery, boost engagement, and enhance game economies with the leading rentals protocol.
About Code4rena
The leading web3 security marketplace.
Website | Twitter | Discord | Medium | Docs
reNFT’s audit with Code4rena began on January 8th 2024, and runs until January 18th 2024. More details here.
The Ones in the Arena spotlights emerging and established DeFi projects and their founders, with an eye to celebrating and learning from them. The series’ name is inspired in part by Teddy Roosevelt’s famous quote, which has a central place in Code4rena’s philosophy.
