Creator vs. Owner Permissions

In the ART20 framework, there is a distinction between the creator of a collection and the owner of certain capabilities or objects:

  • Creator: Typically the address that initializes the collection via mint_art20(...). The creator has special privileges such as updating metadata (if is_mutable = true) and managing the deny list (if allowed).

  • Owner (of Specific Objects): Some functionalities rely on who currently owns a specific capability or object. For example, CollectionCap objects grant privileges to mint more NFTs, update value sources, or manage collection-level parameters.

Implications for Security:

  • Minting Control: Only the creator or an entity holding the CollectionCap can mint additional NFTs, preventing unauthorized expansion of supply.

  • Metadata Updates: If the collection is mutable, only the creator can perform updates, avoiding unauthorized changes to the NFT’s identity or valuable attributes.

  • Deny List Management: As long as the creator maintains deny list authority, they can dynamically respond to security threats or compliance needs.

Last updated