Safe Genesis/NFT Handling
Demonstrating the CORRECT pattern: Genesis tokens are just assets, NOT wallet lifecycle triggers.
The Critical Mistake
A wallet app treated "Genesis" token operations as wallet lifecycle events. Clicking on a Genesis notification silently:
- Deleted the active seed phrase
- Without checking if the address had funds
- Without any explicit confirmation
- Resulting in ~$10,000 of permanent asset loss
🚫 THE WRONG ASSOCIATION:
"Genesis token" → "new beginning" → "create new wallet" → delete old seed
The Correct Understanding
A Genesis token is just an NFT. Period.
- View Genesis = Read metadata from blockchain (read-only)
- Transfer Genesis = Standard SPL token transfer
- Burn Genesis = Standard token burn instruction
✅ NO ASSET OPERATION SHOULD EVER:
- Touch seed phrases
- Create or delete wallets
- Modify key material
- Change wallet settings
Live Demo: Safe Genesis Token View
This is how viewing a Genesis token should work - pure read-only display with standard transfer option:
Safe Pattern: This is a read-only asset view. No wallet/key operations.
Solflare Genesis
GENESIS
A commemorative token for early Solflare supporters. This is just an NFT - it has nothing to do with wallet seed phrases or keys.
What clicking "Genesis" should NEVER do:
- Delete or modify seed phrases
- Create new wallets
- Change wallet settings
- Trigger any key lifecycle operation
What This Demo Shows
✅ CORRECT: Read-only view
The view component fetches and displays token metadata. No wallet operations occur.
✅ CORRECT: Standard SPL transfer
Transfer uses Token Program's TransferChecked instruction. Just a normal blockchain transaction.
🚫 NEVER: Seed phrase operations
No code path in asset handling should ever touch seed phrases, private keys, or wallet lifecycle.
Connect your wallet to try the transfer demo.
What NOT to Do vs Correct Pattern
🚫 WRONG (What Caused the Incident)
// CATASTROPHIC BUG:
function handleGenesisClick() {
// "Genesis" interpreted as "new beginning"
// Silently deletes active seed phrase!
wallet.deleteSeedPhrase();
wallet.createNewWallet();
// User loses all funds
}✅ CORRECT (What We Implement)
// CORRECT: Genesis = just an NFT
function handleGenesisClick() {
// Fetch and display token metadata
const metadata = await fetchNftMetadata(mint);
showNftView(metadata);
// That's it. No wallet operations.
}Implementation
import { SafeGenesisView } from './components/SafeGenesisView';
import { SafeNftTransfer } from './components/SafeNftTransfer';
// View any NFT/token (including "Genesis" tokens)
<SafeGenesisView
token={{
mint: "...",
name: "Solflare Genesis",
description: "Just an NFT badge"
}}
isOwner={true}
onTransferInitiated={() => openTransferModal()}
/>
// Transfer uses standard SPL transfer
<SafeNftTransfer
mint="..."
tokenName="Solflare Genesis"
onTransferComplete={(sig) => toast.success('Transferred!')}
/>Asset Handling Checklist
- View operations are read-only (fetch and display)
- Transfer uses standard SPL Token instructions
- App uses wallet adapter (never sees private keys)
- No code path touches seed phrases or key material
- Clear comments explain the safety pattern
- "Genesis" is treated as any other NFT name - no special behavior