Non Fungible Token (NFT) platforms must secure Metadata in their ERC-721/ERC-1155 implementations

Off-chain metadata vulnerability plagues current generation NFT platforms

NFT’s are an emerging niche in blockchain

The most common question we get when talking to people outside the crypto community about Showcase and other NFT platforms is “What is the NFT itself though?”

Basically it’s a smart contract that points to a series of metadata, usually including an artwork in the form of an image, and provides information about supply, authenticity, and provenance. It’s comparable to a digital certificate of authenticity that cannot be easily destroyed, because it is secured on the blockchain.

However, this is not actually the case for some NFT platforms. There is an implementation related security risk where the metadata that you think is stored on the blockchain may not actually be stored on the blockchain that the NFT contract is deployed on, and it may be relying on a centralized server to function. This is mostly a result of high fees for on-chain data storage.

The ERC-721 protocol provides a standard interface for non-fungible tokens. This protocol is used for the vast majority of NFT platforms in the gaming and creative spheres. The metadata extension of ERC-721 allows your smart contract to be referenced for its name and for details about the assets which your NFTs represent¹.

Part of this interface is the TokenURI function, which returns a URI pointing to a JSON file that contains data such as the link to the image.

OpenSea is a popular NFT marketplace

The problem is that the server hosting the JSON file is often a centralized web server. Popular NFT marketplace “OpenSea” has released an API (see below) that allows NFT platforms to host the metadata on a centralized server using centralized databases². In the event that the NFT platform goes out of business the metadata JSON files could be lost, rendering all the NFT’s useless and removing the connection to the image artwork or item.

As we have predicted since we first conducted deep research into NFT standards in early 2019, this issue has finally manifested with a large NFT platform.

Editional was an NFT creation platform that had been used to create more than 100,000 NFTs

NFT project “Editional” recently closed and “sunsetted” their popular mobile application for creating NFTs. Editional had previously been used to create more than 100,000 NFTs. In the blog post linked below you can see that the metadata URI’s are stored on their servers, and they may or may not be able to host them in the future with the unfortunate business circumstances³.

At Showcase we have implemented two primary features into our ERC-721 smart contracts which can be used to secure an NFT without centralized servers.

  1. We store all text formatted metadata on-chain.
  2. We store a checksum of the image artwork on-chain.

With these basic mechanisms implemented, in the event Showcase goes down permanently a user will still be able to prove that their NFT is associated with a certain artwork image that they can download by referencing the checksum. And extra text metadata like descriptions and creator information will be kept alive on-chain.

Matic network is a top Scaling solution that can be used to keep more NFT metadata secured on-chain

In order to speed up these integrations and reducing fees, we would urge NFT platforms to consider using scaling solutions. Perhaps the best currently available Ethereum scaling solution is Plasma protocol. We would recommend our friends at Matic Network as an excellent implementation of a scalable Solidity and Ethereum compatible blockchain that can be used to reduce fees and keep more metadata on-chain.

We are looking forward to seeing more NFT platforms adopt similar mechanisms, and we will strongly advocate for them in the community, because we predict that if this issue arises in the future with a more prominent exchange or marketplace and users suffer significant financial losses from lost NFT metadata it could create a negative attitude towards NFTs as a whole, within the blockchain sphere at least.

Submitted by: Meir Bank, Showcase team







Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store