ERC-6551: What Three Years Building NFT Smart Wallets Has Taught Us

Mango Dogwood
Charged Particles
Published in
7 min readJun 14, 2023

--

NFT Composability Expert Rob Secord gives a deep dive into the fundamentals, features, security, use cases, integrations, and support infrastructure for NFT Smart Wallets.

For many people, ERC-6551 is their first exposure to the concept of using an NFT as a Smart Wallet which can ‘hold and own’ its own tokens — and we’re seeing lots of excitement. We see that folks are beginning to get inspired by what this sort of innovation can lead to in sectors such as identity, DAO tooling, governance, finance, ticketing, onboarding, bundling, and so much more.

As a team that has been dedicated to building this technology for more than three years, we are in a unique position to offer perspective, vision, and support for the greater ecosystem.

Fundamentals

Mango: Thanks for taking the time today Rob. Before we get too deep into the weeds, I think we should start with some basics. What do people really need to understand about NFTs, Smart Wallets, and ERC-6551? How does it all work?

Rob: Well firstly, an NFT doesn’t really exist at all in the sense that most people understand it. You don’t ‘own’ a token in the sense that a token leaves a particular smart contract and goes to your wallet. The smart contract holds all NFTs and simply marks internally who “owns” each NFT and can control it. Much like your bank card doesn’t “hold” your money, it only gives you access to control it.

They aren’t taking 10,000 NFTs and sending 1 of them to your wallet — it’s just that only your wallet is marked as the owner of the NFT. So if you own an NFT, it’s all within that contract. It’s just tracking who owns which NFT by a unique number. To find out the owner of any specific NFT, you have to look into the NFT contract, not into a user’s wallet.

Mango: Got it. And these indexes of token owners are critical to how we build our NFT Smart Wallets too, right?

Rob: Right. What Charged Particles enables is that an NFT can essentially become the owner of its own Smart Wallet, which is exactly what ERC-6551 is doing now. And the whole mechanism behind how that works is by using the ‘ownerOf’ function from the ERC721 standard. Whoever is the ‘ownerOf’ a particular NFT can execute transactions on behalf of that NFT. Certain functions on that Smart Wallet such as the withdrawal function for any tokens being stored inside that NFT, would be something that only the owner of the NFT can call.

Mango: So my Mutant Ape ‘holds’ tokens inside, but only I, the owner, can withdraw those tokens on my Ape’s behalf?

Rob: Pretty much. Your Mutant Ape is linked to a Smart Wallet that “holds” tokens inside. That Smart Wallet will only allow the “ownerOf” a particular Mutant Ape to interact with it (withdraw assets). You Mutant Ape might even be linked to multiple Smart Wallets from various implementations.

Implementation

Mango: So from your perspective, what are some of the major differences between Charged Particles and ERC-6551 in terms of implementation?

Rob: When considering safely implementing NFT Smart Wallets, there are a couple of things that need to be in place to protect people against being rug-pulled — namely that the NFT contracts are not upgradable and that the assets inside the Smart Wallet can be time-locked. Right there you can see potential vulnerabilities with various implementations — upgradeable NFT contracts (or contracts with a proxy implementation) can be manipulated. And without time locks, assets can be drained just before an NFT sale.

If the NFT contract owner decides to upgrade that contract, they could change the code of the “ownerOf” function, making them the owner of every NFT in that contract (remember, you don’t actually hold your NFT, the contract does). Then they could essentially withdraw the assets from every NFT in that contract. They’d be the owner of every NFT. It is really important to understand that the contract owner doesn’t have to transfer the NFTs back to themself, the NFTs are all within the contract already.

Now here is the other main concern; You find a $1 NFT for sale with $5000 USDC held inside of it, so you decide to buy the NFT for a discount of $3000, but just before the sale the owner withdraws the $5000 USDC and you receive an empty $1 NFT. Bots can be set up to do this extremely quickly — you would never notice until after the sale.

With an open standard such as ERC-6551, each implementation would need to be audited with a certain level of scrutiny. At Charged Particles, we vet every NFT on our platform to ensure that they have an “ownerOf” function that’s properly implemented and that the NFT contract can’t be upgraded. In this way, a malicious actor can’t later change that function and release the assets of every NFT in that contract. We also provide the time-locks to ensure safe and secure NFT purchases.

Mango: This really is the kind of awareness we want to bring to people who are considering implementing or participating in projects that may use a newer technology rather than something audited and battle-tested.

Rob: Yep! We have been fully audited and haven’t had any exploitations in our 2.5 years on ETH Mainnet, Polygon, or Polygon zkEVM.

Mango: Any other details that would change how you might approach utilizing NFT Smart Wallets?

Rob: With new implementations come new security concerns and would essentially require security-focused code audits which can be quite costly. Skipping the audits and exposing an exploit could be even more costly and detrimental to a new project.

With our tooling, this isn’t necessary. We can quite simply add existing NFT contracts (that pass the vetting process) to our protocols allow-list. No need to rewrite anything new. We’ve been doing this retroactively for NFTs across the ecosystem.

Features

Mango: Could you explain some of the differences between Charged Particles and ERC-6551 as far as existing features?

Rob: Well, each individual developer wanting to use this 6551 standard, would need to implement their own feature set, set their own rules, and build everything from scratch. Each of these new implementations could mean more potential security vulnerabilities for each new contract.

Charged Particles has a lot of things built-in, including time-locking assets, Aave integration for interest-bearing assets, changing who can or can’t nest tokens inside, liquidity mining within the NFT, Soul Bound NFTs, and others. We’re also deployed on multiple chains and growing!

Also, considering that the underlying NFT doesn’t change and that these 6551 “Smart Wallets” can be attached to existing NFTs, you might end up with 500 different “Smart Wallets” linked to your NFT — but how would you know? With so many different implementations in the wild, how do we maintain a standard for consumer awareness? How do you know “what’s in your wallet”?

At Charged Particles, we provide a simple “window into your NFTs” across multiple chains. We have been working with ERC-721, ERC-1155, and very soon with EIP-6551 as well. We will be able to design it so that any actions taken are vetted and safe. And we have a Javascript SDK for developers to go with it — why reinvent the wheel?

Support

Mango: Keeping the community safe and offering our open-armed support is really what we’d like to make clear here. As folks that have been living and breathing these concepts and this infrastructure, it’s important to us that as these tools scale, people know that they have an ecosystem of support in the Charged Particles Protocol and DAO.

Rob: Absolutely. Stay safe out there frens!

Integrations

Over the years, here are some of the things we’ve done with this tech.

  • Launched on ETH Mainnet with more than 2000 people attending the launch event in Cryptovoxels. Learn More
  • Sold “Pandora’s Box” — a nested NFT with art from more than a dozen artists inside it’s Smart Wallet — for 42 ETH. Learn more.
  • Nested $100k of interest-bearing assets inside a Banana Stand NFT. Learn more.
  • Paragons DAO Launches Vesting Capsules. Learn more.
  • Hosted ETH Denver’s Opening Event — HYDRA. Learn More.
  • Memphis Mural Artist nests $100k of interst-bearing assets in Charged Particles EnDAOment Capsule. Learn more.
  • Preminted more than 1 million NFTs for less than $3 using our ERC-721i. Learn more.
  • Launched our public SDK for developers. Learn more.

And so much more.

About Charged Particles

Charged Particles is a protocol that allows users to deposit ERC-20, ERC-721, and ERC-1155 tokens into NFTs. A scarce NFT (e.g. Art, Collectible, Virtual Real Estate, In-Game Item, etc.) can now be transformed into a basket holding a number of other tokens. The Principal amount can be time-locked inside the NFT, and through integration with Aave’s aTokens, the programmable yield from these DeFi yield-generating assets is just a few clicks away.

Subscribe to our newsletter for DeFi news and resources

Applications of Charged Particles:

DAO Capsules | ✅ Vesting Capsules | ✅ Escrow Capsules | ✅ NFT Trust Accounts | ✅ Gift Baskets | ✅ Improved NFT Index Funds | ✅ Financially Appreciating Artworks | ✅ Nested Bundles of Artworks | ✅ Redemption Tickets | ✅ Creative Crowd-funding Campaigns | ✅ Company Token Promos

Stay in touch with Charged Particles

Website | Docs | Telegram | Twitter | Instagram | Discord | LinkedIn | YouTube | Reddit | TikTok

--

--