On the surface, NFTs may look identical to the millions of other images that exist on the Web. But underneath the hood, they comprise a rich network of interconnected code and data commonly known as smart contracts. Despite their somewhat misleading name, smart contracts are small computer programs that have been deployed to blockchains like Ethereum and Tezos. Smart contracts are composed of code and data. The code — basically a set of functions — can manipulate the data that is stored with the contract. This allows smart contracts to create and manage NFTs and other types of tokens independently.
Crucially, a smart contract’s code cannot be changed once it has been deployed. There are some ways around this, including proxy smart contracts, but once a piece of smart contract code has been added to the blockchain there’s no practical way to stop or delete it. The code runs autonomously, forever. Smart contract data can be updated and changed. But even when this data is updated, the old version is still saved — data updates are included in blocks on the blockchain, so older versions of the data can be found by looking back through the chain.
As a result, NFTs are Janus-faced — while their data is publicly available, their functionality is only executable under certain conditions, by certain people. An NFT’s image, for example, is open to anyone. But to transfer an NFT requires executing code, which demands special permissions from that NFT’s owner. Like humans interacting with a blockchain application, smart contracts can send transactions to other contracts, and even transfer ETH and tokens.
Together, smart contracts form a giant network of computer programs that can interact with each other, speak the same language, and access the same data. This network of smart contracts is the foundational layer of NFTs.
What makes an NFT?
From a technical perspective, an NFT can be boiled down to a few key elements:
There are many different ways to structure NFT smart contracts to achieve this minimum necessary functionality. But, over time, standards have emerged that define a set of functionalities that form the basis of a new NFT project. In 2018, the ERC-721 standard was introduced as a way to create and manage unique, 1/1 NFTs on the Ethereum blockchain. It remains the most widely used NFT standard. Most implementations of ERC-721 use a relatively simple means of tracking NFT ownership. When an NFT collection is first created (minted), each NFT is assigned a unique ID; so an NFT collection of 10,000 can create IDs from 1 to 10,000. Each of these unique numbers represents a different NFT in the collection. NFT smart contracts include a record of which address currently owns each unique token ID.
The ERC-721 standard also introduced common “transfer” functionality. To transfer an NFT from one address to another, the smart contract code first checks to make sure that the sending address actually owns the NFT, then updates the smart contract’s record to show that the token ID is now owned by a different address. ERC-721 and other standards are starting points for developers who are building an NFT collection. They can then add their own functionality in addition to the standard functions to customize their collection. Most of the largest NFT collections on Ethereum were built on top of the ERC-721 standard and employ the same basic functionality. This common foundation makes most NFTs interoperable across marketplaces and with other types of smart contracts.
Into the metadata
While an NFT’s token ID is tracked on the blockchain itself, its metadata need not be stored on-chain. The metadata is a collection of data, typically in JSON format, that includes details about the NFT such as its title and traits. NFT metadata also typically includes a link to an image or video to be shown in the browser when people view an NFT. The original version of the ERC-721 standard did not include a field for a token’s metadata. Instead, a later extension defined a method for fetching it.
The {tokenURI} function allows smart contracts to return metadata for specific NFTs. This metadata is typically accessed by calling an NFT smart contract’s {tokenURI} function, which is a public function callable by anyone. As the name implies, the {tokenURI} function usually returns a URI. This URI can then be called or entered into a browser in order to return the NFT’s metadata. For example, calling up this SuperRare contract’s {tokenURI} function using the token ID 1154 returns this URL. Calling this URL then returns the following metadata, in JSON format, that includes details about the NFT’s name and creator, as well as a link to the NFT’s image. This is what apps and websites use to display the NFT on the front end.
Although it provides guidance for how to interact with an NFT’s metadata, the ERC-721 standard does not dictate how (or where) that NFT’s metadata should be stored. It might be stored on a centralized server, via decentralized file storage like IPFS, or else on the blockchain itself using smart contract data storage.
If the {tokenURI} function points to a centralized server, the data could feasibly be manipulated off-chain. Using IPFS ensures that the data cannot be manipulated and is restorable by any user. This is one reason why it’s important to have services like ClubNFT that back up NFT images and metadata.
There is now a growing movement of fully on-chain NFTs like Nouns, Blitmap, and Chain Runners, that store NFT metadata on the blockchain itself. Although the {tokenURI} function can return a URI, it can also return any arbitrary piece of text. On-chain projects take advantage of this by returning encoded strings of SVGs (scalable vector graphics) and other forms of HTML that can be rendered and displayed in a browser. One of the limitations of on-chain storage is cost, and therefore projects that use it only store relatively small amounts of data. However, fully on-chain NFTs are gaining in popularity with collectors who value data permanence.
Interacting with smart contracts
To interact with the blockchain, you need a unique address to serve as a wallet through which to send and receive cryptocurrency. But smart contracts also have their own addresses and can therefore send and receive crypto payments independently. One way to interact with smart contracts on Ethereum is to send transactions using a MetaMask wallet. In order to mint an NFT you will need to sign a transaction using your wallet, which will then execute a function in the NFT’s smart contract.
But you can also interact with smart contracts through interfaces like Etherscan, which allows users to see and execute all of a contract’s functions. Selecting “Read Contract” on the Etherscan page for SuperRare’s SUPR NFT contract returns a list of all the functions that allow you to access the contract’s data. Some functions also allow you to enter input data. The {ownerOf} function allows you to enter any token ID to see which address owns it.
The contract also has a set of functions that may be accessed by selecting “Write Contract.” This prompts a “Connect to Web3” message because you need to send a transaction to execute this functionality. Some of these functions are also only callable by certain addresses. For example, the {acceptBid} function will not work unless the transaction is initiated by the address that owns the NFT in question.
The Web of NFTs
NFT smart contracts can also interact with other smart contracts. This web of smart contracts effectively increases NFT utility, creating a rich world of experiences that are unlockable by NFTs. By far the most widely used NFT applications are marketplaces like OpenSea and LooksRare. These platforms deploy their own smart contracts to allow NFTs to be bought and sold. Marketplace smart contracts typically allow users to list NFTs for sale and place bids on NFTs. These contracts can call an NFT’s transfer functionality in order to transfer an NFT from a seller to a buyer. But in order to execute that function, the smart contract must obtain the seller’s cryptographic signature as evidence that they approve the transaction. A marketplace contract will check to make sure that the seller owns the NFT and has signed off on its sale at a given price before accepting any offer.
Typically, marketplace contracts have limited permissions. And although marketplaces can delist NFTs, thereby removing them from the marketplace, they can’t actually remove an NFT from the blockchain or change its tokenURI or metadata. For example, OpenSea’s marketplace smart contract has limited “write” functions. It can match buyers and sellers and transfer ownership of NFTs, but it cannot edit the NFT itself. However, it is important to check what functionality third-party contracts have access to before interacting with them, since malicious contracts have been used to trick users into transferring their NFTs on false pretenses. Indeed, malicious smart contracts are sometimes created to look like well-known smart contracts in an attempt to trick users and steal NFTs. One example of this is the February 2022 OpenSea phishing attack, where users were tricked into signing transactions for a malicious smart contract by what appeared to be a legitimate message from OpenSea.
Always take care when interacting with third-party smart contracts to make sure they originate from a legitimate source.
Beyond marketplace contracts, there are a number of other smart contracts that can interact with NFTs. For example, fractional.art lets you fractionalize your NFTs and sell them in fragments. While oncyber has created virtual NFT galleries that are themselves NFTs with their own smart contracts. Meanwhile, JPEG’d, NFTfi, and other platforms let you use NFTs as collateral to take out loans, deploying smart contracts to escrow the assets.
Although NFTs have matured in many ways over the last few years, NFT technology is still in its infancy. As the infrastructure around NFTs continues to build up, collectors and artists stand to benefit from growing connectivity between different projects and platforms. Due to the interoperable nature of NFTs, new smart contracts and tools that help one NFT collection can also potentially help many others. Given the infinite number of possible smart contracts, the NFT web will only grow and grow.
Further information
NFTs and smart contracts are new technologies that are still under development. For more technical information, I recommend the following resources:
Nate Maddrey is a Research Analyst at Coin Metrics focused on blockchain data and technology. He edits the weekly “State of the Network” newsletter and authors long-form research reports covering on-chain and market data. He has been collecting NFTs since 2018.
