The Technical Structure of NFTs Explained

What Are Non-Fungible Tokens?

Non-fungible tokens (NFTs) are achieving widespread recognition far beyond the crypto-community circles from which the technology first emerged. NFTs have made news headlines by selling for incredibly high prices and have introduced millions of people to a new concept and model of what constitutes digital art. Suffice it to say: The NFT revolution is in full swing.

As each NFT is coded to be individual and unique, NFTs are particularly adept at representing assets like art, collectibles, and other rare one-of-a-kind items. This has far-reaching implications in the worlds of visual art, the music industry, and gaming, with more use cases emerging by the day. It’s clear that NFTs can enable a plethora of digital assets to exist on the blockchain — but what exactly does that mean?

Does NFT Art Really “Live” on The Blockchain?

The first and most crucial component of an NFT is the unique ID that distinguishes it from every other token. The most popular iteration of NFTs — built on the ERC-721 tokenization standard — is supported by an Ethereum smart contract that records any transfers or changes in ownership of that particular NFT.

Another fundamental feature of NFTs is their ability to link to data outside of their smart contracts, referring to data that exists off-chain. It is technically and financially inconceivable to host a large file, such as a piece of digital artwork, natively on-chain in a blockchain environment. It has been estimated that storing one gigabyte of data on the Ethereum blockchain would cost about 17,500 ether (ETH) (an approximate equivalent of $35 million USD as of June 2021). For this reason, NFTs must be able to reference off-chain data, which also means that the artwork a particular NFT represents must exist elsewhere. The NFT that indicates the provenance of an asset lives on the blockchain, but the asset itself typically does not.

The Intricacies of Hosting NFTs Explained

Because it can’t feasibly reside on the blockchain, the content that a particular NFT references — whether it be an image, an audio file, or any other type of data — must be hosted online somewhere, so that when you make a request for the content at a particular location, the content is then returned and the image, for example, is displayed on your web browser. NFTs must then point to an HTTP URL on the internet, or perhaps to an InterPlanetary File System (IPFS) hash. So who is responsible for hosting the data online?

In either case, the HTTP URL or IPFS gateway is typically hosted by the website that hosts the NFT, and usually points to a JavaScript Object Notation (JSON) metadata file for a particular NFT artwork rather than the artwork itself. In other words, you’re buying a certificate of ownership and authenticity, not the artwork itself. The metadata inside each NFT exists as a permanent, unalterable record on the blockchain. This record describes what the token represents, similar to a certificate of authenticity, as well as the token’s ownership history and transaction record. The JSON metadata file also contains the name, description, and URL where the image is hosted. It could also contain a timestamp, information about the artwork’s total supply, the type of encryption used, and the artwork’s unique signature.

What this boils down to is that the owner of an NFT essentially owns a metadata file that only points to a piece of art, which is often publicly viewable online.

Challenges With NFT Structure

So we know that an NFT-associated artwork must be hosted somewhere. Let’s explore a few of the options for where. Regular HTTP web addresses are relatively vulnerable hosting mechanisms because the server owner could easily change the content of a particular address to whatever they like. This is a problem inherent to centralized server hosting, which can present a single point of failure for file hosting; a malicious server owner could conceivably single-handedly alter a file. It’s becoming more common to host NFT-associated content using IPFS rather than traditional HTTP addresses.

IPFS — a system designed for hosting, storing, and accessing data in a decentralized manner — provides a solution to this vulnerability in the form of content addressing. When a file is stored on IPFS, it receives a unique content identifier (CID) hash that links to the data in the IPFS network. The CID hash allows someone to find data based on its contents, rather than the traditional method of finding data by its location on a server. Further, if anyone were to alter the data or content, it would break the original unique CID link, generating a new one. This prevents content from moving from one place to another, and prevents someone from changing a data file once it has been uploaded and its CID has been generated.

Some have also raised concerns about the seemingly precarious nature of NFTs, cautioning that the URLs that some NFTs point to may one day disappear, say, if the website that hosts them goes out of business. Similarly, some speculate that those who have invested large sums of money in particular NFT artworks that must inevitably be hosted somewhere will have a vested interest in keeping afloat the NFT marketplace from which they purchased their NFT; they may even be inclined to bankroll the marketplace so their NFT doesn’t disappear. Such a dynamic could foster a situation in which the value of the art is tethered to the value of the platform hosting it.

Even IPFS gateways, which are arguably safer than URLs, are operated by entities like NFT marketplaces that serve as IPFS network nodes, which must intentionally keep the gateway live. If a marketplace were to go under, there could be little reason to think it would keep the IPFS gateways intact.

To combat this vulnerability, an NFT owner could choose to host their own IPFS node and serve the IPFS gateway, but many NFTs — by nature of their metadata, which is what an NFT owner actually owns — point to an HTTP gateway URL rather than the IPFS CID hash itself. As a result, if that HTTP gateway URL ever lapses and becomes an available domain, someone could purchase it and host something else there, which would result in your NFT pointing to the new content. Of course, this scenario is somewhat easily avoided by including the IPFS CID hash in the NFT metadata rather than its HTTP gateway URL counterpart. This is an important consideration for those minting NFTs with longevity in mind.

Further, using an IPFS CID to retrieve a copy of the relevant data, or artwork content, on the IPFS network is only possible as long as at least one copy is being broadcast to the network via an IPFS node, even if it is not hosted by the original provider. Simply requesting the data will produce a temporary local copy on the requester’s device; but in order for it to persist permanently, an individual node operator must choose to “pin” the data. This design mechanism makes the likelihood of a particular piece of data disappearing entirely much less plausible, though still not impossible.

These critiques about the fragility of NFTs deal largely with the current structural methods of minting, hosting, and selling NFTs among particular marketplaces, rather than the concept of NFTs themselves. As a new technology, best practices should develop through some degree of trial and error that could make NFT technology much more foolproof and secure.

NFTs: A Living Experiment

A number of NFT artists have raised concerns about the structural integrity of NFTs, and even performed publicity stunts to highlight certain vulnerabilities. For example, crypto artist Neitherconfirm listed 26 instances of NFT artwork for sale on the OpenSea digital marketplace, only to later swap the original images that the NFTs pointed to to photos of carpets. This evoked the dreaded “rug pull” concept as a commentary on some NFTs’ current fragile structure.

This prank serves as a reminder that a provably unique and forgery-resistant non-fungible token that exists on a highly secured, decentralized blockchain network is all for naught if the NFT artwork isn’t protected against the vulnerabilities of centralized web hosting.

The underlying structure of NFTs is continually being developed. The NFT standards and implementations of today will likely continue to be honed well into the future as their form becomes more optimized. While technology like IPFS presents an improvement over regular (i.e., centralized) HTTP web hosting, further developments will likely emerge that continue to refine the security and overall landscape of NFTs far into the future.