NFT Standards Wiki
  • NFT Standards Wiki READ.me
  • NFT Basics
    • All things NFTs
    • NFT Usecases
    • NFT API
  • NFT License
  • NFT Platforms
  • NFT Metadata
  • NFT Readings
  • NFT Soulbound Tokens
  • NFT Storage
  • Working Group
    • Workflow Basics
    • Events & Discussions
    • Communications
    • Working draft Structure
    • Roadmap
    • Permits NFT Overview
    • New standard suggestions
    • ERC & EIP Related Links
  • Working Group EIPs and Implementations
    • EIP4494 Permits for ERC721
    • EIP 4907 User And Expires Extension
    • ERC Identify NFT Content Type
    • JSON Metadata Standard
    • Permit Singleton
  • Standards
    • ERC721 Non Fungible Standard
    • ERC1155 Multi token
    • ERC725 Smart Contract Based Account
    • ERC721K zero dependencies for off-chain data
    • EIP2981 Royalty Standard
    • EIP5218 NFT Rights Management
    • EIP5606 Multiverse NFT
    • Versatile NFTs
    • EIP165 Standard Interface Detection
    • EIP1046 Metadata extension
    • EIP2309 Consecutive Transfer Extension
    • EIP-4521: 721/20-compatible transfer
    • ERC20 Token Standard
    • EIP3668 Durin Secure offchain data retrieval
    • ERC864 Divisible NFTs
    • ERC998 Composable NFT
    • ERC1633 Re Fungible NFT
    • ERC2477 Token Metadata Integrity
    • ERC2615 NFT with Mortgage and rental functions
  • NFT Standards on L2s
    • Bridging NFTs across layers
    • L2 NFTs
  • Non ETH NFT Standards
    • Ceramics
    • NEAR
    • RMRK
    • Cosmos
    • LUKSO
    • Tron
  • NFT Security
    • ERC-721 Security
    • EIP2612 Signed token approvals
    • Designing secure smart contracts
    • EIP712 Ethereum typed structured data hashing and signing
    • EIP3009 Transfer with Authorization
    • Multisign
    • Permits
    • Salmonella Contract
  • Frontrun bidding
  • Custom NFT platforms add ons
    • Foundation
    • Zora
    • ERC 721A Azuki
    • ERC223 Token Standard
    • Interactive NFTs & Standardising metadata
    • Lazy Minting OpenSea
    • Uniswap v3 NFT
    • OpenSea
  • Music NFTs
    • NFTs Music Overview
    • Music NFT Metadata
    • Music NFT Standards Considerations
Powered by GitBook
On this page
  • Intro
  • Full disclosure
  1. NFT Security

ERC-721 Security

TL:DR just missleading name of function

Intro

The ERC-721 was supposed to have transfer security function to ensure tokens wouldn’t be stuck in recipient contracts that weren't designed to handle them. Safe functions prevent tokens to get stuck that's why we call them safeTransfer. This function may cause reentrancy vunerabilities which means the safeTransfer function in code is not making the contract safe - prevent it from other vunerabilities it's actually unsafeTransfer. This function was initially named as transfer

Full disclosure

"When the ERC-721 standard was being drafted, back in the beginning of 2018, a suggestion was made to implement transfer security to ensure that tokens wouldn't be stuck in recipient contracts that weren't designed to handle them. To do this, the proposal authors modified the behavior of the transfer function to check the recipient for whether they were capable of supporting the token transfer. They also introduced the unsafeTransfer function which would bypass this check, should the sender so desire.

However, due to concerns about backwards compatibility, the functions were renamed in a subsequent commit. This made the transfer function behave the same for both an ERC-20 and an ERC-721 token. However, now the recipient checking needed to be moved elsewhere. As such, the safe class of functions was introduced: safeTransfer and safeTransferFrom.

This was a solution for a legitimate problem, as there have been numerous examples of ERC-20 tokens being accidentally transferred to contracts that never expected to receive tokens (one particularly common mistake was to transfer tokens to the token contract itself, locking it forever). It's no surprise then that when the ERC-1155 standard was being drafted, it took inspiration from the ERC-721 standard by including recipient checks not only on transfer but on mint as well.

These standards mostly sat dormant for the next few years while ERC-20 maintained its popularity, but recently a spike in gas costs, as well as interest in NFTs, means that the ERC-721 and ERC-1155 standards have seen a spike in developer usage. With all this renewed interest, it sure is fortunate that these standards were designed with safety in mind, right?" -Samczsun

Source: https://www.paradigm.xyz/2021/08/the-dangers-of-surprising-code Code: https://github.com/ethereum/EIPs/commit/74dadccc858545aa89edaf6ec1cb5857cd261083

PreviousTronNextEIP2612 Signed token approvals