As a followup to my hit post on Bitcoin, I’d like to take on another hot topic in the crypto world: non-fungible tokens, or NFTs. I don’t think this is the most important topic in crypto, but I wrote this partly because I couldn’t find a lot of high quality technical discussion about NFTs online and even NFT advocates don’t often seem to understand them. So without further ado, let’s get to it.

What is an NFT?

NFTs are based on the Ethereum blockchain, which is important because Ethereum has a lot more features than Bitcoin that we need to know about. An NFT is a type of smart contract, which is basically a program that runs on the Ethereum blockchain. Smart contracts can store small amounts of data in in storage on the blockchain itself; they typically expose methods that are either executed “internally” to the smart contract and can be run arbitrarily, or that actually run on the ethereum blockchain and require you to pay a transaction fee to execute.

The standard interface for an NFT, which describes the methods an NFT smart contract should implement, was introduced in EIP-721. The EIP (or Ethereum Improvement Proposal, similar to an RFC in other projects) has a lot of detail and I’d suggest reading it and the linked GitHub issue for a better summary of the details of what an NFT smart contract is than I can provide.

The vast majority of NFTs implement the optional “ERC-721 metadata extension”, which lets you assign URIs (uniform resource identifiers, such as HTTP links) to individual tokens. This is where it gets good. What you typically see on a site like Open Sea is a single smart contract with tens, hundreds, or thousands of NFTs associated with it, each with its own ID. When you have the ID for a specific NFT, you can execute the tokenURI method on the smart contract, and get back a URI pointing to a JSON document following the ERC721 Metadata JSON Schema specification:

{
    "title": "Asset Metadata",
    "type": "object",
    "properties": {
        "name": {
            "type": "string",
            "description": "Identifies the asset to which this NFT represents"
        },
        "description": {
            "type": "string",
            "description": "Describes the asset to which this NFT represents"
        },
        "image": {
            "type": "string",
            "description": "A URI pointing to a resource with mime type image/* representing the asset to which this NFT represents. Consider making any images at a width between 320 and 1080 pixels and aspect ratio between 1.91:1 and 4:5 inclusive."
        }
    }
}

Note that the JSON document contains a .properties.image field which points to actual image document for the NFT. My immediate reaction to this was: hold up, doesn’t that mean that the owner of the JSON document can just change the image URI by editing the JSON document for the NFT? The answer is: sort of. The ERC-721 specification doesn’t specify, and if the JSON document is hosted in a central location it would be entirely possible to bait and switch a buyer and change the contents of the document.

That said, most NFTs are hosted with IPFS, or the “InterPlanetary File System”, a distributed file store that I would loosely describe as a cousin of BitTorrent. IPFS files are identified using cryptographic hashes, which guarantees that a change to a file’s contents will give it a different IPFS address. This solves the tampering problem, but for a file to remain long-term on IPFS it needs to either be accessed continuously or have an IPFS user basically act as a central web host to ensure it remains available. There is some theorizing about how to make NFTs basically permanent by storing art on the blockchain itself, but that idea is in the very early stages of fruition and the vast majority of NFTs work by referring to “off-chain” metadata files.

The Case Against NFTs

A couple series issues emerge from this design. I’d break them down into three categories.

The first is the hosting issue that we’ve already discussed. This isn’t just a big problem; I think it’s actually bigger than a lot of people realize. The issue is the JSON metadata file: it creates a double indirection that actually requires that two, not just one, hosted files be available in perpetuity for your NFT to be valuable. I’ve seen research in the past that found that upwards of 90% of all NFTs sold this year have subsequently been broken by missing content, although I haven’t been able to find the source; other reporting I have been able to find agrees that is a major, systemic issue in the NFT ecosystem. This was particularly striking to me, from the start of that article:

Open up the $69 million NFT that Beeple sold at Christie’s, and you won’t find much. The name of the artwork isn’t there. The name of the artist is missing. And crucially, you won’t even find the actual piece of art.

The second issue that I think is under-discussed is the NFT smart contracts themselves. You may notice that ERC-721 is an interface, not an implementation – it only defines the signatures of the methods that the smart contract should implement, not the contents of the methods themselves. There are standard implementations of ERC-721 and other ERCs, but there’s no guarantee that an individual NFT contract will actually use them. In my experience browsing Open Sea NFTs I found there was no guarantee that a given contract would have verified source code on Etherscan (a site with a feature that you can use to preview smart contracts), and Etherscan doesn’t have any way to show if a given token uses a standard contract implementation.

This is sometimes pitched as an advantage. An example of a non-standard NFT implementation you see periodically is that an artist could implement an NFT smart contract that pays them royalties every time an NFT changes hands. On the other hand, I think this leaves the NFT ecosystem highly open to supply chain attacks, where a malicious actor implements an NFT contract that behaves in unexpected ways in order to steal from or otherwise scam a purchaser. It’s hugely problematic and largely ignored that any action for an NFT requires the user to execute untrusted code that they most likely do not have the background to understand even if they wanted to.

This leads to issues besides just possible attacks. Reporting from Vice on why “People’s Expensive NFTs Keep Vanishing” shows that these contracts can behave in unexpected ways when they’re bought by people who don’t understand what’s going on; in the story, a guy finds he can’t access his $500 Elon Musk NFT because it uses a smart contract incompatible with the platform he bought it on. I’d expect these issues to improve over time, but if you’re interested in getting into NFTs right now it’s something to be aware of.

The final issue brings both of the previous ones together. Real fishthoughts fans who read the Bitcoin post may remember “the real world problem”:

A crypto-system can only make strong guarantees about behavior within the crypto-system

The “real world” part comes from the fact that crypto-system security guarantees often fall apart when we move from the system into the real world.

In this case, substitute “security” for “ownership”. Ownership of an NFT has no relationship to ownership in the American legal system. When you buy an NFT, you are buying a token on the Ethereum blockchain, and the value of that token depends on several factors:

• The integrity of the metadata file and the content itself that the metadata points to
• The integrity of the smart contract underlying the NFT, which is not guaranteed to behave as expected
• The ability of others to actually follow the trail of breadcrumbs to the source image, typically by intermediate sites like Open Sea instead of directly through the blockchain

If any of these points break down – and, as we’ve seen, that’s far from unusual – you’re left with a worthless virtual token. This is really worth keeping in mind if you’re buying and NFT: the value of the token depends on multiple factors that help preserve the linkage between the token and the art, and most of those factors are out of your control.

Some unpersuasive arguments against NFTs

Given those downsides, I’d like to point out a couple arguments I’ve heard that don’t particularly hold water. The first is the environmental argument. One source suggests the Ethereum blockchain uses 72 terawatt-hours of electricity. That’s a lot, but it’s also less than 2% of the USA’s energy usage and a third of a percent of global energy usage. It would be good if we were ~1% closer to solving the climate crisis by reducing energy usage that isn’t socially useful, but removing that tiny percentage point is far short of the kind of progress we need.

What’s more, proof of work blockchains are fully “electrified” already, which means they’re among the easiest sources of energy to back with renewable power generation. I haven’t seen any persuasive evidence that blockchain mining already uses any more renewable energy than anything else, but it won’t be particularly difficult to remove blockchain emissions once the economy as a whole begins to switch over to using renewables. NFTs certainly aren’t especially environmentally friendly, but they’re not destroying the environment any more than any number of other activities you participate in that emit carbon.

A second argument I can’t get behind is that NFTs commodify or restrict art and make it less accessible to the public. In fact, I’d argue it’s the opposite: for better or worse, the part of the NFT that’s actually commodified is the token; the art itself actually has to be publicly available since it’s posted on the blockchain, and there’s no incentive to restrict circulation of the original image because it isn’t the thing being bought and sold.

If you’re really into NFTs, I’m not sure this is the most flattering answer for you. The question that immediately follows is “why is the token itself actually valuable”, and I don’t have a great answer for that besides that a bunch of people either think it’s fun and have money to waste, or they think they can sell it for more than they bought it for.

Should you buy an NFT?

My personal take here is: proceed with caution. The usual rule of “don’t invest more than you’re willing to lose” applies here the same way it applies to most things besides united states bonds and index funds. But as far as speculative assets go, I’d suggest treating an NFT more like a bet at the poker table than a purchase of a stock you think looks hot. There’s a couple reasons for that:

• You should not assume the digital asset underlying your NFT will continue to exist for that long after you purchase it, because of the hosting reasons discussed above
• The behavior of your NFT is likely governed by rules in the smart contract that you don’t fully understand
• You are not buying the digital asset underlying your NFT in any meaningful sense, and its value is wholly dependent on people valuing the specific digital token that you own

Should you refrain from buying an NFT because of its carbon emissions? Personally I try to minimize my carbon emissions where possible but don’t entirely refrain from stuff like eating beef or taking short car trips that contribute to climate change but aren’t strictly necessary. I think it’s OK if carbon emissions are the thing that ultimately makes NFTs not worth it for you, and NFTs are unusually carbon intensive for a casual financial transaction. Ultimately though, it’s not your responsibility to solve climate change by removing everything you do that could emit carbon and I personally would not say NFT carbon emissions make buying them indefensible.

Can you make money buying and selling NFTs? Sure, again kind of like how you can make money playing poker. But even a good poker player won’t win every hand, and like a poker game at a casino the NFT economy needs “whales” who are willing to pump in a lot of money to buy NFTs without being worried about how much they’re losing. You could be a savvy player placing the right bets and winning more than you lose, or you could end up a whale. And, unlike poker, NFTs don’t play by well defined rules or have clear probabilities a skilled player can anticipate.

The other reason people like NFTs is “community”. If you own a Pudgy Penguin you can join their discord and hang out with other penguin-owners on Twitter who recognize you by your penguin avatar. Even though it’s not quite my cup of tea, I can absolutely understand the appeal. Just depends if you think it’s worth the cost.

The one thing I will full-on advise against: if you are buying an NFT representation of an art work because you want some sort of digital ownership of the piece, you are making a terrible decision. Contrary the popular expression that you are “buying a JPEG”, what you are actually buying is a token with a reference to a document with a reference to a location where that JPEG is hosted. As we’ve discussed above, not only is there no legal significance to this “ownership”, but NFT references are on average vastly shorter lived than physical ownership. Your token will live as long as the ethereum blockchain, but the token itself is meaningless without the connective tissue that actually links it to the image it references.

The NFT ecosystem is fast evolving, and the nature of these limitations may change over time. As-is, it really seems like people are paying thousands of dollars for limited virtual trading cards with a weeks-to-months shelf life, driven by hype and whales who are willing to drop tons of cash they don’t care about losing. There’s certainly money to be made, but it’s worth treading with caution in regards to basically every aspect of them.