Exemple of a NFT code on the blockchain https://polygonscan.com/address/0xc322b221237473c75bb9e0bea85f47e847f5c703#code

The NFT module template: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC721/ERC721.sol

The source code:

// Contract based on https://docs.openzeppelin.com/contracts/4.x/erc721
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.12;

import "@openzeppelin/contracts/token/ERC721/ERC721.sol";
import "@openzeppelin/contracts/token/ERC721/extensions/ERC721URIStorage.sol";
import "@openzeppelin/contracts/utils/Counters.sol";
import "@openzeppelin/contracts/access/Ownable.sol";

contract PonyDrilandNFT is ERC721URIStorage, Ownable {
   
   using Counters for Counters.Counter;
   Counters.Counter private _tokenIds;

   constructor() ERC721("Pony Driland", "PDL") {}

   function mintNFT(address recipient, string memory tokenURI)
       public onlyOwner
       returns (uint256)
   {
       _tokenIds.increment();

       uint256 newItemId = _tokenIds.current();
       _mint(recipient, newItemId);
       _setTokenURI(newItemId, tokenURI);

       return newItemId;
   }

}

This is the base code when you prepare to deploy an NFT. The information is few because the code that really makes everything work is inside the import modules, here you have full control over the NFT while at a NFT Marketplace the source code is managed by the website.

When a NFT Marketplace will show a collection of NFT which was originally deployed by you is just download your NFT to be displayed on the website.

Now let’s explain every part of this code:

address recipient, string memory tokenURI

When you deploy an NFT gallery, it’s like you’re creating a drawing's gallery on the Deviantart , so it’s important to remember that each NFT collection is like a collection of a certain virtual item or drawing.

The entire process of creating an NFT takes place within this single function: mintNFT.

tokenURI is where you put the IPFS protocol link of your NFT. Can you put a link from a website? Yes, but this is considered illegal by some NFT communities. The logic of you using an IPFS protocol is the file does not depend on a DNS domain that may someday become offline doing NFT completely useless.

The recipient is which crypto wallet you want to send your newly created NFT to. It can be for yourself or anyone’s wallet you want. But the data inside the NFT will continue to register you as the original creator of the collection.

The other functions are external functions that belong to the imports I mentioned earlier. They are the ones who really make all the magic happen. Within this code I can also add more other scripts if I want to make a custom NFT. Example: an online game item.

Yep! You can add more values and customize unlimitedly. But the goal of this tutorial is only to explain the simple parts. Be aware that this freedom also allows you to create NFTs malware to steal cryptocurrencies from other users. Be very careful with that!

import "@openzeppelin/contracts/utils/Counters.sol";

This is the module to work the ID counter codes for each NFT created. This works identically to an integer value of a primary number in an SQL.

import "@openzeppelin/contracts/access/Ownable.sol";

This is another optional module that stores the resources to change the owner that manages this NFT collection. This is mostly used when the person is migrating from crypto wallet to a new one.

import "@openzeppelin/contracts/token/ERC721/ERC721.sol";
import "@openzeppelin/contracts/token/ERC721/extensions/ERC721URIStorage.sol";

These other two modules are what really belong in the NFT itself for everything to work. This is a token ERC-721. There are multiple versions of the base code to create an NFT. Currently there are only two most popular ones. The ERC-721 and the ERC-1155.

If you have heard about other names like ERC-20. This is a crypto token for virtual currencies, not for NFTs. (Remember that when you are talking more technically, crypto tokens and cryptocurrencies are not the same thing)

ERC-721 Source code

Now let’s check more closely the original module that composes all the algorithm of the NFT itself. This is where things really get interesting and you start to understand how a NFT actually works.

import "./IERC721.sol";
import "./IERC721Receiver.sol";
import "./extensions/IERC721Metadata.sol";
import "../../utils/Address.sol";
import "../../utils/Context.sol";
import "../../utils/Strings.sol";
import "../../utils/introspection/ERC165.sol";

We’ll find even more modulos in here. You must have already realized that the source code reminds the Java. But this programming language is Solidity. I will not teach here how to deploy a smart contract, but if you are interested, search for Ethereum Remix.

Well. Back to the tiny NFTs!

    // Mapping from token ID to owner address
    mapping(uint256 => address) private _owners;

    // Mapping owner address to token count
    mapping(address => uint256) private _balances;

    // Mapping from token ID to approved address
    mapping(uint256 => address) private _tokenApprovals;

    // Mapping from owner to operator approvals
    mapping(address => mapping(address => bool)) private _operatorApprovals;

If you know how code mapping works, you may already understand everything that is happening here. But for those who are confused, here is the storage of values of everything that happens within this NFT.

Token Id is the NFT registered in the collection. Address is the crypto wallet address. Balance is the token balance of the address.

Yep. the code is small, simple to understand. I don’t need to teach what each one does. That’s reason I’m wanting to jump precisely to the approvals, because this is really the most differentiated part.

The basic functions of a vanilla NFT code are just the storage, the creator address, and the system of transferring the NFT between users.

Everyone here has already realized that there is nothing related to buying or selling NFT. Because this functionality does not really exist within an NFT code. What will really make an NFT be sold will be an external web3 application.

When you are actually the creator of an NFT inside a blockchain, the marketplace has no control over your NFT. MarketPlace can only download your NFT data. This for example makes it easier to create Deviantart-indentical websites where you just do a kind of image gallery synchroniser no need to re-upload each drawing.

For a marketplace to actually control your NFT, this marketplace needs your permission to do so. And this permission system happens precisely in this function: approve()

    /**
     * @dev See {IERC721-approve}.
     */
    function approve(address to, uint256 tokenId) public virtual override {
        address owner = ERC721.ownerOf(tokenId);
        require(to != owner, "ERC721: approval to current owner");

        require(
            _msgSender() == owner || isApprovedForAll(owner, _msgSender()),
            "ERC721: approve caller is not token owner or approved for all"
        );

        _approve(to, tokenId);
    }

Due to the marketplace only downloading your NFT collection (often without your permission), it is common for you to sometimes find your NFT on more than one website at the same time. You can even manage the visibility of your NFT inside this marketplace, but the marketplace is still not allowed to sell your NFT. Selling permission only happens when this function is invoked.

When you invoke this function, you are practically giving permission to another smart contract to manage your NFT Collection. It is within the smart contract of a marketplace that everything really happens about buying and selling. Since you do not invoke these permissions, nothing will happen with your NFTs collection, and all of this is recorded in the blockchain audit.

Crypto wallet apps usually come with a page for you to manage these permissions. Yep, you are not required to maintain these permissions. In the same way that you can remove permission from an app inside Discord to have access to your account, you can do the same thing inside the web3 with your NFTs and any other crypto token.

What is the conclusion of this? NFTs are not natively to be sold or bought, that’s just a resource that belongs in the marketplace. So it’s always important to be careful which marketplace you’re giving these permissions to in the same way you give an app permission to access your Discord account.

What about NFTs created within a marketplace? What really happens?

The first thing we need to understand is that to create an NFT, you need to pay a small gas fee for the amount of processing that will be used. Does the marketplace have enough cryptocurrency to pay the fee for everyone trying to use it for free?

Answer: no

What will actually happen is that first… this NFT will not really be controlled by you, who controls this NFT is the smart contract of the marketplace because it was this dapp that was used to create your NFT.

Second. These NFTs created in the marketplace, they only enter the blockchain after they are bought or sold. (yep. SUS can already start to be detected here)

Then comes the magic question. Okay. If an NFT created in a marketplace is not yet an NFT, how do these NFTs exist there?

It has a term. We call it Lazy NFT. It is an NFT that was “created” within the marketplace website’s database to only be placed on the blockchain after they are sold.

That’s reason this type of NFT only appears in the marketplace it was created, it doesn’t appear anywhere else. If you really want to host an NFT, use IPFS Protocol and look to use an NFT deployment directly in the blockchain instead of using marketplaces of third parties. These websites will even try to profit from your works by charging fees.

How do you detect a Lazy NFT?

You just have to get the address of the smart contract from the marketplace and see if there is an NFT token inside the blockchain.

I have a simple example of a test I did on OpenSea:

https://opensea.io/assets/ethereum/0x495f947276749ce646f68ac8c248420045cb7b5e/69127646911502286443745060318492950152047840159273240060427221806677659484161

https://etherscan.io/address/0x495f947276749ce646f68ac8c248420045cb7b5e?source=post_page-----10dc4f4a710a--------------------------------

Here you can already see the smart contract address of an NFT. TokenID is the numerical value of this NFT stored within the collection.

https://etherscan.io/nft/0x495f947276749ce646f68ac8c248420045cb7b5e/69127646911502286443745060318492950152047840159273240060427221806677659484161?source=post_page-----10dc4f4a710a--------------------------------

Put the NFT Token ID inside the URL with the smart contract ID and you will see that the NFT does not exist.

When the NFT exists. Something like this needs to happen:

https://etherscan.io/nft/0x495f947276749ce646f68ac8c248420045cb7b5e/111742181400930061902510359858657921591493830882442799692376905920228081270785?source=post_page-----10dc4f4a710a--------------------------------

https://polygonscan.com/token/0x5309906b7029777423ce73e767e71292ac7efb30?a=7&source=post_page-----10dc4f4a710a--------------------------------#inventory

The page does not need to display the NFT itself, what needs to happen at least is to say that that token exists. Then comes the other question. Are global NFT marketplaces just for making money?

Answer: Yes

Solution: Don’t create your NFTs on a marketplace, learn to create NFTs yourself so you can really do what you want with this NFT. Whether to create just a decentralized drawing gallery to share on the community, or to make some good application on the internet. What is the best use of a NFT?

What is the best use of a NFT?

1 — You can create a decentralized drawing gallery with the help of the IPFS protocol. This can also be used as a drawing record audit to help you protect against plagiarism or people trying to steal your art.

Remember that within the blockchain the registration of your drawing can’t be dropped, and you don’t have to worry about websites disappearing from existence.

2 — If you work in a fandom, this is the best way you create a sales audit of character adopts. Even if someone else tries to replicate your NFT, remember that the blockchain audit will always show you were the first to create the project.

3 — You can use as an audit of commissions and ychs produced by you. If your customers use crypto as a payment method, in addition to having the authorship, you will always receive payment in full amount without being discounted fees for third-party companies.

4 — Use as a reward system for the people you like most. You can deliver these rewards for free to these people.

5 — Infinite possibilities that remain in your imagination. Just do not abuse this tool.

Bad use examples

1 — Algoritim avatar systems. (that’s what you’ll find most currently at this time that I’m writing this article)

2 — No sense pictures.

3 — Put malware inside the source code to steal crypto.

Banner Credits

Art: Pony Diffusion V6 XL | Image fixes and edits: JasminDreasond