What is ERC-721?

The origin story.#

1. Sept 2017 Dieter Shirley (CTO, Dapper Labs) opens GitHub issue #721 with a draft proposal for a non-fungible token standard. ↗
2. Nov 2017 CryptoKitties launches on 28 November 2017 and immediately exposes ERC-721's per-token gas cost when its growth congests Ethereum.
3. Jan 2018 EIP-721 is finalized on 24 January 2018 with William Entriken as lead author, alongside Shirley, Evans, and Sachs. ↗
4. 2020-09 ERC-2981 (NFT Royalty Standard) proposed to give NFTs a recommended royaltyInfo function — enforcement is left to the marketplace. ↗
5. 2021–22 NFT mania. ERC-721 absorbs PFP collections, generative art, music drops, gaming, and brand experiments. Every limit the spec left to the application layer gets paid for at scale.
6. 2022-04 ERC-4906 adds the MetadataUpdate event so contracts can signal that off-chain tokenURI JSON has changed. ↗
7. 2023 LUKSO mainnet launches with LSP8 as the native NFT primitive — bytes32 IDs, per-token ERC-725Y metadata, LSP1 receiver hooks, and LSP6 operator scoping. ↗
8. 2024–26 Marketplace royalty enforcement debates continue. Transfer-validator patterns and creator-token standards emerge as opt-in policy layers on top of ERC-721, while LSP8 carries the same policy as substrate-level account permissions.

What ERC-721 actually is.#

// EIP-721 — required
function balanceOf(address owner)                  external view returns (uint256);
function ownerOf(uint256 tokenId)                  external view returns (address);
function safeTransferFrom(address from, address to, uint256 tokenId, bytes data) external payable;
function safeTransferFrom(address from, address to, uint256 tokenId) external payable;
function transferFrom(address from, address to, uint256 tokenId)    external payable;
function approve(address to, uint256 tokenId)                       external payable;
function setApprovalForAll(address operator, bool approved)         external;
function getApproved(uint256 tokenId)              external view returns (address);
function isApprovedForAll(address owner, address operator) external view returns (bool);

event Transfer(address indexed from, address indexed to, uint256 indexed tokenId);
event Approval(address indexed owner, address indexed approved, uint256 indexed tokenId);
event ApprovalForAll(address indexed owner, address indexed operator, bool approved);

// EIP-165 — required (interface detection)
function supportsInterface(bytes4 interfaceId) external view returns (bool);

// EIP-721 metadata extension — optional
function name()     external view returns (string memory);
function symbol()   external view returns (string memory);
function tokenURI(uint256 tokenId) external view returns (string memory);

// EIP-721 receiver — required for safe-transfer destinations
function onERC721Received(address operator, address from, uint256 tokenId, bytes data)
  external returns (bytes4);

What's broken about ERC-721.#

1. 01

   The tokenURI trap.#

   tokenURI(tokenId) returns one string per token — typically an HTTPS URL or an ipfs:// CID — pointing to off-chain JSON. The contract has no opinion on what the string points to, what the JSON schema should be, whether the host is still up, who can change the contents, or what changed when. The resolution chain is brittle by design: a marketplace fetches the URI, downloads the JSON from a server or IPFS gateway, parses it according to its own interpretation of OpenSea's de-facto metadata schema (name, description, image, attributes, animation_url, external_url), then fetches the image referenced inside the JSON from yet another host. Each hop is a separate point of failure, and none of the points are typed or verified on-chain. When a pinning subscription expires or a backend goes down, the NFT renders blank in every wallet and marketplace simultaneously — a problem that has hit collections worth hundreds of millions of dollars. Marketplaces and wallets cache results on their own schedules, which is why 'refresh metadata' buttons exist: there is no standard signal for what changed. ERC-4906 (April 2022) added a MetadataUpdate event, but it only signals that *something* changed — it doesn't carry the new state, name the affected field, or guarantee anyone re-reads the URI. Dynamic NFTs, on-chain attribute updates, evolving art, royalty configuration, and trait revelations all depend on off-chain infrastructure the spec deliberately leaves undefined. The contract holds the tokenId; everything that makes the NFT visually or semantically real lives somewhere else, on terms set by whoever is hosting it.

   −

   ERC-721 tokenURI(tokenId) returns (string)

   one URI per token ·off-chain JSON ·no schema ·no integrity check ·no contract-readable typing

   becomes

   +

   LSP8 + LSP4 getDataForTokenId(tokenId, key) returns (bytes)

   typed per-key storage ·VerifiableURI hash-anchored ·contract-readable ·account-permissioned updates

   workarounds tried

   • mutable IPFS pointers (still depends on someone pinning the CID)
   • Arweave permanent storage (paid once at upload)
   • server-rendered metadata APIs (Manifold, Reservoir, custom backends)
   • ERC-4906 MetadataUpdate event (signal-only — doesn't carry the new state)
   • fully on-chain SVG generators (expensive, awkward for rich media)
   • base64-encoded data URIs (on-chain bytes inside the tokenURI string)

   read the deep-dive →

2. 02

   setApprovalForAll is collection-wide.#

   A single signature grants blanket authority over every token in the collection — past, present, and future mints. Marketplaces ask for it once and never have to ask again. The phishing pattern that has drained named NFT collections again and again rides this primitive: trick the holder into one bad signature and every token is gone. Per-token approve exists, but the operator-for-all pattern is the de-facto UX.

   −

   ERC-721 setApprovalForAll(operator, true)

   collection-wide ·phishable ·lasts forever

   becomes

   +

   LSP8 + LSP6 authorizeOperator(op, tokenId, data)

   per-token ·account-gated ·instant revoke

   workarounds tried

   • revoke.cash
   • marketplace allowlists
   • signed-order patterns
   • transfer-validator hooks
3. 03

   safeTransferFrom is only half a hook.#

   ERC-721 defines IERC721Receiver and a safeTransferFrom variant that checks it — but the check is opt-in, the receiver shape is ERC-721-specific, and the non-safe transferFrom still ships. NFTs land in contracts that have no idea what to do with them. The spec's own Rationale is honest about this: 'Different functions are used for transfer and safeTransferFrom to give the caller control over their risk.' The receiver problem was a deliberate scope-out.

   −

   ERC-721 onERC721Received(...) returns (bytes4)

   one asset type ·opt-in only

   becomes

   +

   LSP1 universalReceiver(typeId, data)

   every transfer ·every asset type

   workarounds tried

   • implement every receiver interface per asset standard
   • OpenZeppelin Holder mixins
   • sweeper / rescue contracts

   read the deep-dive →

4. 04

   uint256 tokenIds force a single integer namespace.#

   Cheap and predictable for sequential mints. Awkward when the ID needs to mean something — a content hash, a serial keyed to off-chain state, a structured reference. Teams end up maintaining side mappings to translate, and the ID itself stops being self-describing. You read tokenId 42 and have to consult the contract (or a backend) to know what it points to.

   −

   ERC-721 uint256 tokenId

   one number ·needs side mappings

   becomes

   +

   LSP8 bytes32 tokenId

   hash · serial · ref · number

   workarounds tried

   • off-chain registries
   • hash truncation to uint256
   • multiple side mappings

   read the deep-dive →

5. 05

   One token, one transaction — gas at scale.#

   Transferring 50 NFTs is 50 transactions. CryptoKitties exposed the consequence at launch in late 2017, when its viral growth congested Ethereum and made the per-token gas tax visible at scale. Every airdrop, marketplace sweep, and inventory migration since has paid the same tax. ERC-721A (Azuki's gas-optimized implementation) batches mints internally but still ships the same one-call-per-token transfer ABI; ERC-1155 redesigned the standard from scratch to fix it.

   −

   ERC-721 safeTransferFrom(from, to, id) × N

   one tx per token ·no batching

   becomes

   +

   LSP8 + LSP25 batch ops + relay execution

   bundled ·gas-aware ·gasless-onboardable

   workarounds tried

   • ERC-721A (Azuki impl — mint-batching, same transfer ABI)
   • ERC-1155 (different standard entirely)
   • marketplace bulk-action wrappers

LUKSO designed it differently.#

• LSP8 Identifiable Digital Asset NFTs with bytes32 tokenIds, per-token typed metadata, and the same receiver-aware transfer model as LSP7. The LUKSO direct answer to ERC-721. →
• LSP4 Digital Asset Metadata Typed metadata under ERC-725Y keys: name, symbol, description, icon, images, attributes, traits, royalty config — every field is a typed value at a typed key, readable from other contracts (not just from web3 clients) and updatable via account-permissioned setData calls. The VerifiableURI primitive lets a key point to off-chain media with an on-chain hash, so the chain enforces what the off-chain blob must be — no silent swap of the JPEG after sale. Per-token metadata uses the same model via getDataForTokenId(tokenId, key). Replaces the tokenURI string-dance with structured, typed, per-key storage downstream contracts can actually read and reason about. →
• LSP1 Universal Receiver One hook for every asset type and every transfer. The receiver problem ERC-721's safeTransferFrom only half-solved, generalised. →
• LSP6 Key Manager Operator permissions are account-level, not collection-level. The fix for setApprovalForAll: scoped, named, revocable session keys instead of blanket grants. →
• LSP0 ERC-725 Account A smart-contract account that owns and operates NFTs natively — receives via LSP1, holds typed metadata, authorizes through LSP6, recovers through controllers. →
• LSP3 Profile Metadata Profiles are first-class on the account: name, avatar, bio, links. NFTs gain a holder identity to display alongside, not just a hex address. →
• LSP7 Digital Asset The fungible companion to LSP8 — same receiver model, same operator authorization shape. Multi-asset apps stop implementing four receiver interfaces. →
• LSP25 Execute Relay Call Signed messages a third party can submit on-chain. Gasless mint, gasless transfer, gasless onboarding — without bundlers, paymasters, or a bolted-on mempool. →

ERC-721 vs LSP8 in one table.#

full matrix → erc-721 vs lsp8 →

When to use which.#

FAQ.#

• 01

  What does ERC-721 stand for? #

  ERC stands for Ethereum Request for Comments. ERC-721 is the 721st proposal in that series, and it specifies a minimum interface for non-fungible tokens on Ethereum — assets that are unique and individually owned, in contrast to ERC-20's fungible balances. The proposal was formalized as EIP-721 (Ethereum Improvement Proposal 721), which is the canonical specification at eips.ethereum.org/EIPS/eip-721.

• 02

  Who created ERC-721? #

  Dieter Shirley, then CTO of Dapper Labs, drafted the original proposal on GitHub on 22 September 2017 as the substrate for CryptoKitties. The finalized EIP-721 was published on 24 January 2018 with William Entriken as lead author, alongside Shirley, Jacob Evans, and Nastassia Sachs. Entriken's GitHub bio identifies him as the 'Lead author of ERC-721'.

• 03

  When was ERC-721 created? #

  The GitHub draft proposal opened on 22 September 2017 (ethereum/EIPs issue #721). The formalized EIP-721 was published on 24 January 2018. CryptoKitties launched on Ethereum mainnet on 28 November 2017, between the two milestones, and provided the early load-bearing test of the spec.

• 04

  Is ERC-721 the same as EIP-721? #

  Yes — they refer to the same standard. ERC-721 is the original community proposal name (the proposal number assigned to the GitHub issue); EIP-721 is the formalized specification once it moved into the EIP repository. Most developers say ERC-721 in casual use; eips.ethereum.org/EIPS/eip-721 is the authoritative spec.

• 05

  What's the difference between ERC-20 and ERC-721? #

  ERC-20 is a fungible token standard — balances are interchangeable. balanceOf(address) returns a uint256 and one token is worth the same as any other token in the contract. ERC-721 is a non-fungible token standard — each tokenId is unique and individually owned via ownerOf(tokenId). Both were proposed by Vogelsteller (ERC-20) and Shirley/Entriken et al (ERC-721) in 2015 and 2017–18 respectively. See ercsolved.dev/erc-20/ for the fungible counterpart.

• 06

  What is an NFT? #

  A non-fungible token is a unique, individually-owned, on-chain identifier — most commonly an ERC-721 tokenId on Ethereum or an EVM-compatible chain. The token itself carries little data: it's a uint256 with an ownerOf(...) mapping. Everything visual or semantic about the NFT (image, attributes, description) is typically referenced through tokenURI as off-chain JSON. This is why pinning, hosting, and metadata standards matter so much in practice.

• 07

  What's wrong with ERC-721? #

  Five gaps. (1) tokenURI returns one string per token with no on-chain typing or integrity check — pinning failures kill rendering. (2) setApprovalForAll grants blanket collection-wide authority to operators, the primitive behind nearly every NFT phishing drain. (3) safeTransferFrom only checks IERC721Receiver, is opt-in, and is shipped alongside a non-safe transferFrom that strands tokens silently. (4) uint256 tokenIds are awkward for hashes or structured IDs. (5) One transfer = one transaction, which is what CryptoKitties exposed at launch and every airdrop has paid for since.

• 08

  What is LSP8? #

  LSP8 is the LUKSO Identifiable Digital Asset standard — the LUKSO equivalent of ERC-721, designed by Fabian Vogelsteller (the author of ERC-20). It keeps ERC-721's ownership model and widens tokenId to bytes32, replaces tokenURI with a typed per-token ERC-725Y key/value store, and routes every transfer through the LSP1 Universal Receiver. Paired with LSP6 on the account side, operator authorization stops being a forever-promise to a marketplace.

• 09

  What is ERC-721A, and does it fix anything? #

  ERC-721A is Azuki's gas-optimized implementation of the ERC-721 standard — same external ABI, same selectors, batch-mint optimizations on the internal storage. It materially reduces gas for sequential mints of large collections (the original use case was Azuki's 10,000-piece drop). It does not change tokenURI, doesn't add transfer hooks, doesn't fix the approval model, and doesn't replace the standard. It's an implementation, not a new specification.

• 10

  What about NFT royalties? #

  ERC-721 itself does not define royalties — that was a deliberate scope-out. ERC-2981 added a royaltyInfo recommendation in 2020, but enforcement is marketplace-side and inconsistent. On the LUKSO side, LSP8 likewise doesn't define royalties in its base contract; instead, the LSP6 Key Manager and transfer-layer permissions give finer-grained policy control — royalty enforcement becomes a controller decision on the account, not a marketplace policy negotiation.

• 11

  Can I migrate an ERC-721 collection to LSP8? #

  Yes. The ownership model is the same, so migration is contract-level rather than user-level. The LUKSO docs publish an end-to-end guide for deploying an LSP8 equivalent and bridging holders; the site's own walkthrough is at ercsolved.dev/build/migrate/erc721-to-lsp8/.

• 12

  What is tokenURI and how does it work in ERC-721? #

  tokenURI(tokenId) is the optional ERC-721 function that returns a single string per token — typically an HTTPS URL or an ipfs:// CID — pointing to off-chain JSON describing the NFT. Marketplaces and wallets resolve it by fetching the URI, downloading the JSON, parsing it according to the de-facto OpenSea metadata schema (name, description, image, attributes, animation_url), then fetching the referenced image from yet another host. Nothing about this is enforced on-chain: the contract has no opinion on what the URI points to, what schema the JSON should follow, or whether the host is still up. ERC-721 mandates ERC-165 for interface detection but doesn't mandate the metadata extension at all — it's optional. The result is that 'an NFT' depends on infrastructure outside the contract for everything visual or semantic, which is the source of most NFT metadata problems.

• 13

  Why do NFT images disappear or show as broken? #

  Because the actual image isn't on-chain — the contract just stores a tokenURI string pointing to off-chain JSON, which in turn points to the image at another off-chain location. When any link in that chain fails, the NFT renders blank. Common causes: IPFS pinning subscriptions expire and no peer is keeping the CID alive; the backend server hosting the metadata API goes down or is decommissioned; the image hosting (Cloudflare, S3, the project's own server) returns 404 or is taken down; or the project shuts down and metadata stops being maintained. ERC-4906 added a MetadataUpdate event in 2022 so contracts can tell marketplaces 'refresh this token' — but it doesn't fix any of the underlying availability issues. The LSP4 + VerifiableURI model on LUKSO addresses this by putting typed metadata on-chain under ERC-725Y storage and (for off-chain media) anchoring the hash on-chain so the chain enforces what the off-chain blob must be — a swap of the underlying file becomes detectable on-chain.

• 14

  Has any ERC-721 co-author publicly criticised the standard? #

  Yes. In a March 2020 Medium essay, Dieter Shirley — co-author of ERC-721 and then-CTO of Dapper Labs (the team that built CryptoKitties) — named three specific shortcomings of the standard he helped design: ERC-721 assumes only Ethereum addresses can own an NFT (asset-owning-asset composability needed the more complicated ERC-998 extension); features can't be added retroactively because deployed Ethereum contracts are immutable; and the central-ledger storage model makes per-asset rent accounting unfair (citing the live CryptoKitties contract: ~2M Kitties, 111MB of on-chain data, all in one mapping). The full verbatim quotes paired with their LUKSO LSP answers are in the 'Criticism from the source' section above (ercsolved.dev/erc-721/#author-criticism). The other three co-authors (William Entriken, Jacob Evans, Nastassia Sachs) don't have equivalent retrospective criticism on the record.

Keep reading.#

• identifiable digital asset → LSP8
• digital asset metadata → LSP4
• universal receiver → LSP1
• key manager → LSP6
• erc-725 account → LSP0
• profile metadata → LSP3
• digital asset → LSP7
• execute relay call → LSP25
• erc-721 vs lsp8 (full matrix) → comparison
• all ERC ↔ LSP mappings → matrix
• start from your problem → problems