NFT Smart Contract Security Checklist | Hashtag Web3

0 of 37 complete

Minting Security

Secure the minting process against common exploits.

Enforce maximum supply limitcritical

Verify that minting cannot exceed the advertised maximum supply under any circumstances.

Protect against reentrancy during mintcritical

Use ReentrancyGuard on mint functions to prevent callback-based minting exploits.

Validate mint price cannot be bypassedcritical

Ensure msg.value check cannot be bypassed and excess ETH is handled properly.

Limit mints per walletimportant

Implement per-wallet limits and verify they cannot be bypassed via contract calls.

Verify allowlist Merkle proof implementationimportant

Check Merkle tree implementation for vulnerabilities. Use OpenZeppelin's MerkleProof.

Prevent signature replay attacksimportant

If using signatures for allowlists, include nonces and expiration timestamps.

Check for integer overflow in quantity mintsimportant

Batch mint quantity multiplied by price must not overflow.

Token ID and Randomness

Secure token ID assignment and reveal mechanics.

Use verifiable randomness for revealscritical

Use Chainlink VRF or commit-reveal scheme. Block hash is predictable by miners.

Protect against reveal snipingimportant

Prevent minters from predicting which token ID they will receive before reveal.

Verify provenance hash implementationimportant

Provenance hash should be committed before mint starts and verifiable after reveal.

Check for token ID enumeration issuesimportant

Verify token IDs are assigned correctly without gaps or collisions.

Secure batch reveal logicimportant

If revealing in batches, ensure each batch cannot influence future batch outcomes.

Metadata Security

Secure metadata storage and URI handling.

Pin metadata to IPFS or use permanent storagecritical

Use IPFS pinning service or Arweave to prevent metadata loss. Centralized servers are a rug risk.

Freeze metadata after revealimportant

Lock baseURI after reveal to prevent post-mint metadata manipulation.

Validate tokenURI implementationimportant

Ensure tokenURI returns correct URI for all valid token IDs and reverts for invalid ones.

Check for URI injection vulnerabilitiesimportant

If constructing URIs dynamically, ensure no injection of malicious paths.

Verify contractURI for marketplace compatibilityimportant

Implement contractURI for collection-level metadata on OpenSea and other marketplaces.

Royalties and Fees

Implement royalties correctly for marketplace compatibility.

Implement EIP-2981 royalty standardimportant

Use EIP-2981 for on-chain royalty info. Most marketplaces check this standard.

Validate royalty percentage boundsimportant

Royalty percentage should be capped at reasonable level (typically 10% max).

Set royalty receiver correctlyimportant

Royalty receiver should be an address you control. Consider using a splitter contract.

Consider operator filter for royalty enforcementimportant

Implement OpenSea's Operator Filter Registry if you want to enforce royalties on supporting marketplaces.

Test royalty calculation with various sale pricesimportant

Verify royalty math works correctly for both small and large sale amounts.

Access Control

Secure administrative functions.

Protect owner/admin functionscritical

All administrative functions must have appropriate access control modifiers.

Use Ownable2Step for ownership transfersimportant

Two-step ownership transfer prevents accidental lockout from typos.

Limit what owner can change post-mintimportant

Owner should not be able to change critical parameters that could rug holders.

Consider renouncing ownership after launchimportant

For fully decentralized collections, consider renouncing ownership after setup.

Implement withdrawal function for stuck fundsimportant

Have a way to withdraw ETH and accidentally sent tokens from the contract.

ERC-721 Compliance

Ensure full ERC-721 standard compliance.

Implement all required ERC-721 functionscritical

balanceOf, ownerOf, safeTransferFrom, transferFrom, approve, setApprovalForAll, getApproved, isApprovedForAll must all work correctly.

Emit required eventscritical

Transfer, Approval, and ApprovalForAll events must be emitted correctly.

Implement ERC-165 supportsInterfaceimportant

Return true for ERC721, ERC721Metadata, and ERC165 interface IDs.

Handle safeTransferFrom correctlycritical

Must call onERC721Received on recipient contracts and revert if not accepted.

Check zero address handlingimportant

Transfers to zero address should revert. Burning should use a burn function.

Gas Optimization

Optimize for affordable minting.

Use efficient ERC-721 implementationimportant

Consider ERC721A for batch minting efficiency. It significantly reduces gas for multiple mints.

Minimize storage writesimportant

Pack storage variables efficiently. Use uint96 for token counters if under max.

Optimize string operationsimportant

Pre-compute string concatenations where possible. Avoid dynamic string operations.

Test gas costs at various mint quantitiesimportant

Verify gas costs are acceptable for single and batch mints.

Consider lazy minting for large collectionsimportant

For very large collections, consider minting on demand rather than batch minting.

Tips from the field

1.
Test on OpenSea Testnets before mainnet. Marketplace compatibility issues are common.
2.
Use ERC721A for collections expecting batch mints. The gas savings are substantial.
3.
Always verify your contract on Etherscan immediately after deployment.
4.
Keep 10-20% of supply for team, marketing, and unexpected issues. Running out causes problems.
5.
Have a communication plan ready for launch issues. Discord and Twitter must be monitored.