30 Common Mistakes NFT Developers Make (And How to Avoid Them)
NFT development combines smart contract security with art, metadata, and launch logistics. Here are the most common mistakes that cost NFT developers money, reputation, or both.
Smart Contract Vulnerabilities
Using sequential token IDs for reveal
highPredictable token IDs let snipers identify rare NFTs before reveal by watching metadata.
Fix: Use randomized assignment with Chainlink VRF or commit-reveal schemes.
No reentrancy protection on mint
highMint functions with callbacks (like safe transfers) can be exploited for extra mints.
Fix: Use ReentrancyGuard and checks-effects-interactions pattern.
Integer overflow in batch minting
highPre-0.8.0 contracts without SafeMath could overflow mint counters.
Fix: Use Solidity 0.8+ or implement proper overflow checks.
Unchecked array lengths in airdrops
mediumAirdrop functions without length limits can exceed block gas limit.
Fix: Batch airdrops with reasonable limits per transaction.
Allowing mints to contracts without callback check
mediumMinting to non-ERC721Receiver contracts locks tokens permanently.
Fix: Use safeMint or implement receiver checks.
Allowlist Issues
Storing allowlist on-chain
mediumOn-chain arrays are expensive and can be manipulated by watching transactions.
Fix: Use Merkle trees for gas-efficient, tamper-proof allowlists.
No per-wallet mint limits on allowlist
mediumAllowlisted addresses can transfer their spot to others or mint multiple times.
Fix: Track mints per address and enforce limits.
Merkle proof replay attacks
highValid proofs can be reused if contract doesn't track used proofs.
Fix: Mark addresses as claimed after successful mint.
Allowlist signature without expiry
mediumSigned allowlist entries without expiry can be used indefinitely.
Fix: Include expiry timestamp in signed messages.
Front-runnable signature reveals
mediumSignatures revealed in pending transactions can be stolen.
Fix: Tie signatures to specific msg.sender addresses.
Metadata Problems
Centralized metadata hosting
highTraditional hosting means metadata disappears if server goes down.
Fix: Use IPFS, Arweave, or on-chain storage for permanence.
Mutable metadata without transparency
mediumAbility to change metadata after mint destroys trust.
Fix: Use provenance hash and freeze metadata after reveal.
No provenance hash
mediumWithout provenance, you cannot prove art was finalized before minting.
Fix: Hash all metadata/images and publish before mint starts.
Incorrect token URI implementation
mediumReturning wrong URI format breaks marketplace display.
Fix: Test on OpenSea testnet before mainnet. Follow metadata standards.
Large image files
lowLarge files slow loading and increase IPFS pinning costs.
Fix: Optimize images. Use proper compression. Consider thumbnails.
Randomness Failures
Using block.timestamp for randomness
highMiners can manipulate timestamps within bounds. Not truly random.
Fix: Use Chainlink VRF for verifiable randomness.
Predictable blockhash randomness
highblockhash(block.number) is always 0. blockhash of past blocks can be known.
Fix: Use commit-reveal or Chainlink VRF.
Single-transaction reveal
highReveals in same transaction as mint let attackers simulate and cherry-pick.
Fix: Separate mint and reveal into different transactions/blocks.
Insufficient randomness entropy
mediumCombining weak entropy sources doesn't make strong randomness.
Fix: Use cryptographically secure randomness from oracles.
Access Control
Owner can rug-pull funds
highArbitrary withdrawal functions let owners steal mint proceeds.
Fix: Use transparent withdrawal to known addresses or multi-sig.
No withdrawal function
highForgetting to include a withdrawal function locks ETH in contract forever.
Fix: Always test withdrawal on testnet before mainnet deploy.
Single owner key
highOne compromised key loses entire collection control.
Fix: Use multi-sig for owner functions.
Pausable without unpause
mediumSome contracts can be paused but have no unpause function.
Fix: Ensure all pausable functionality can be reversed.
Royalty Issues
No on-chain royalty support
mediumWithout EIP-2981, royalties depend on marketplace voluntary enforcement.
Fix: Implement EIP-2981 royaltyInfo function.
Immutable royalty recipient
mediumCannot update royalty address if wallet is compromised.
Fix: Make royalty recipient updateable by owner/multi-sig.
Excessive royalty percentages
lowVery high royalties encourage marketplace bypass.
Fix: Keep royalties reasonable. 5-10% is standard.
Launch Mistakes
No gas optimization
mediumHigh gas costs during popular mints price out regular users.
Fix: Use ERC721A for batch minting. Optimize storage operations.
Unverified contract on Etherscan
mediumUnverified contracts look suspicious and reduce trust.
Fix: Verify source code immediately after deployment.
No testnet testing
highDeploying directly to mainnet without thorough testing.
Fix: Test extensively on Goerli/Sepolia. Test OpenSea display.
Wrong network deployment
highAccidentally deploying to wrong network or testnet with real funds.
Fix: Double-check network ID in deployment scripts.