One of the most prominent features of blockchain technology is its ability to conduct transactions between two parties without an intermediary or central authority. Imagine buying a house without the need to deal with real estate agents, not to mention the excessive paperwork you’ll need to go through. You might be wondering, how does this distributed database store and record transactions without the need for a third party? Here comes the role of the revolutionary technology known as Smart Contracts.
I know, the word contract can seem daunting as it can sound like a legal term. I will assure you, smart contracts are not your usual written agreements. Are they even that smart? What do you know about the underlying technology responsible for all your precious NFTs?
It’s one thing to trade on the NFT market and cash in on serious profit, but it’s another thing to do it blindly. Understanding what a smart contract is, how it relates to NFTs, its advantages and use cases, and even learning how to read it can bring you one step ahead of the market. The NFT space is full of scammers that embed their fraudulent acts into an NFT smart contract.
This article will be your one-stop guide for all your smart contract inquiries. By the end, you’ll be able to read and understand an NFT smart contract without delving deep into its coding aspect. You’ll be able to scam the scammer by not being scammed, make sense? Let’s dive into the fundamentals of a smart contract.
What Is a Smart Contract?
Most definitions will tell you that a smart contract is a self-executing mechanism that conducts sale agreements between two parties. But, what does that mean? Let’s dissect this sentence into bits.
- Self-executing: Smart contracts are autonomous. That means that they can be deployed without an external factor. The contract will self-execute once certain conditions are met.
- Mechanism: Smart contracts are software/programs that are written in code. Unlike regular contracts written in comprehensible language, smart contracts are fully written in a programming language.
- Conducts sale agreements: Smart contracts are programs that run on a blockchain. Since the blockchain is a digital ledger, the first role of a smart contract is to facilitate and automate the transaction process between two parties.
Smart Contract Example
If you’re still not sure what a smart contract is, let’s give you an example:
Let’s say you go into a supermarket to buy a bar of chocolate. After deciding on a brand, let’s say Snickers, you go and wait in line at the cash register. The line is awfully long and the guy in front of you decided to buy the whole market.
When it’s your turn, you have to tolerate the incompetent employee that’s speaking on the phone. You then pay and leave after a long and exhausting process to buy a bar of chocolate.
But, wait. The chocolate is already open. You go back for a refund and the employee tells you that it’s not his problem.
Summary: Sad day, no chocolate, loss of money.
Let’s say you went to buy from a vending machine the next day. No long waiting line. No annoying employee. You simply put your money in the vending machine, it verifies that you have insured enough money to get your Snickers out without the need for an intermediary or central authority, and voila you get what you want.
Smart contracts are exactly like these vending machines, however, smart contracts don’t execute unless certain conditions are met. For example, if the chocolate is already open, the machine won’t take your money in the first place.
So in short: A smart contract is autonomous software that automatically runs if certain conditions are met. It’s built on the “if X is true, then Y is done”. The conditions are predefined by computer code that is written by the contract deployer. These conditions are then replicated and executed by all blockchain nodes.
Smart Contracts and NFTs
Since we’ve covered what a smart contract is, let’s see how it correlates to NFTs. NFTs are non-fungible digital assets that act as certificates of ownership. How are NFTs created? Well, they are minted through smart contracts on an immutable blockchain.
Smart contracts assign ownership and reassign it each time an NFT is transferred or sold. The code within the smart contract describes how the NFT will function and which agreements need to be met in order to execute a transaction.
They are also used to define the unique attributes of each token, as well as to specify the conditions under which the token can be bought, sold, or traded. For example, a smart contract for an NFT might specify that only the owner of the token is authorized to sell or transfer it, or that a certain percentage of the sale price must be paid to the original creator of the token.
The great thing about smart contracts is that they provide a transparent and decentralized way of managing the ownership and transfer of digital assets. They can also help to ensure that the rights and interests of NFT creators and owners are protected and that transactions are conducted fairly and securely.
Let’s go over some of the key features of a smart contract.
- Autonomous: Smart contracts are self-executing, meaning they automatically execute when certain conditions are met, without the need for human intervention.
- Trustless: Smart contracts operate based on the rules defined in their code, thus, they do not require intermediaries or third parties to validate their transactions.
- Transparent: Blockchains are public ledgers, and therefore, the smart contracts’ source code is visible to all.
- Immutable: Smart contracts cannot be altered after they’re deployed. They can only be deleted IF a certain function was previously implemented in their code.
- Programmable: Smart contracts are programmable, meaning that they can be customized and modified to meet the specific needs of different applications and use cases.
How Do They Work?
After understanding the value that smart contracts provide, you might be asking, how does it actually work? Well, it operates following these steps:
- Agreement Settlement: Parties involved in a transaction will first negotiate on the obligations, rights, and desired outcome agreement.
- Setting Conditions: Parties set the predetermined conditions which the smart contract has to meet before execution. For example, time constraints, authorization, sale percentage, and more. Here the if, then logic gets assigned. For instance, IF a user sends a certain amount of cryptocurrency, THEN the digital assets mentioned in the contract get transferred to said user.
- Smart Contract Coding: The contract deployer will program software that will automatically execute the contract once the conditions are met. In most cases, smart contracts are written using the Solidity programming language.
- Deployment: The smart contract is then deployed onto the blockchain network using cryptography encryption where it becomes publicly available for execution.
- Execution: When the predefined conditions are met, the smart contract automatically executes the terms of the agreement.
- Validation: The blockchain network validates the execution of the smart contract, ensuring that the terms of the agreement have been met and that the transaction is valid.
- Storage: The executed transaction is recorded on the blockchain, creating an immutable record of the transaction.
- Settlement: Once the transaction is validated, the smart contract automatically settles the transaction by transferring the agreed-upon assets or funds to the respective parties.
- Network Update: After executing the contract, all nodes in the blockchain network get notified to update the ledger accordingly. Once updated, the smart contract cannot be modified.
How to Read a Smart Contract
Now that you know how smart contracts work, let’s get into how you can read one. Before you freak out and start looking for ways to escape this article, let me tell you this: you can actually read a smart contract without learning how to code. Crazy? Perhaps. But there is more than one way to actually read and understand an NFT smart contract.
You can either rely on platforms like Etherscan where you can read the smart contract without tapping into the source code. And you can either learn the basics of a smart contract code so you can at least understand what the heck is going on.
Why Is It Important to Understand NFT Smart Contracts?
But, why read a smart contract in the first place? Right? Wrong. If you think about it, in each NFT transaction you do, you are signing off your life savings blindly without reading the underlying agreements of its smart contract.
Reading a smart contract is very essential in the NFT ecosystem. It gives you the ability to access insights into the popularity of the project, its transaction history, and much more. But most importantly, reading a smart contract can save you from scammers who embed their fraudulent acts within the code of a smart contract.
The first rule of signing something is to always read it. When you press the Mint button, you are actually signing the agreements of whatever is coded into the NFT’s smart contract. You may be signing a fraudulent contract that is written to drain your wallet. In addition, reading a contract can help you understand the NFT’s regulations so you don’t fall for any copyright infringement issues.
Reading Smart Contracts Using Etherscan
We’ll start with the easy part. Etherscan is a blockchain explorer and analytics platform built on the Ethereum network. Etherscan provides users access to information about specific NFTs, wallets, transactions, and most importantly, smart contracts.
The process of reading a smart contract through Etherscan goes by:
- Finding a smart contract address.
- Going through basic details such as token name, contract creator, contract type, tokens held in the contract, and much more.
- Understanding the statistics of a certain token and the history of transactions within a contract.
- Navigating to the source code for an advanced understanding.
#1. Finding a Smart Contract Address
There are two ways to find a smart contract address for a specific NFT: Etherscan’s search bar, and official websites.
Once you navigate to Etherscan.io, you can see a large search bar on the homepage. This search bar allows you to query the blockchain by token name, ENS, block number, wallet address, or transaction hash. Let’s say we are trying to find Genuine Undead’s smart contract.
Although it might seem fairly easy to use Etherscan’s search bar, it is not always the best option to do so. Since the platform goes through all similar names recorded on the blockchain, it might give you results for scams and inauthentic tokens. This will result in inaccurate information, in addition to harmful effects it might lead to when interacting with the smart contract.
After clicking on the result, the platform will take you to the collection’s token page where you can find the smart contract’s address on the right-hand side.
The second method, which is the recommended option, is to look for a project’s smart contract address through official websites and marketplace listings. This can be found either on a project’s official website, Opensea page, Discord, marketplace listings, CoinGecko page, and any other similar official platforms.
To find a project’s smart contract address on Opensea, simply navigate to the desired project’s Opensea page, in this case, it’s Genuine Undead. Clicking on a random NFT will take you to the token’s main page. From there, you can navigate to the details section on the left-hand side, under the media file, and click on the contract’s address.
#2. General Data Overview
Once you are at the contract’s homepage, you’ll notice different sections and tabs that might seem overwhelming at first glance. So, let’s go over each section and what it does mean.
In the Overview section, you’ll find details about the project’s balance, value, and token.
- ETH Balance: The balance illustrates the total ETH held by a certain contract.
- ETH Value: This showcases the total value of the contract in ETH.
- Token Holdings: The token holding page lists token assets owned by an address.
In the More Info panel, you’ll find:
- The wallet address of the creator and the transaction hash. If you click on the wallet’s address it will redirect you to the info page that has all the details of the creator’s wallet.
- Token Tracker link that will take you to the page of the native token of a smart contract.
Looking through the creator’s wallet address could give you insights into the history of transactions the creator has made in the past. Why would you want to know? Well, any shady transactions, no transaction history, or even a new contract with no past activity can tell if the contract deployer is trying to scam you or not.
#3. Understanding Token Tracker
Before we continue to the bottom of the contract’s page, let’s click on the Token Tracker’s link found on the right-hand side card above.
The link will take you to the token’s page where you will get access to the token’s supply, the number of wallets that own the token, and the number of transfers it made.
We can see in the overview right-hand card the:
- Max Total Supply: 9,999 CU
- Number of Holders: 2929
- Total Transfers: 88,434
What can we take from this information? These numbers are an indication of how well the project is doing as well as an indication of the project’s security. Ownership distribution is a clear sign of how well the project is secured against dumps that might cause the price to plummet.
For example, if the total supply of a certain collection is 10,000 tokens, and 6,000 tokens are owned by one wallet address, the project is being impacted by just one player, This can cause the NFT collection in question to be vulnerable to price manipulation.
We can also look at the token holders based on the percentage of the total token supply they own. You can navigate to this page by clicking on the Holders tab in the middle banner.
#4. Reading an NFT Transaction
While still on the Token Tracker page, before the Holders tab, we can take a look at the NFT transfer history of a certain project. For each transaction, we have the following information:
- Transaction Hash
- Method of contract
- Time Stape (Age)
- Token Transfer From
- Token Transfer To
By clicking on the left view icon next to each transaction, you can read further details and actions within each transaction.
Let’s dissect quickly each section:
- Transaction Hash value
- Status: Whether the transaction was conducted successfully or not.
- Block number relating to blockchain.
- Timestamp: What time the transaction was added to the blockchain.
- Transaction Action: Summary of the transaction, how many tokens, price transferred in ETH, and which platform the transaction was conducted on.
- From: Wallet address that conducted the transaction.
- Interacted With (To): Which wallet/marketplace the transaction was conducted with.
- ERC-721 Tokens Transferred: The token ID that was transferred.
- Value: The amount paid in ETH for a certain token.
- Transaction Fee: Gas used by transaction in ETH.
- Gas Price: The price offered to the block producer to purchase this amount of gas in GWEI.
#5. Contract Transactions
Going back to the smart contract’s main page, we can notice the banner full of tabs in the middle.
- Transactions: This is where you can find the history of transactions conducted by external addresses, which are usually users’ wallets.
- Internal Transactions: Here you can find transactions triggered internally, usually by smart contracts.
- ERC-20 Transactions: The ERC-20 transactions tab shows any transaction where an ERC-20 token was involved.
- NFT Transfers: Showcases the recent NFT token transfer events.
- Contract: Here you can access the contract source code.
- Analytics: An overview of the project’s analysis.
- Info: General project description.
Just like we saw in the Transfer tab before, you can go over the history of a smart contract’s transaction and interaction with a smart contract.
This is another way for you to assess the project’s legitimacy before signing your savings away. If the project you want to invest in has processed many transactions for a long time, that means that the project has been running for a while with an active user base. However, if all transactions were conducted recently and by the same recurring wallets, this might raise some questions.
#6. Contract Reading
Finally, we’ve come to the actual smart contract reading. Reading a smart contract means that you are querying data stored on-chain. Thus, reading a contract does not affect or alter the contract’s data or any blockchain state. To read a contract without having to actually understand the source code can be done easily on Etherscan. You can navigate to the Contract tab within the banner and click on read contract.
Some parameters within the smart contract are stable and cannot be queried.
Let’s see some of Genuine Undead’s stable parameters.
This is where you find the hidden link for the collection’s metadata.
The maximum allowed mint per transaction.
Maximum token supply
Merkle root hash
name: Genuine Undead
Name of the collection
Wallet address of owner
Showcases whether the NFT collection is revealed or not.
Smart Contract Queries
Now, let’s make some smart contract queries.
First, we need a wallet address that we’re sure owns Genuine Undead tokens. We can navigate to the Holders tab in the Token Tracker to get the top wallet address.
In the smart contract query, we can request whatever information we need from the smart contract. For example, if we want to check if the wallet ID 0xBcA9Faa3 actually owns 205 Genuine Undead NFTs, we can go to the balanceOf tab and type in the wallet address in question.
Running the balanceOf function gives us that the wallet address 0xBcA9Faa3 does in fact have 205 Genuine Undead NFTs.
We can also request from the smart contract to showcase which token ID is owned by which wallet address using the ownerOf function. For instance, the NFT with the token ID of 7161 is owned by 0x48AD42667.
Also, here you can check if the NFT collection’s metadata is stored on-chain or on of-chain services like IPFS. We can check a token’s metadata by running the tokenURI function. For example, Genuine Undead’s collection is stored off-chain on IPFS.
How to Spot a Smart Contract Scam
Now that you know how to access and read an NFT smart contract and blockchain transactions, you can take your knowledge a step further so you can truly spot a smart contract scam. This requires some basic coding knowledge and an understanding of what smart contract functions are. I know. I said there won’t be a coding talk. But bear with me. You will need this information next time you mint an NFT or make a transfer on the blockchain.
What Are Smart Contract Functions?
In order not to carry out a coding course within this article, we’ll cover only the parts of code we need to check in a smart contract.
Smart contract functions are pieces of code within a smart contract that carry out specific actions. When you want to use a function, you call the function. Therefore, calling a function initiates an interaction between a wallet and a specific platform.
Smart contract functions are a scammer’s go-to method when setting up a contract scam. Let’s go over which smart contract functions are used to drain wallets.
The SetApprovalForAll smart contract scam is a type of phishing attack that targets users of NFT marketplaces such as OpenSea. In this scam, the attacker creates a fake smart contract and tries to trick users into approving the scam contract to operate on their behalf by using the “SetApprovalForAll” function.
The “SetApprovalForAll” function is a standard ERC721 smart contract function that allows a user to approve a third-party contract to manage all of their NFTs. This function is often used to provide marketplaces such as Opensea with the creator’s consent to transfer NFTs to buyers. When a user buys an NFT on Opensea, the platform will transfer the NFT from the creator’s wallet to the buyer’s, and then transfer the money from the buyer’s wallet to the creator’s.
The scam works by the attacker creating a fake smart contract that looks like a legitimate contract, often using a name that is similar to a well-known project. The attacker will then try to convince users to approve the fake contract using social engineering techniques such as offering rewards or making false claims about the benefits of approving the contract. Once the user approves the fake contract, the attacker can transfer all of the user’s NFTs to their own wallet.
The SetApproveForAll function is only used when:
- You’re listing an NFT on a marketplace, then, seeing the function is a good sign. It makes sense in this context since the marketplace needs your permission to access and transfer your NFTs.
The SetApproveForAll function is NOT used when:
- Minting an NFT
- Buying an NFT
- Signing up for an allowlist.
Next time you scout a smart contract for this function, see if what you’re doing aligns with what the function is intended for.
This function is another ERC721 and is used whenever a user wants to transfer an NFT from their wallet to another wallet. For example, if you want to send an NFT from your wallet to another users’ wallet, you’d see a SafeTransferFrom function that requires you to approve the transaction, and that it is safe to transfer from your wallet.
However, a scammer might create a fake smart contract, mimicking a minting contract. The scammer would invite people for a “free mint”. In this case, hitting the button “mint” would trigger the SafeTransferFrom function and give the contract your approval to transfer your NFTs to the scammer’s wallet.
If you make a habit out of reading a smart contract, you can look for these types of scam by looking through the source code. If you find the SafeTransferFrom function in a minting contract, that means it is a scam. In a minting contract, you’ll find a minting function. Why would a minting contract TAKE from you NFTs?
This function is similar to the SafeTransferFrom in terms of the scam process. The SendEth function is used when users send ETH from their wallets to another wallet. Just like the previous functions, scammers can replace the “minting” function with “SendEth” function to make users send out their funds.