Continuing a discussion from the Sei developer hours.
The cw721 standard has adopted the metadata standards from erc-721, but appears to have a misunderstanding of the “token URI” in their implementation, leading to a vulnerability in NFTs long term stability on SEI.
the token URI points to an external service where metadata is stored.
In the cw721 standard, metadata is included in the mint function, and stored in the tokens at mint time. When a token is queried, it returns the metadata from it’s state when minted, even if the token URI is updated on the contract level.
In arc-721, the token URI is stored at the contract level, so subsequently when tokens are queried, they check the token URI for the current metadata. Token URI’s can be updated so metadata can be fixed, improved, or even relocated to a different service if the service where they are currently stored goes down.
There’s also a security issue where sniper bots are currently being written to take advantage of this unique situation on the SEI chain where all metadata is released before mints unlike on ETH. People can snipe rare or unique NFTs with bots, leading to an unfair mint environment.
Currently many SEI NFTs store their data on arweave. At the same time people are wondering on reddit about the long term viability of arweave. Imagine what it would do to the SEI ecosystem if arweave went down and no one could update their NFTs with links to new metadata locations.
It would be great to update cw721 to rerference the token URI on the contract level after mint so it can remain mutable as is intended within erc-721’s standard which cw721 is adopted from.