A new method of cloning existing NFTs called “Mimics” has made its way around Crypto Twitter. NFT natives and degens are already familiar with the thousands of copies of popular collections that attempt to trap newbies by masquerading as the real deal.
While these fake collections only copy the images of their genuine counterparts, Mimics can actively clone the metadata of other NFTs at the code level. A recent article by Cointelegraph has been stirring conversation around the use of Mimics.
Are they a threat or just another gimmick?
How Mimics work
In the code that makes up an NFT, we find the function ‘tokenURI’, which returns the data to which the NFT points, most commonly an image hosted on a server. This function is public and can be run by anyone:
This makes it possible to create an NFT and call another tokenURI function inside its own tokenURI function. This ‘Mimic’ NFT would continue to display the other NFT's data any time its own tokenURI function is called, essentially acting as a clone:
We need to rewind one year to find one of the first instances of Mimics when T.Salem, a blockchain engineer, shared his ‘Counterfeit NFT’ created using the same logic: “the uri() request is proxied to the real NFT contract to fetch the metadata.”
You might argue that this is just a more sophisticated way of automating right-clicking and saving the data of an NFT at the code level, and you would be correct. Mimics do not clone the ownership data of other NFTs, so forget about using a Mimic to gain access to the BAYC ApeFest in a few weeks' time!
However, what implications could Mimics have for NFTs and what message do they send?
Implications of Mimics
The popular NFT standards, such as ERC721 and ERC1155, do not protect the data to which an NFT points at the code level. They protect only the ownership of the NFT, but their actual metadata can be copied and displayed by anyone. This is not an issue if there are ownership verification measures active in all places where the NFT will be displayed.
Yet, as we approach the formation of many large metaverses and the integration of NFTs into them, the protection of the actual data that the NFT displays becomes important. As The Mimicologists Guild states about the tokenURI function:
“‘Shouldn’t only the owner be able to run this function? or shouldn’t it be permissioned in some way? And yes ideally that would be better, but it would make things much more complicated for displaying NFTs on websites, so the standards just make the function public to everyone.”
They provide a way in which an NFT can be upgraded to display its data only when a user or website requests it, but when another contract does the same, they see an image of Rick Astley instead:
However, this is far from a solution as smart contracts most likely will require the data of NFTs to function properly in metaverses and other applications. As the standards used to create NFTs improve over time, we might see a solution to this in the future.
For now, Mimics have cast a spotlight on one of the shortcomings of NFTs as we know them today and given developers the need to start brainstorming.
