What does Nifty Gotaway check?

Contract identity (name, symbol, standard, total supply, owner, proxy status), platform fingerprint (Nifty Gateway, MakersPlace, Async Art, KnownOrigin, OpenSea Shared Storefront, Foundation, Zora, Manifold, fxhash), storage classification of the metadata and media (IPFS, Arweave, on-chain SVG, data-URI, or private HTTPS), IPFS reachability across six independent public gateways, admin controls (onlyOwner mints, registry-gated transfers, set-once IPFS slots, hidden setBaseURI, niftyRegistryContract overrides), and Sourcify source verification.

Does Nifty Gotaway touch my wallet or my NFTs?

No. All checks are read-only JSON-RPC calls to public Ethereum nodes plus public IPFS gateway HEAD requests. The tool never asks for a signature, never connects a wallet, and never takes custody of anything. There are no accounts and no tracking.

Which chains are supported?

Ethereum, Polygon, Optimism, Arbitrum, Base, and Zora. You can paste either a 0x contract address or an OpenSea item URL of the form https://opensea.io/item/ / / — the chain and token ID are extracted automatically.

Why do NFTs from Nifty Gateway, MakersPlace and Async Art need a preservation check?

These marketplaces sold NFTs whose metadata and media live on the platform's own servers or private IPFS pinning accounts. When the platform shuts down, stops paying for pinning, or simply lets a DNS record lapse, the image and metadata disappear even though the token on-chain still exists. Nifty Gotaway tells you whether the actual bytes are stored somewhere durable, somewhere fragile, or nowhere at all.

Is the report financial or legal advice?

No. Nifty Gotaway is informational only. It is not financial, legal, tax, or custodial advice. The output is a technical description of what is and is not guaranteed by the contract and the current state of its off-chain dependencies.

Nifty Gotaway · Technical explainer · Why every Nifty Gateway NFT depends on a private server

Your NFT is on Nifty Gateway's servers. Here is what that means.

A Nifty Gateway NFT is not stored on Ethereum. The token is on Ethereum; the metadata and the image depend on infrastructure run by a single private company, and on a 1,596-contract subset of the platform's 10,090 deployed contracts (15.8%) the right to transfer the token additionally depends on an external Nifty Gateway-controlled registry. This page documents, step by step, the points at which a Nifty Gateway NFT touches that infrastructure — and what each one means for collectors before the platform's announced closure on 23 April 2026.

The four points of dependency

1. tokenURI() points to api.niftygateway.com

When a marketplace, wallet, or block explorer asks a Nifty Gateway contract "what is the metadata for token X," the contract returns an HTTPS URL on api.niftygateway.com. The contract does not return an IPFS CID. It does not return an Arweave transaction id. It returns "go ask this server." Whatever JSON that server chooses to return at that URL becomes the metadata of the token — at that moment. The server can return different bytes tomorrow, or no bytes at all, without any on-chain transaction.

2. setBaseURI() is owner-mutable

Nifty Gateway's BuilderInstance contracts include a setBaseURI(string) function gated by onlyOwner. A single signature from the contract owner can re-point the metadata base URL to anything — a different domain, an empty string, a CID, or a malicious URL. There is no multisig delay, no timelock, and no on-chain notification.

3. On 1,596 of 10,090 NG contracts (15.8%), the bytecode is linked to an external niftyRegistryContract that, on the standard BuilderInstance template, is consulted before every transfer

The standard 2020-2021 BuilderInstance template implements an onlyValidSender modifier on transfers that defers to an external registry at 0x6e53130ddff21e3bc963ee902005223b9a202106. That registry decides which addresses are allowed to send Nifty Gateway tokens; it is itself a contract owned by Nifty Gateway. On contracts using that template, after the platform shuts down, whether the registry continues to authorise transfers depends on whoever controls it on the day a transfer is attempted.

We checked all 10,090 Nifty Gateway-deployed contracts on-chain by two independent signals: calling niftyRegistryContract() (selector 0xbe772d4c) and scanning the deployed bytecode for the registry address as a literal. A contract is classified "registry-linked" if either signal is positive. 1,596 contracts (15.8%) are registry-linked under this test; 8,464 (83.9%) show neither signal. The split is sharply time-sliced: 97.1% of 2020 drops are linked, 82.3% of 2021, 6.4% of 2022, and 0% of contracts deployed from 2023 onwards. The latest registry-linked drop date observed is 2022-03-29. Coverage is partial in count but heavy in value: the registry-linked cohort accounts for roughly $825M of recorded primary+secondary value vs ~$301M for the unlinked cohort. Pak's Merge is registry-linked (bytecode literal positive); Beeple's Spring Collection contracts (both main and sibling) are not. The full per-contract classification is published at /data/registry-gate-scan.md (machine-readable JSON at /data/registry-gate-scan.json). The matching project-level catalogue for the same 10,090 contracts (drop names, artists, editions, USD figures) is published at /data/nifty-gateway-catalog.json. The two signals are necessary conditions for the standard NG transfer-gate pattern but not formal proofs that any specific contract's transfer function defers to that registry on every call; per-token certainty requires reading the specific contract's source or disassembly.

4. The image lives on nftcdn.niftygateway.com

The metadata JSON returned by api.niftygateway.com contains an image field that points to nftcdn.niftygateway.com. That CDN is the actual hosting location of the picture. It is operated by the same company. If the CDN goes offline, the image goes with it — even if the on-chain token and the metadata JSON are still resolving.

Withdrawal is not ownership transfer

Nifty Gateway tells users to withdraw their assets to a self-custodial wallet before 23 April 2026. Withdrawing is necessary. It is not the same thing as taking ownership of the artwork. The two things that move during a withdrawal are the token and the wallet that holds it. The two things that do not move are the metadata and the image.

A withdrawal is an on-chain transferFrom call. The ERC-721 token is moved from a custodial wallet that Nifty Gateway controls to a wallet whose private key the collector holds. After it settles, ownerOf(tokenId) returns the collector's address. That part is real, on-chain, and irreversible without the collector's signature.

What withdrawal does not change: it does not change what tokenURI(tokenId) returns. It does not move the metadata JSON or the image off Nifty Gateway's servers. It does not revoke the contract owner's ability to call setBaseURI() afterwards. The pointer in the wallet the collector now controls still resolves to api.niftygateway.com and nftcdn.niftygateway.com. When that infrastructure is decommissioned, the URL in the withdrawn token dereferences to whatever Gemini's servers return at that moment, including nothing.

Anyone can verify this in sixty seconds: on Etherscan, call tokenURI with the token id before withdrawal, withdraw, and call it again after. The string it returns is identical. Custody changed; the pointer did not. Gemini's stated Arweave migration, if and when it executes for a given contract, would re-point the tokenURI in a separate owner-signed transaction — but that re-pointing is independent of the withdrawal and depends on contract eligibility.

What Nifty Gateway said in writing — pull-quotes from their own Terms of Use

Each of the four dependencies above is acknowledged in Nifty Gateway's own Terms of Use (Last revised 18 January 2024, archived by the Internet Archive on 29 December 2025; full set with section anchors at /their-own-words).

On layer 1 — what an "NFT" is (§ 2): "NFTs or Nifties means non-fungible tokens (i.e. units of data stored on a blockchain), exclusive of any Artwork or other off-chain file or asset referenced in the code or metadata of the NFTs or otherwise associated with the token."
On layers 1, 2 & 4 — file persistence (§ 11): "We do not undertake any obligation with respect to the Artwork or other files or assets referenced by NFTs, including any obligation to ensure that such files will be available or that any reference to an off-chain file in the NFTs on-chain record will remain functional."
On layer 3 — the registry gate (§ 22): "WE DO NOT GUARANTEE THAT NIFTY GATEWAY OR ANY NIFTY GATEWAY PARTY CAN EFFECT THE TRANSFER OF TITLE OR RIGHT IN ANY NFTs."
On the 23 April 2026 closure (§ 28): "We reserve the right, without notice and in our sole discretion, to terminate your license to access or use Nifty Gateway, the Services, or the Site, at any time and for any reason. You understand and agree that we shall have no liability or obligation to you in such an event."

Source for all four passages: web.archive.org/web/20251229203324/https://www.niftygateway.com/termsofuse/.

The Arweave migration — what it covers, what it does not

Gemini has publicly committed to migrating eligible Nifty Gateway NFTs to Arweave before the 23 April 2026 closure. Arweave is content-addressed and economically designed for permanent storage — a real upgrade. The migration, as described, addresses the image dependency and parts of the metadata dependency. It does not by itself change the on-chain tokenURI() pointer, the setBaseURI() permission surface, or the niftyRegistryContract transfer gate (where it applies — see point 3). Whether a given collector's NFT is "eligible" depends on criteria the platform sets. Even after migration, the contract continues to point at api.niftygateway.com by default unless the contract owner re-points it.

Legal context — the frameworks any consumer claim would start from

A primary sale on Nifty Gateway was a transaction in which a collector paid a quoted price (usually in US dollars) and was described, in marketing materials, drop pages, and confirmation emails, as receiving a digital artwork. The mechanics described above are what was actually delivered on-chain.

The collector receives an ERC-721 token whose tokenURI() resolves to a URL on a server operated by the seller; the artwork bytes themselves reside on a separate server also operated by the seller; the contract owner retains the unilateral right to re-point or empty that URL at any time. Whether this constitutes a fully concluded transfer of the artwork in the consumer-protection sense, or only a transfer of an access token contingent on the seller's continued operation, is a determination for the courts and regulators of each collector's jurisdiction. This page makes no such determination.

The frameworks any such determination would start from include:

United Kingdom — Consumer Rights Act 2015, Chapter 3 (sections 33–47), "Digital content." Section 34 implies a term of satisfactory quality; section 35 a term of fitness for particular purpose; section 36 a term of conformity with description. Sections 42–46 give the consumer the right to repair, replacement, price reduction, or refund where those statutory rights are not met. The Act binds traders established in the UK selling to UK consumers regardless of where the technical infrastructure is hosted. Source: legislation.gov.uk.
European Union — Directive (EU) 2019/770 on contracts for the supply of digital content and digital services. In force across all Member States since 1 January 2022. Articles 7 and 8 set conformity criteria. Article 11 makes the trader liable for any lack of conformity existing at the time of supply; for continuous-supply contracts the trader is liable throughout the supply period (Art. 11(3)). Article 14 sets the consumer's remedies. Whether a particular NFT sale falls under this Directive — and whether a given drop is "single supply" or "continuous supply" — depends on the contract terms and national implementing law. Source: eur-lex.europa.eu.
United States — state consumer-protection statutes. UCC Article 2 (Sale of Goods) has historically been read narrowly on intangibles. State statutes (California CLRA, Civil Code §§1750 et seq.; New York General Business Law §349; FTC Act §5; equivalent statutes in every other state) reach representations made at the point of sale and may apply to inaccurate descriptions of what is being sold, regardless of whether UCC Article 2 governs the underlying transfer.

Two factual questions recur across these frameworks: (1) was the contract a single supply (concluded at delivery) or a continuous supply (trader obligations live throughout the supply period)? The fact that tokenURI() requires the seller's server to remain online to resolve is a factor any court would weigh. (2) What was the conformity description — what did the platform's marketing, drop pages, and terms of use describe as being sold, and does the on-chain delivery conform to that description? Both are questions of fact for individual sales and individual jurisdictions.

Five-step preservation checklist

Pull the metadata JSON now. Save the current response from tokenURI() to a local file. This is the canonical metadata in its current form.
Pull the image now. Save the file at the image URL inside that JSON, full resolution.
Pin to two independent IPFS providers. Pinata, web3.storage, Filebase, NFT.Storage — pick two and pin both the metadata JSON and the media file. A single provider is one bankruptcy away from a 404.
Mirror to Arweave. ArDrive, Bundlr, or Akord. Arweave is economically designed for permanence. Costs a few dollars per file. Record the txid.
Sign a custody attestation from your own wallet. Publish a signed message: "As of block N, I hold token X of contract Y. The canonical bytes of that token are on IPFS CID Z and Arweave txid W." This becomes your provenance of last resort if the on-chain pointer drifts.