EIP4907: ERC-721 User And Expires Extension

From a business and legal point of view, handling the ownership of any asset is a problem solved by ancient romans lawyers. Basically, you need to handle 3 properties:

• Who is the owner of an assets, basically who is able to transfer the ownership of the asset, and by default setting is also the owner of any other rigths.
• Who can use the asset. For instance, the one who lives on a rented house
• Who can take the benefits from the asset (romans call this ius fruendi). Using the same rented house example, the landlord of the house is the one who owns this right.
  This way of modeling this has worked over 2.000 years… honestly I doubt any one in the crypto world can make something better.

I will be happy to chat more. Please check this out: → EIP-tbd Rental & Delegation NFT - ERC-721 Extension

Great, i would like to chat more. Please, check this out: → EIP-tbd Rental & Delegation NFT - ERC-721 Extension

Great point, please check this out: → EIP-tbd Rental & Delegation NFT - ERC-721 Extension And let us know, what you think.

What is the consensus on this EIP? What projects are using it?

This seems like a pretty serious issue that I have not seen addressed:

When I was testing ERC-4907 contract, I found out something. Let’s say an NFT with token id:1 was minted on user(1) and rented to user(2) for 3 days. Now during these 3 days, whenever user(1) transfers that NFT to let’s assume user(3), user(2) which should have access to rented NFT for 3 days, now no longer have access to that NFT. userOf(1) sets to address(0). This can be overcome by adding modifiers and overriding transfer and safeTransfer functions of ERC-721.

// SPDX-License-Identifier: CC0-1.0
pragma solidity ^0.8.0;

import "@openzeppelin/contracts/token/ERC721/ERC721.sol";
import "@openzeppelin/contracts/utils/Counters.sol";
import "./IERC4907.sol";

contract ERC4907 is ERC721, IERC4907 {
    using Counters for Counters.Counter;
    Counters.Counter private _tokenIdCounter;


    struct UserInfo
    {
        address user;   // address of user role
        uint64 expires; // unix timestamp, user expires
    }

    mapping (uint256  => UserInfo) internal _users;

    modifier notRented(uint256 tokenId){
        require(userOf(tokenId)==address(0),"can not transfer rented NFT");
        _;
    }

    constructor(string memory name_, string memory symbol_)
     ERC721(name_,symbol_)
     {
     }



    function safeMint(address to) public {
        _tokenIdCounter.increment();
        uint256 tokenId = _tokenIdCounter.current();
        _safeMint(to, tokenId);
    }

    /// @notice set the user and expires of a NFT
    /// @dev The zero address indicates there is no user
    /// Throws if `tokenId` is not valid NFT
    /// @param user  The new user of the NFT
    /// @param expires  UNIX timestamp, The new user could use the NFT before expires
    function setUser(uint256 tokenId, address user, uint64 expires) public virtual{
        require(_isApprovedOrOwner(msg.sender, tokenId),"ERC721: transfer caller is not owner nor approved");
        UserInfo storage info =  _users[tokenId];
        info.user = user;
        info.expires = expires;
        emit UpdateUser(tokenId,user,expires);
    }
    function getTimestamp()public view returns(uint256){
        return block.timestamp +300;
    }

    /// @notice Get the user1664725514 address of an NFT
    /// @dev The zero address indicates that there is no user or the user is expired
    /// @param tokenId The NFT to get the user address for
    /// @return The user address for this NFT
    function userOf(uint256 tokenId)public view virtual returns(address){
        if( uint256(_users[tokenId].expires) >=  block.timestamp){
            return  _users[tokenId].user;
        }
        else{
            return address(0);
        }
    }

    /// @notice Get the user expires of an NFT
    /// @dev The zero value indicates that there is no user
    /// @param tokenId The NFT to get the user expires for
    /// @return The user expires for this NFT
    function userExpires(uint256 tokenId) public view virtual returns(uint256){
        return _users[tokenId].expires;
    }

    /// @dev See {IERC165-supportsInterface}.
    function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
        return interfaceId == type(IERC4907).interfaceId || super.supportsInterface(interfaceId);
    }

    function _beforeTokenTransfer(
        address from,
        address to,
        uint256 tokenId
    ) internal virtual override{
        super._beforeTokenTransfer(from, to, tokenId);

        if (from != to && _users[tokenId].user != address(0)) {
            delete _users[tokenId];
            emit UpdateUser(tokenId, address(0), 0);
        }
    }

    function transferFrom(
        address from,
        address to,
        uint256 tokenId
    ) public virtual override notRented(tokenId){
        //solhint-disable-next-line max-line-length
        require(_isApprovedOrOwner(_msgSender(), tokenId), "ERC721: caller is not token owner or approved");

        _transfer(from, to, tokenId);
    }

    /**
     * @dev See {IERC721-safeTransferFrom}.
     */
    function safeTransferFrom(
        address from,
        address to,
        uint256 tokenId
    ) public virtual override notRented(tokenId){
        safeTransferFrom(from, to, tokenId, "");
    }

    /**
     * @dev See {IERC721-safeTransferFrom}.
     */
    function safeTransferFrom(
        address from,
        address to,
        uint256 tokenId,
        bytes memory data
    ) public virtual override notRented(tokenId){
        require(_isApprovedOrOwner(_msgSender(), tokenId), "ERC721: caller is not token owner or approved");
        _safeTransfer(from, to, tokenId, data);
    }

}

Hey mate, great documentation. Are these features approved and ready to be implemented into any dApp ? or do you need to get it approved first.

thank you

For rental protocol, to protect the use rights, the ERC-4907 NFT can be staked to a contract.

Double Protocol Lending Example:
Glossary:

• oNFT: original NFT, which is an ERC-4907 NFT
• doNFT: DOUBLE NFT. doNFT complies with the ERC-721 standard and represents a certificate for the right to use the NFT within a specific time.
• vNFT: A special doNFT, as a voucher to redeem the original NFT.

WechatIMG1261958×924 53.1 KB

Steps:
1 Alice calls setApprovalForAll() function of oNFT contract, approves doNFT contract can transfer the oNFT token.

2 Alice calls mintVNft() function of the doNFT contract to mint a vNFT token:

2.1 doNFT contract calls transferFrom() function of oNFT contract.

2.2 doNFT contract transfers the oNFT token to the doNFT contract. After that, the owner of the oNFT will become the doNFT contract.

2.3 doNFT contract mints a vNFT token and transfers it to Alice.

2.4 doNFT contract calls setUser() function of oNFT contract.

2.5 Set user to Alice so that Alice can use the oNFT when the oNFT is not rented.

3 Alice calls createLendOrder() function of the market contract, sets the rental price, period, and creates a lending order in the market.

More details: ERC-4907 Model Timing Diagram - Double

Some NFTs can be rented on double.one：

• Warena
• Nova Creed: Avatars
• Nova Creed: Ships

Some ERC-4907 contracts:

Hello, i’m new here on ethmagicians
I’m actually wondering if the final stage means “this implementation = standard” or if the just the interface should be considered as such, thus not setting in the stone the implemention given in gitHub
Not sure if I should discuss in a different EIP or the discusssion on the implementation goes on even when the EIP is marked as “final”.

Anyway i’ll make my question here

Wouldn’t an implementation like this just fix the usership problem while enabling non-custodial protocol to handle 4907 or you can see major iussues doing like:

1. When the usership expires returns the ownerOf() instead of address 0.

  function userOf(uint256 tokenId) public view virtual override returns(address){
        if( userExpires(tokenId) >=  block.timestamp){
             return  _users[tokenId].user;
         }
         else{
             return address(ownerOf(tokenId));
         }
    }

2. Prevent usership to be set again before the current expires.

By allowing setUser to be changed while user is not expired, it becomes mandatory to have an intermediary contract to own the NFT, to prevent the real owner to call setUser() or transfer triggering the delete info[tokenId]
This makes possible for a renter to delegate a contract to setUser instead, thus not requiring custody. In this scenario the user is guaranteed to retain usership from start to end.

function setUser(uint256 tokenId, address user, uint256 expires) public virtual override {
        require(_isApprovedOrOwner(msg.sender, tokenId), "ERC4907: transfer caller is not owner nor approved");
        require(userOf(tokenId) != ownerOf(tokenId), "ERCXXX: user can't be set before expiration");   
        UserInfo storage info =  _users[tokenId];
        info.user = user;
        info.expires = expires;
        emit UpdateUser(tokenId, user, expires);
    }

3. Don’t override _beforeTokenTransferanymore

At this point if the user paid his interest for a rental, transfer shoudn’t delete info at all and let third party markets to mark the item as rented using IERC4907.
It will then be on buyer to evaluate wheter or not the deal is convienent or not to him. Think it as a bare ownership more or less

Even tho I’m not sure if this discussion is over or not, i would like to contribute with my opinion. Nice work so far

Wait, whether it sounds not-fair? I am the owner of this NFT(Azuki), and I rental the ownership to “many” people.

nice nice feedback!!!

The status field of an EIP only describes the document itself and says nothing about the ecosystem or whether people are actually using the EIP. In short, Final here means: EIP-4907 will not change besides errata and text formatting.

The implementation of EIP-4907 is a reference implementation, you can do a different implementation.

We removed _beforeTokenTransfer in our newest implementation:

override _burn function

    function _burn(uint256 tokenId) internal virtual override {
        super._burn(tokenId);
        delete _users[tokenId];
        emit UpdateUser(tokenId, address(0), 0);
    }

So if we want to make Collateral free Rental marketplace then how this protocol help us.
According to description of erc 4907 it provides user roles not the ownership but how renter use this nft in games without ownership.
In short my question is how renter use these rented nfts in which games that are not supporting user roles ?.I think this protocol only support the owner roles but not the user roles?

If the games use ERC-4907 NFT, they should support the user roles.

How to rent already deployed ERC721? This standard does not cover this use case, does it?

@dadabit we are working on an standard that enables role management for immutable NFTs. It also supports an arbitrary number of roles. Check it out: EIP-7432: Non-Fungible Token Roles