ERC-4907 The standard for NFT rentals and ownership separation

Non-fungible tokens have moved beyond collectibles into assets with real utility in games, metaverse land, memberships, and media. As utility grows, so does the need to separate who owns an NFT from who can use it at a given time. ERC‑4907 introduces a simple, on-chain way to do exactly that: a standardized user role with a built‑in expiration, enabling trustless NFT rentals and clean ownership separation without wrapping or custodial workarounds. The proposal is Final on the Ethereum EIP process and widely referenced by builders and marketplaces. See the specification for details in the official EIP document at the Ethereum website: ERC‑4907.

Why ownership separation matters

Traditional ERC‑721 NFTs grant full rights to the owner address. That is insufficient when:

• A player wants to temporarily use a rare in‑game item without buying it.
• A brand wants to grant time‑bound access to benefits on top of ownership.
• A metaverse landlord wants to rent land securely to tenants.
• A creator wants to keep long‑term provenance while letting someone else consume the utility short‑term.

Historically, projects solved this with custodial marketplaces, wrapped tokens, or bespoke contracts, all of which introduced friction and security risk. ERC‑4907 makes rentals and delegated utility a first‑class feature of ERC‑721.

What ERC‑4907 adds to ERC‑721

ERC‑4907 extends ERC‑721 with two core concepts:

• user: an address that can use the NFT’s utility without owning it.
• expires: a Unix timestamp after which the user rights automatically end.

Implementations expose functions and an event so rental state is trackable and composable:

• A function to set the user and expiration.
• A function to query the current user and remaining time.
• An event to emit changes so indexers and marketplaces can react.

Importantly, it is designed to be minimal and compatible with existing standards. Developers can combine it with royalties via ERC‑2981 and core ownership via ERC‑721. For the full spec and interface, refer to the EIP: ERC‑4907.

Note: when an NFT transfers, typical implementations clear the user and expiration to avoid unintended carry‑over, as recommended by community reference implementations. A widely used reference is maintained by Double Protocol: ERC‑4907 docs and implementation and their open source repository: Double Protocol ERC‑4907 GitHub.

How it enables NFT rentals

With ERC‑4907, an owner can rent out an NFT trustlessly:

• Owner sets the user address and an expiration.
• The network enforces that the user role ends automatically at the expiration.
• DApps gate utility by checking the current user and expiry, not just owner.

No wrapping or custody is needed, and the rights are transparent on-chain for marketplaces and indexers. This model reduces attack surface compared to bespoke delegation schemes and supports secondary markets where utility can be priced separately from ownership.

For projects using semi‑fungible assets (game items, tickets), a parallel standard provides similar semantics for ERC‑1155: ERC‑5006.

Key use cases in 2025

• Web3 games: Players rent rare items or characters for tournaments without long‑term commitment. Studios can build subscription‑like experiences natively on-chain. See the broader NFT utility overview on Ethereum: NFTs on ethereum.org.
• Metaverse land: Landlords set time‑bound user rights for builders or advertisers, reducing friction and disputes with clear expiration logic.
• Membership passes: Brands can separate provenance from access. Rentals enable short campaigns or trials while the original owner retains the collectible asset.
• Media and IP: Time‑bound viewing, licensing, or usage of digital works is enforced by expiration, improving compliance and monetization without custodial platforms.

Educational background on NFT finance and utility can be found at Chainlink’s hub: NFT finance and utility.

Implementation notes for builders

• Interface support: Implement supportsInterface for ERC‑4907 and emit the specified event when user state changes, so indexers can track rentals reliably. See: ERC‑4907 spec.
• Transfer behavior: Clear user and expiry on transfer to avoid orphaned rights; this is the expected pattern in reference implementations.
• Gating logic: DApps should check both user and owner depending on action. For example, gameplay functions can require the caller to be the current user; admin actions should remain owner‑only.
• Royalties and fees: Combine with ERC‑2981 for creator royalties, and design rental fee flows as separate, transparent on‑chain transactions.
• Indexing and analytics: Listen to the ERC‑4907 update event to power rental listings and expiration monitors in marketplaces.
• ERC‑1155 analogs: If your assets are fungible or semi‑fungible, evaluate ERC‑5006 for user role support in batchable tokens.

Security considerations

• Time handling: Use block.timestamp carefully; avoid arithmetic overflow and ensure zero or past timestamps immediately invalidate user rights, per the spec.
• Reentrancy and approvals: Treat set user operations like transfers in terms of event ordering and checks. Use reentrancy guards around state changes that trigger external calls.
• Front‑running: If rentals are created in public pending mempool, consider commit‑reveal or off‑chain signing with protected relays for price‑sensitive operations.
• Owner vs. user conflicts: Explicitly define which methods the user can call. Keep state transitions simple and deterministic.
• Marketplace compatibility: Clear user on transfer and emit the update event to maintain consistent behavior across secondary markets.
• L2 specifics: Be mindful of timestamp semantics and bridge messages when renting on Layer 2s; use canonical time sources and audit bridging logic.

For a concrete model and tests, refer to open implementations: Double Protocol ERC‑4907 GitHub.

For users: how to rent safely

• Verify the NFT contract supports ERC‑4907 via its interface support and view methods. Confirm that user and expiration are visible on-chain.
• Use reputable marketplaces with transparent on-chain listings and events, and confirm the expiration matches your agreement.
• Keep control of private keys and interact directly with contracts when possible; avoid custodial wrapping unless you trust the counterparty and code.

A general primer on NFTs and best practices is available at: NFTs on ethereum.org.

Market outlook

As of 2025, on‑chain rentals are gaining traction in gaming and metaverse projects, while standards like ERC‑4907 and ERC‑5006 give builders interoperable building blocks. Aligning rentals with existing royalty and marketplace flows reduces fragmentation and enables composable utility markets where ownership and usage can be priced independently. Developers benefit from a small, audit‑friendly surface area, and users get transparent rights with automatic expiration.

When to recommend a hardware wallet

If you own high‑value NFTs and plan to rent them out, controlling the owner key securely is critical. ERC‑4907 lets you delegate utility without transferring ownership, but the owner address is still the ultimate authority. A hardware wallet helps ensure that rental operations, approvals, and transfers are signed in a secure environment.

OneKey is an open‑source, multi‑chain hardware wallet that keeps your private keys offline while remaining compatible with EVM networks and popular NFT dApps. For NFT landlords and creators using ERC‑4907, OneKey provides a secure signing path for rental agreements and ownership transfers, reducing the risk of compromised keys during on‑chain interactions.