Token Staking with NFT Rewards Development
Staking with NFT rewards is hybrid of two mechanics: liquidity lock (user locks tokens, gets yield) and NFT distribution as additional incentive. Simple implementation "stake X tokens, get NFT" works but quickly loses appeal. Interesting mechanics built on dynamic NFTs that evolve with staking.
Basic Staking Contract Architecture
Staking contract implements three things: lock tokens, calculate accumulated rewards, mint/upgrade NFT by milestones.
contract TokenStakingWithNFT {
IERC20 public immutable stakingToken;
IRewardNFT public immutable rewardNFT;
struct StakeInfo {
uint256 amount;
uint256 stakedAt;
uint256 rewardDebt; // for correct reward calculation
uint256 nftTokenId; // 0 if NFT not yet issued
uint8 nftTier; // current NFT tier (0–4)
}
mapping(address => StakeInfo) public stakes;
uint256 public accRewardPerShare; // accumulated reward per share (scaled 1e12)
uint256 public lastRewardBlock;
uint256 public rewardPerBlock;
uint256 public totalStaked;
// Milestones for NFT upgrade (in staking days)
uint256[] public nftTierThresholds = [7, 30, 90, 180, 365];
function stake(uint256 amount) external nonReentrant {
_updatePool();
StakeInfo storage info = stakes[msg.sender];
// Pay pending rewards before stake change
if (info.amount > 0) {
uint256 pending = info.amount * accRewardPerShare / 1e12 - info.rewardDebt;
if (pending > 0) _distributeReward(msg.sender, pending);
}
stakingToken.safeTransferFrom(msg.sender, address(this), amount);
info.amount += amount;
if (info.stakedAt == 0) {
info.stakedAt = block.timestamp;
// Mint initial NFT (Tier 0) on first stake
info.nftTokenId = rewardNFT.mint(msg.sender, 0);
}
totalStaked += amount;
info.rewardDebt = info.amount * accRewardPerShare / 1e12;
emit Staked(msg.sender, amount);
}
function checkAndUpgradeNFT() external {
StakeInfo storage info = stakes[msg.sender];
require(info.amount > 0, "Not staking");
uint256 stakingDays = (block.timestamp - info.stakedAt) / 1 days;
uint8 newTier = _calculateTier(stakingDays);
if (newTier > info.nftTier) {
info.nftTier = newTier;
rewardNFT.upgrade(info.nftTokenId, newTier);
emit NFTUpgraded(msg.sender, info.nftTokenId, newTier);
}
}
function _calculateTier(uint256 days_) internal view returns (uint8) {
for (uint8 i = uint8(nftTierThresholds.length); i > 0; i--) {
if (days_ >= nftTierThresholds[i - 1]) return i;
}
return 0;
}
}
Dynamic NFT via On-Chain Metadata
ERC-721 with dynamic tokenURI — NFT changes image and attributes on upgrade. Two approaches: off-chain metadata on IPFS (fast, but needs update on upgrade) and fully on-chain SVG (more gas, but fully decentralized).
contract RewardNFT is ERC721, Ownable {
mapping(uint256 => uint8) public tokenTier;
mapping(uint8 => string) public tierImageURI; // IPFS CID for each tier
address public stakingContract;
function mint(address to, uint8 initialTier) external returns (uint256) {
require(msg.sender == stakingContract, "Only staking contract");
uint256 tokenId = ++_tokenCounter;
_safeMint(to, tokenId);
tokenTier[tokenId] = initialTier;
return tokenId;
}
function upgrade(uint256 tokenId, uint8 newTier) external {
require(msg.sender == stakingContract, "Only staking contract");
require(newTier > tokenTier[tokenId], "Cannot downgrade");
tokenTier[tokenId] = newTier;
emit TierUpgraded(tokenId, newTier);
}
function tokenURI(uint256 tokenId) public view override returns (string memory) {
require(_exists(tokenId), "Token does not exist");
uint8 tier = tokenTier[tokenId];
string memory imageURI = tierImageURI[tier];
// Generate metadata on-the-fly
return string(abi.encodePacked(
'data:application/json;base64,',
Base64.encode(bytes(abi.encodePacked(
'{"name":"Staker NFT Tier ', Strings.toString(tier), '",',
'"description":"Reward NFT for loyal stakers",',
'"image":"', imageURI, '",',
'"attributes":[{"trait_type":"Tier","value":', Strings.toString(tier), '},',
'{"trait_type":"Tier Name","value":"', _tierName(tier), '"}]}'
)))
));
}
function _tierName(uint8 tier) internal pure returns (string memory) {
if (tier == 0) return "Bronze";
if (tier == 1) return "Silver";
if (tier == 2) return "Gold";
if (tier == 3) return "Platinum";
return "Diamond";
}
}
Important nuance: soulbound or transferable
If NFT is transferable — problem arises: someone can buy Diamond tier NFT on secondary market without staking. If NFT should reflect staking, needs soulbound (ERC-5192) or address binding in staking contract.
// ERC-5192: minimal soulbound interface
function locked(uint256 tokenId) external view returns (bool) {
return true; // all tokens locked
}
function _beforeTokenTransfer(address from, address to, uint256 tokenId, uint256 batchSize)
internal override {
// Allow only mint (from == address(0)) and burn (to == address(0))
require(from == address(0) || to == address(0), "Soulbound: non-transferable");
super._beforeTokenTransfer(from, to, tokenId, batchSize);
}
Reward Mechanics: Tokens vs NFT Boost
NFT tier can provide not just visual upgrade, but boost to reward rate:
| Tier | Days Staking | Base Boost | Extra Privileges |
|---|---|---|---|
| Bronze (0) | 7+ | +0% | Basic NFT |
| Silver (1) | 30+ | +10% | Private Discord access |
| Gold (2) | 90+ | +25% | Next NFT drop whitelist |
| Platinum (3) | 180+ | +50% | Governance multiplier x2 |
| Diamond (4) | 365+ | +100% | Physical merch, IRL access |
function _getUserMultiplier(address user) internal view returns (uint256) {
uint8 tier = rewardNFT.tokenTier(stakes[user].nftTokenId);
// basis points: 10000 = 1x, 20000 = 2x
uint256[5] memory multipliers = [uint256(10000), 11000, 12500, 15000, 20000];
return multipliers[tier];
}
function pendingReward(address user) public view returns (uint256) {
StakeInfo storage info = stakes[user];
uint256 acc = accRewardPerShare;
if (block.number > lastRewardBlock && totalStaked > 0) {
uint256 blocks = block.number - lastRewardBlock;
acc += blocks * rewardPerBlock * 1e12 / totalStaked;
}
uint256 baseReward = info.amount * acc / 1e12 - info.rewardDebt;
uint256 multiplier = _getUserMultiplier(user);
return baseReward * multiplier / 10000;
}
Early Unstake Penalty and Lock Periods
Penalty mechanics incentivize long-term staking and protect against dump after NFT acquisition:
uint256 public constant MIN_LOCK_PERIOD = 7 days;
uint256 public constant PENALTY_RATE = 1000; // 10% in basis points
function unstake(uint256 amount) external nonReentrant {
StakeInfo storage info = stakes[msg.sender];
require(info.amount >= amount, "Insufficient stake");
_updatePool();
uint256 pending = info.amount * accRewardPerShare / 1e12 - info.rewardDebt;
if (pending > 0) _distributeReward(msg.sender, pending);
uint256 actualAmount = amount;
// Penalty on early exit
if (block.timestamp < info.stakedAt + MIN_LOCK_PERIOD) {
uint256 penalty = amount * PENALTY_RATE / 10000;
actualAmount = amount - penalty;
stakingToken.safeTransfer(penaltyCollector, penalty);
}
info.amount -= amount;
totalStaked -= amount;
stakingToken.safeTransfer(msg.sender, actualAmount);
// If fully exited — lock or burn NFT
if (info.amount == 0) {
rewardNFT.lockOnUnstake(info.nftTokenId);
}
info.rewardDebt = info.amount * accRewardPerShare / 1e12;
}
Security
Two main attack vectors on staking:
Reentrancy: all state-changing functions making external calls must have nonReentrant. Especially stake, unstake, claim.
Overflow in reward calculation: accumulated accRewardPerShare can overflow uint256 with large block count or large rewardPerBlock. Check scaling. MasterChef V2 from SushiSwap — good reference implementation.
Contract mandatory for audit before launch — staking holds user funds permanently and is priority attack target.