Documentation · Permanence, made verifiable

The art cannot die.

Every artwork on Perpetual is provably permanent, and that permanence does not depend on Perpetual. A mandatory onchain proof anchors each token to Ethereum. Anyone can reproduce the verification, and the entire index can be rebuilt from public data alone. This page explains, precisely, how.

100% permanence integrity100% onchain-proof coverage

We claim exactly one thing, and we claim it precisely: the artwork survives. The orderbook and index are run conventionally, centralized for speed, and their failure can never touch your art or your ownership. We do not claim a decentralization we have not built.

The problem

Most NFT art is one missed invoice from gone.

The token lives on Ethereum forever. The file it points to usually does not. When a pin lapses or a server goes dark, the chain still records your ownership of something that no longer resolves to anything.

Pin lapses

An IPFS pin stops being paid for.

The CID is valid; no node serves it. The image is gone.

Server offline

The hosting domain in the tokenURI expires.

The metadata 404s. The token points to nothing.

Operator vanishes

The marketplace that pinned the media shuts down.

Everything they hosted disappears with them.

Most NFTs are a pointer to a file held somewhere fragile. The token is permanent; the art it references is not. When the pin lapses or the server dies, the chain still says you own it, but there is nothing left to see.

Perpetual inverts the dependency. The artwork itself is written into Ethereum as a mandatory onchain proof shard. The other backends add resolution and redundancy. None of them is what keeps the art alive, so none of them can take it down.

tokenURI → fragile host · Perpetual → onchain content

The storage model

Four immutable copies. One mandatory backstop.

Each token carries parallel, immutable versions of its artwork across independent storage backends. Three add resolution and redundancy. Shard 0, the onchain proof, is the permanence guarantor, and it is the only one permanence actually requires.

Shard 3 Irys

datachain

Shard 2 Arweave

permaweb

Shard 1 IPFS

content-addressed

Shard 0 Onchain

Permanent backstop

Survives as long as Ethereum

Four parallel immutable copies, layered in depth. One mandatory backstop.

Shard 0

Onchain proofethfs

Permanence guarantor

Shard 1

IPFScontent-addressed

Shard 2

Arweavepermaweb

Shard 3

Irysdatachain

Four parallel immutable copies · one mandatory backstop

Shard 0Onchain proofMandatory

A full copy of the artwork written into Ethereum itself.

shard0Configured(tokenId) · mandatory · survives as long as Ethereum

Shard 1IPFSRedundant

High-resolution media, addressed by the hash of its own content.

CID = hash(content) · auto-pinned · performance, not permanence

Shard 2ArweaveRedundant

Pay-once permanent storage on an independent network.

confirmed permanent · endowment-funded · independent of Perpetual

Shard 3IrysRedundant

A second permanent network, for redundant independence.

confirmed · separate operator · separate failure domain

Shard 0 is the guaranteeWhy this holds

Because the onchain proof shard carries the guarantee on its own, our ongoing IPFS and CDN costs are performance optimizations, not permanence obligations. If Perpetual stops paying for pinning, permanence is unaffected. This is the point most architectures miss: permanence is decoupled from operator solvency. The art does not depend on us staying in business.

The verification service

Do not trust us. Reproduce it.

A read-only service continuously resolves every shard, hashes the content it gets back, and compares that hash against the record written onchain at mint. It reads only public data, so anyone can run the exact same checks and arrive at the exact same result. Verifiability, not our word.

Resolve

Fetch the bytes from every shard.

GET onchain · ipfs · arweave · irys

Hash

Hash the content that came back.

keccak256(content) → 0x…

Compare

Check it against the onchain record.

getMintData(tokenId).metadataHash

Status

Report a verifiable result.

match → permanence integrity 100%

read-only · independently reproducible · no proprietary inputs

The architectural invariant

“Perpetual can disappear entirely and every NFT remains fully intact: owned by the correct wallet, resolving to its artwork via the onchain proof shard, with complete provenance. A third party can re-index the contracts and stand up a replacement marketplace with zero cooperation from us.”

This is not a feature of Perpetual. It is the property Perpetual exists to preserve. Every decision on this page is tested against the sentence above. If a choice could break it, the choice does not ship.

Ownership

stays onchain, always correct

Artwork

resolves via Shard 0, forever

Provenance

complete, public, rebuildable

The published indexer spec

The index is public infrastructure, not a moat.

The indexer reads only public onchain and storage data, and its schema is published in full. Anyone can run their own against the same sources. That openness is precisely what makes the invariant enforceable rather than merely promised.

schema.v1 · published

Public data onlyRe-indexable

# perpetual-indexer / schema.v1
# Reads ONLY public onchain + public storage data.
# No proprietary inputs. Anyone may run this to reconstruct the index.

source contracts {
  forever_library  native   # marketplace-deployed instances
  forever_library  sovereign # artist-owned instances (federated)
  settlement       seaport  # order fills, cancellations
}

record mint {
  contract       address
  token_id       uint256
  creator        address
  block_number   uint64
  timestamp      uint64       # block time
  title          string
  media_type     enum
  royalty_bps    uint16
  metadata_hash  bytes32      # from getMintData(tokenId)
}

record shard_status {
  token_id       uint256
  index          uint8        # 0 = onchain proof (mandatory)
  backend        enum         # onchain | ipfs | arweave | irys | cdn
  resolves       bool
  hash_matches   bool         # hash(content) == mint.metadata_hash
  locked         bool         # isLocked(tokenId)
  last_checked   timestamp
}

record settlement {
  order_hash     bytes32
  token_id       uint256
  from           address
  to             address
  price_wei      uint256
  royalty_paid   uint256      # enforced at settlement (ERC-2981)
  block_number   uint64
}

derive {
  ownership         <- transfers ∪ settlements   # current holder
  provenance        <- mint ∪ transfers ∪ sales  # full history
  permanence_status <- shard_status              # per-token integrity
}

Because every input is public, a third party can stand up an identical index with zero cooperation from Perpetual. An open schema is what turns the invariant from a promise into something you can verify for yourself.

Enforced royalties

Enforced at settlement. Not optional.

Royalties are checked at the protocol level, via ERC-2981, against the token's onchain configuration. A sale that does not honor the artist's royalty is rejected by the settlement contract itself. There is no marketplace toggle that turns this off.

Protocol-level guarantee

Not a UI suggestion, not an honor system. The contract enforces it on every fill.

LookuproyaltyInfo()

StandardERC-2981

dishonored royalty → settlement rejected

100%

Permanence integrity

100%

Onchain-proof coverage

268

Verified shards

Works archived

The art survives, even if Perpetual does not.

Browse work engineered to outlast its marketplace, or mint your own onto a record that cannot be revoked.

Explore the collection Mint permanent art