ERC-404 tokens continue to gain popularity, however, crypto developers have pointed out security risks with the experimental standard yet to undergo an audit. The standard represents a hybrid implementation of ERC-20/ERC-721, where upon coin purchase in a wallet, an NFT is automatically generated, allowing ownership of fractional parts of a so-called "fractional" non-fungible token.

Developer and Solidity auditor Quit conducted an analysis of the ERC-404 code and noticed many commonalities with foundational standards, with changes in the transaction confirmation mechanism. If the sent amount is within the "minted token range," assets are moved in ERC-721 format; if above or zero, then ERC-20. Quit also noted the "very expensive maintenance" of the ERC721Enumerable-simulating function, responsible for displaying a list of all tokens owned by an account.

Quit highlighted an exploit threat, indicating that ERC-404 NFTs are vulnerable to theft from holders of ERC-404 fungible tokens. This is feasible if the NFT was deposited in a lending protocol incorrectly configured for the new standard. ERC-404 has not yet been approved by the Ethereum Foundation and the community, and the official EIP page is currently unavailable, while the code has not undergone audits.