Souls and binding: SBT design guide.

August 10, 2022 (2y ago)

SBTs are eternal extensions of a blockchain address. They require special design.

Soulbinding

Disclaimer.

kycDAO wrote the NEAR Non-Transferable NFT standard (draft). We are involved in the CASA (Chain Agnostic Standard Alliance) Account-bound NFT work. We actively participate in the DAOstar One Identity Working Group. And we are building services using a particular SBT implementation that gave us the experience to experiment and consider a wide variation of non-transferable NFTs.

What are SBTs?

Soulbound tokens are the new phenomena the crypto ecosystem is raving about.

Soulbound tokens are essentially non-transferable assets, often a Non-Transferable NFT. NTNFTs or account bound NFTs have been discussed since 2017 but only gained major audience early in 2022 when Vitalik first posted about them on his blog [Soulbound 22/1/26](Soulbound tokens are essentially non-transferable assets, often a Non-Transferable NFT. NTNFTs or account bound NFTs have been discussed since 2017 but only gained major audience early in 2022 when Vitalik first posted about them on his blog [Soulbound 22/1/26](Soulbound tokens are essentially non-transferable assets, often a Non-Transferable NFT. NTNFTs or account bound NFTs have been discussed since 2017 but only gained major audience early in 2022 when Vitalik first posted about them on his blog - Soulbound 22/1/26.

NFTs gained cultural recognition in 2021 with an unprecedented growth seemingly coming from nowhere. The JPG attached blockchain assets created an entirely new subgenre of opportunities, attracting a brand new crowd of crypto enthusiasts. By now, most internet users have come across the term NFT, or Non-Fungible Token, due to the media’s ability to not only write about a technologically complex topic but able to include visual clues.

SBTs are essentially a twist on the already established NFT standard, with one major difference. These assets are non-transferable. They do not offer the secondary market opportunities NFT marketplaces are infamous for. This inability to transfer these tokens brings a wide variety of use-cases, previously not possible using “plain” transferable tokens.

SBTs address the question of “reputation”. The concept of on-chain reputation has been a broadly debated topic as it generates new avenues for interactions. However, only a small subset of on-chain reputation is related to a blockchain address [e.g. number and volume of previous transactions, repaid loans, governance votes]. Many other aspects of a wallet [value of assets, the participation or roles in DAOs or multisigs, or the NFT collections it controls] are temporary from a blockchain perspective.

The Chamber of Secrets, or how to SBT?

There is no single type of SBT, and there should not be one!

The term Soulbound Token gained too much attention with too few technical implementations. The community is scrambling to gain attention by adopting and deploying SBT-like contracts for a variety of use cases. CT [Crypto Twitter] is buzzing with thread after thread discussing the depth, possibilities, dangers, and even the meaning of “soul”.

Considerations to make before going down the SBT route:

  • Consent Every SBT must be consented to by the recipient. This is the most controversial question the community will have to deal with. It is easy to imagine the misuse of an NTNFT. Just like decentralization, it is not in control of one single entity, the community, as a whole, design against misuse through easy-to-use standards with reference implementations, implementer and user education, governance considerations, and potential punishment where possible.

  • Does it have to be on-chain? No Personally Identifiable Information (PII) should be stored on-chain, regardless of the technology used to “hide” it. [more on PII in the privacy section below] We believe that it depends on the use case and use-case considerations. However, before committing to a technology everyone must put the user first. It is simple to deploy a participant credentialing contract or capture off-chain status, however, without considerations for the entire life-cycle of the credential, no credentials should be issued on a chain.

  • Does it have to be non-transferable? Just because something is hot, it does not have to be everywhere. After a number of crypto cycles, it is clear that the ecosystem gets ecstatic about new ideas that must go through a boom and bust cycle before finding a proper use. Non-transferability changes this process unless designed correctly.

  • What is in the metadata? NFTs are not just a JPG or SVG stored on the blockchain. Just like NFTs, SBTs can have a wide variety of functions they are able to execute, enforce or represent depending on the deployment.

    • Is it human or only software readable? The question of readability is important from a privacy perspective. Anything that humans can read, will be aggregated. Software readable soulbound credentials have the implicit benefit of introducing a layer of privacy by requiring a “schema” that can be kept private. Public credentials do not have to publicly disclose their content or intended use.
    • Deciphering metadata requires privileged access? Keeping the schema permissioned, meaning, only made available for selected participants that meet certain criteria, introduces an important layer of privacy, but requires mechanisms for interoperability.
    • Does it have an active/passive status? A non-transferable token that has no mechanism to leave the address it was minted on might require a status indicator that can be either controlled by the user or by the smart contract owner.

  • Can it be burned? On-chain, everything is transparent and eternal. Introducing a burn function ( most commonly a transfer to a 0 address) is one way to remove a soulbond credential from the receiving address. After burning a token, it will only indirectly correlate to an address. Burn functionality can be enabled/performed by the address owner, the smart contract owner, or both.

  • Is it governed? Soulbounding does not have to mean it is permanently fixed. Considering governance for the entire issuing contract or a subset of functions can enable gradual experimentation without perpetually committing to a format.

  • Can it be updated? Certain use cases will require updates.

  • Can it be revoked? Revoking the credential is similar in function to a burn. However, in the case of limited SBTs, reissuing a previously revoked credential could require unique conditions

  • Can it freeze/unfreeze? Some projects could consider governing a dormant transfer function. Early adoption could offer opportunities while disabling secondary market applications.

  • Can it be extended? Just like updates, extensions can be a powerful way to provide new, or enhanced functionality to an already existing token.

  • Does it have functions controlled by different keys? Not all functions must be controlled by a single governance mechanism, certain parameters can have their own controllers.

  • Can it be reminted? In the case of losing access to a wallet, the ability to remint a credential to a new wallet could be considered. It requires some mechanisms to verify that the previous and current wallet holders are matching. Puja Ohlhaver; E. Glen Weyl and Vitalik Buterin’s #DeSoc paper [link] suggested high bandwidth social measures and other solutions.

  • Privacy from a personal perspective. Most people are not aware of the importance of privacy. Implementers of soulbound tokens must consider privacy a priority when deploying new contracts. The loss of privacy with publicly consumable credentials should not be the only choice. The user should be able to decide whether they want to publicly disclose their credentials (e.g. by minting) and be able to decline, or use an alternative solution even if it means loss of functionality.

  • Privacy from a regulatory perspective. Regulators (GDPR, CCPA, and similar privacy rules) consider any publicly attestable information PII. The hash of PII is also considered PII. [the reason, is that today we might not be able to de-hash information, but with future technology, eternally available data can be reversed]. You can read more about PII hashing in our summary on the DAO Star One identity working group’s PII work.

  • Does it have to follow a standard? Ideally yes. Some NTNFTs might be unique to the issuer, others will aim for interoperability requiring standardization. Furthermore, strongly signalling web3 projects that a token is non-transferable is key for consumption/display.

  • Dangers of SBTs. No one entity controls what SBTs will contain and who issues them. The community will be responsible to make sure that they are able to meet their expected use. They can cause harm in the short term issued by malicious actors or wrongful implementations. They can cause harm in the long term. While the concept of starting a new identity in web3 is appealing, if a sufficient amount of [public] credentials are issued to a wallet, the same user with a new wallet will quickly get affiliated with the previous wallet. Public data aggregation is happening and will be happening. There is no “what if we build for the good” scenario, the community must expect the worst as not everyone is here to WAGMI. This must be represented in technical and ethical considerations.

Less is more.

We will get there; many of the technologies providing privacy and security are still in their infancy; a granular approach is advised.

*the historic presence of a blockchain asset is always eternal.