-
Notifications
You must be signed in to change notification settings - Fork 5.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ERC-1400: Security Token Standard #1400
Comments
👍👍👍 This looks super awesome! I previously worked for a security token company, and am very, very happy to see this work being done 🎉 We also did some preliminary open work in this general space with ERC-902. I'm the primary author of ERC-1066 (Hello! 👋) As of Sept 1, we're throwing a ton of time and energy into the ESC project (growing an FOSS team, my time at 100% for at least the next several months, we're in the FOSS track at the Tachyon Accelerator, etc). Expect big things 😉 Application-Specific Codes
The Use Case AbstractionProtocols are essentially abstractions over common use cases. We're doing a bunch of R&D around filling in the currently empty ranges in appropriate, flexible, reusable ways. Security tokens will almost certainly be a widely used standard, and common patterns will inspire other work in the ecosystem (like ERC20 -> ERC721). We're gathering data from as many people as possible so that we can design the most useful code scheme. I'd love to hop on a call (phone or video), email thread, or even over at EthMagicians. We're going to be running regular community hangouts as well. Let me know what works for you! |
Awesome! I am also currently reviewing this EIP, looks good so far. |
Nice work! This is very thorough and addresses many of the most pressing issues concerning compliant securities tokens. One observation (and I doubt I am alone in this determination) is that this EIP comes with a great deal of complexity. Now, much of that is surely inherent to the problem space, but when it comes to ERC proposals in particular it's apparent that keeping it simple is of utmost importance, both for promoting widespread adoption and for encouraging secure best practices (and of course leaving the door open for extensibility). With that in mind, here are a few contrasting viewpoints:
Basically, a slimmed-down proposal containing the key sections of this EIP would be much easier to build widespread consensus around. The goal is to promote interoperability between a diverse ecosystem, not full compliance for every conceivable securities token in every potential jurisdiction. From there, incremental ERCs could continue to enhance the features (or bugs, according to many crypto-maximalists 🐛) available to protocols around securities tokens - and of course any particular securities token could always go beyond the initial requirements. Also, a small aside - unless I'm mistaken, the implementation is currently susceptible to integer overflow & underflow vulnerabilities. Awesome work and thank you all for putting this proposal together! |
Overall this is a great start. Companies are run by people who make mistakes, and need wiggle room. A big challenge for security tokens is the lack of flexibility on the blockchain. I think this EIP addresses this with the forced and restricted transfers. |
I think this is great stuff. I like the tranches. I am new to this discussion and I have no idea what the original use case was, but I can make an informed guess. They are the best way that I have seen to implement US Reg D/Reg S rules. Under the Reg S rule, I can sell US securities to a non-US buyer, and they can trade those securities, but they can't sell them back to a US buyer until one year has passed from the issue date. If the Reg S sale from a particular date is in one tranche, we can track and enforce this rule. Almost any other way to do it is more complicated, and wrong. So, tranches are actually a simplification in this case. Reg D lockups should also be handled by tranches for a particular issue date. The Reg D rules say that a US buyer of a private security should hold it as "restricted" for a year. This is almost always implemented with a lockup on the buyer, where the buyer can't sell the security until one year has passed. However, the lockup implementation is not accurate. A fund with more than $100M in assets under management (QIB or Qualified Institutional buyer) can buy the Reg D securities before the lockup has expired. They get this privilege from "rule 144a". The restriction on resale to anyone BUT a QIB continues for the remainder of the year - as measured by the properties of the security issue tranche, not the buyer. These rule 144a privileges are socially offensive, in giving special privileges to wealth, but they are likely to be quite important in the real world of US private market securities. In this use case, multiple tranches represent the SAME security. That's important. They are not like the tranches of an asset backed security that are designed to be different. They are the same security with different transfer rules. They all add into the same cap table percentages for voting and distributions. So, splitting them into different tokens screws up all the numbers. Some people are splitting one security into different tokens so they can track a Reg S issue. This is a bad solution and a lot more complicated to put back together into relative percentages than just implementing these tranches. The tranches are a simplification. You do want the ability to collapse two tranches into one. They represent the same security. For example, Reg D and Reg S tranches issued on different dates can often be collapsed when the US restrictions expire in a year. The tranches can themselves be simplified. If they all represent the same security, then I can't see why you would want different permissions and operators. That feature could be eliminated. It would make sense to go through and remove extra tranche operations and features. Security tokens need to be pausable (freeze transfers). Under any reasonable disclosure regime, if a company finds out some big news that will affect their traded securities, they should freeze transfers until they can make a public disclosure. If they don't they WILL get sued in the US. Lawyers file thousands of shareholder lawsuits every year alleging they bought securities without knowing some important thing that the company had not revealed yet. That's their standard "securities fraud" complaint about anything they don't like. A blockchain mechanism that allows issuers to "pause" or block transfers right on the token is a big step forward for securities that are traded in multiple venues and OTC. Maybe this doesn't need to be in this spec but it does need to be somewhere in the implementation. I think "pausable" is pretty common in the Zeppelin-derived ERC 20 implementations. So, I guess that shows it doesn't need to be in the standard. The standard needs to describe the functions that would be used by handlers like exchanges and wallets to deal with multiple types of securities. Maybe it doesn't need to describe features (like pause/freeze) that are only used by the issuer. Forced transfers are required for real security. If an issuer sells securities to grandma, and she dies and leaves no key, the issuer still needs to deliver the securities to her estate under most securities regimes. Issuers have to be able to print up a new stock certificate. Maybe it doesn't have to be in the standard, but it has to be in the implementation. This standard makes it easy to add multisig governance to that, which is how we handle it. However, forced transfer is also something that the issuer does (with multisig arbitrators), and not the exchanges and wallets that rely on a standard. |
Great information, @zingleton - thanks for laying out lots of concrete details related to US Reg D / Reg S. You make a strong case for utilizing tranches to enforce these regulations, but i’m not yet convinced that it should be a mandatory part of the global standard - what about all the jurisdictions that don’t require adhering to these regulations? Maybe a good place to start would be to specify a much simpler Then, these interface requirements can be utilized and expanded on by a wide variety of securities tokens (and other projects), including a securities token standard with all of the bells and whistles that a US-compliant securities token would need (and then optionally overloading the transfer check with a tranche argument as required would be a natural choice). Concerning forced transfers, “grandma loses her key” is a strong analogy as well - i’m just pointing out that this will be a contentious issue that may benefit from isolation from the rest of the proposal. |
I agree with @zingleton on this:
The standard is needed for interoperability between different entities, potentially all across the globe. Implementation specifics shouldn't be part of the standard. Now, the question is, are tranches needed in the standard to facilitate interoperability? (even if using a single |
I believe the tranches approach is actually better than having separate classes of tokens. Both are equally viable options, but there might significantly complex reclassification rules for a token to change tranches, and the properties of that transfer would be more difficult to evaluate from a (software) security standpoint than if the logic were handled internal to the contract. I also think this semi-fungible concept is very useful from other standpoints: one could imagine a reputation token that had different subcategories depending on how it was earned. Being able to subcategorize a token based on different properties a subset of holdings should have is very interesting. I think this should be separated into a different, dependent standard and developed separately to reduce the complexity of this proposal. Just picture a pie chart of your holdings, denominated by tranches. Very useful concept. I also think there should be a |
It might be possible to hide the tranches so that you would have an option to:
|
This was really cool to read through. Couple of questions:
|
I like the idea that the security standard provides some basic support for both public docs (as included) and private messaging. Messaging would go into a different type of standard with a more general mission. Basically, the messaging that is needed is a global queue where you can post encrypted messages for an Ethereum address, or content hash pointers to encrypted messages. They would be posted for a specific public key, from a specific address. For this to work, you would also need a database that matches an Ethereum address or similar blockchain address to a full public key. Probably you would accept a variety of addresses to go cross-chain. There must be implementations of this since it is such a common need. The security token standard would then only require a way to show the address of an issuer or other party that would send and receive messages. Voting would probably go into a different but similar queue. What you want is proxy assignment and proxy voting AKA "liquid democracy". That would not be part of the standard and it doesn't need to be decentralized. |
I think you answered your own question. Taxation cannot be directly written in the standard as it is specific to jurisdictions
Would be interested to know if an EIP exists for that! |
Great work! I like the tranche's extensibility. Even if the token has solely default tranche at first but it may be going to have another. On the other hand, I'd like to hear secondary markets' thoughts on this tranches-or-tokens discussion. |
Really high-quality thread here. We at Meridio have been refining our security token contract- an upgradeable security token issued per-asset with modular validation checks on TranchesThere's clearly a strong business case for closely resembling the nuances of security classifications via tranches, but also more complexity on validating transfers and interoperability (e.g. integrating with exchanges). The more I read through this thread (thanks @zingleton), I’m increasingly sold on the benefit of tranches. While tranches may not be necessary for classes of securities (e.g. common vs preferred equity, which I think would be better served by a separate token issuance), tranches work well for different filings for the same underlying security e.g. Reg D for U.S. investors and Reg S for foreign, when additional securities are offered for the same class, or for allocating pools of tokens within the larger issuance for daily trading limits. The fundamental concept of having a token be “partially fungible” within the same security issuance is important because that’s how they operate in exchanges today. Given their benefit but also the introduced complexity, I lean towards having one standard that would provide security tokens for individually issued common vs equity securities and one that would include tranches and could be used for Reg D/S securities. Both ERC-20 etc. compatible, of course. ###Additional data field on checkSecurityTokenSend()I’m with the other commenters that this is quite the mouthful, but otherwise, it’s great to see various security token projects (e.g. PolyMath, Harbor, Meridio) starting to converge on modular checks on Status CodesI appreciate the analogy given in ERC-1066 of Ethereum Status Codes resembling HTTP status codes. Our team at Meridio would definitely support more industry convergence on error codes (ERC-1066), application specific codes, and reason coding (defined here). Token MetadataRegarding an inheritable metadata interface, I’d support either this ( cc @corbinpage, @DavidConroy, @ashadakshi and the rest of the Meridio Team team for contributing. |
"Why not just split it off into a dedicated EIP for forceableSecurityToken or the like?" That's interesting; I've long been a begrudging fan of forced transfer (not ideal, but necessary for regulated tokens), so it always seemed like it had to be part of ERC1400. I'm trying to think if there's ever a use case where one wouldn't actually want forced transfer in a regulated token; if there aren't many times where it wouldn't be required, I'd assume we'd leave it in as part of 1400; otherwise, separate might make some sense. "Basically, a slimmed-down proposal containing the key sections of this EIP would be much easier to build widespread consensus around." True. It's a bit difficult to figure out how slimmed down to go versus not so that those dealing with ERC1400 have reassurance that it supports all the expected functionality of regulated security tokens. |
I think the partial-fungible token concept is a very clear example of how to reduce complexity. If you separate that, the security aspects of this proposal are easier to evaluate and in fact makes it possible for implementation via a PFT or multiple tokens, or even ERC20, if desired. I would argue this proposal is really 3 related proposals in one:
Each has their own use cases outside of securities and could benefit from coordinated conversation instead of pushing the security use case into one EIP, leaving the other use cases to implement their own standards without the extra stuff they don't need. |
First of all, thanks for all the comments. Happy to see all the conversation going on over this proposal. |
@pabloruiz55 There's merit in that, but if we split up into something like 3 EIPs that really need to work together, will we come into the scenario where many in the industry start saying something like, you must be ERC20 and ERC777 and ERC1400 and ERC-XXX and ERC-YYY for us to accept you? If that's the case, then wouldn't we essentially be better off just having it all covered in ERC1400? Taking forced transfer as an example, if essentially all security tokens (and I'm not sure that it is 100%) would require forced transfer, then wouldn't we want to include that in ERC1400 instead of breaking it apart into a separate optional EIP? |
@jllaw - splitting up this EIP wouldn’t fragment the ultimate canonical securities token EIP. Once the constituent EIPs are well-specified, the specification for ERC1400 compatibility becomes really straightforward: it just needs to state which EIPs it requires and how they intersect. From there, industry members can just require ERC1400 as shorthand for requiring all the EIPs it implements. However, splitting it up would make securities tokens more compatible with a broader ecosystem, particularly with permissioned tokens that don’t have all the requirements of a full-fledged security. There are many interesting applications for utilities tokens that require unique identities, like governance tokens with voting mechanisms that go beyond (Still like In the case of securities tokens with tranches, I think this should in the default case check that the transfer is ok from some tranche or combination thereof (a default tranche specified by the securities token would be a sane choice) without needing to specify the tranche. To expect every interfacer to know details about all the tranches of all the various securities tokens seems unrealistic. Then, an extension to this method like |
Good to have this discussion started! Security tokens definitely will extend current token ecosystem and some standardization is very needed. With this particular RFC I have a problem that it packs every required functionality in the token itself. If we are designing a protocol we should decide first what should go to the app layer and should not be mandatory part of standard. Over-defined protocol will be extremely limiting in the future. Example: different stock classes are listed separately and have different market value on secondary markets because they give different rights to their holders. They are not fungible and naturally they represent separate tokens. Now I get that there could be a need to define something like token container that groups tokens form the same issuer that are connected via definable set of rules (like how to convert one token into another) but it's not a part of a token. it is rather part of token controller which represents issuer (for example a limited company with typical governance). Every issuer can deal with it as they wish. Some want one stock class and single token. Some will issue many tokens of different classes. Some may use this tranche proposal. Now we can have a standard token container for this things. However if it is implemented inside with separate tokens or with tranches should be irrelevant. By mandating it to be part of the token we are limiting future developers of apps based on security token standard to particular implementation, while I for example do not even see tranches as essential part of security token ecosystem. Now what I think we should have as security token is something that is building and extending existing token ecosystem: is lean, simple, ERC-20 compatible, leaves as much as possible in the app layer and is useful beyond security token domain. This is my take on what we should do
Now the thing I like about current standard is to have I summarized all of this with some code samples here, you can read this is you have a few minutes: https://blog.neufund.org/good-protocols-how-to-properly-standardize-security-tokens-95ff83c81c4a |
This discussion has momentum and it is pulling together separate groups to work on a standard. I want to learn more from the people on this thread. Should we schedule some meetups? I have heard that this proposal started with a small meeting that Polymath organized in Barbados. Now we have more participants that are interested in contributing. We can meet up at Ethereum or security token events. Maybe we can start with a meetup in New York around October 5, when some people will go to the "Security Token Academy" event. Maybe we can suggest similar meetups in Europe and Asia. |
Can it be virtual? We are working on mobile security tokens based out of Nairobi with mobile money. Happy to lead a session for the community too.
Marvin Coleby
Founder
Raise
m: 514 430 1973
w: raiseimpact.io
…On Sep 14, 2018, 3:53 PM +0300, zingleton ***@***.***>, wrote:
This discussion has momentum and it is pulling together separate groups to work on a standard. I want to learn more from the people on this thread. Should we schedule some meetups? I have heard that this proposal started with a small meeting that Polymath organized in Barbados. Now we have more participants that are interested in contributing. We can meet up at Ethereum or security token events. Maybe we can start with a meetup in New York around October 5, when some people will go to the "Security Token Academy" event. Maybe we can suggest similar meetups in Europe and Asia.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.
|
Thank you all for the great response! It is thrilling to see hear from so many voices in the space and clear that many are thinking about these issues. My job is to involve a diverse set of opinions from across the ecosystem and shepherd the conversation towards some sort of consensus. We have scheduled a community call for Monday, Sept 17th with @bmann from ETHMagicians and @expede from ERC-1066 to have a public discussion. To participate in the call, please sign up here. |
Thanks for all the great conversation and analysis - we are discussing all the points internally and will come back with responses and follow-ups. Following some discussion here and on the Ethereum Magicians forum we are going to split this into two EIPs initially, and then possibly consider splitting out the force transfer function and other parts at a later date. Whilst we think the partially fungible token standard can definitely stand alone as a useful standard, with use-cases outside of securities, @thegostep and others raised great points around whether further granularity would help or hinder adoption which is something we want to carefully consider. EIP 1410: Partially Fungible Token Standard #1410 Comments copied over to the new issue for reference, and we'll close this issue shortly to make sure the conversation remains in a consistent place going forward. |
@zingleton I'm helping to organize that Oct 5 Security Token Academy event. If there's sufficient interest, I could speak with the organizer to have a breakout session to discuss after hours.
|
Let's try to invite as many people as we can to the call. I've sent emails to contacts at Harbor, Securities, SEC, Quoine, and Singapore Stock Exchange already and will be doing more invites as well as posting to social media. Urge you all to do the same.
|
@jllaw let's see if we can find a time for a lunch, breakout session, or beer in New York on Oct 4 or 5. |
@thegostep how come this is reopened? Didn't it migrate to #1411 and #1410? |
Ah man, I have to monitor both and make largely the same comments on both now. Hopefully the two standards converge at some point again as they are both community standards after all. |
@jllaw Folks at Meridio are in! @corbinpage |
@pakaplace @corbinpage can you comment on #1411? This issue has been closed and continued as #1411 (plus #1410). |
New York Security Token Exchange is supporting the ERC 1400 and would like to foster the rapid adoption of a unified standard for Security Tokens. In that regard, the NYSTX can contruibute a working space for the discussions @ www.securitytoken.foundation To contact NYSTX on Github - just use @securitytoken |
Discussion moved to:
EIP 1400 [#1411] Security Token Standard
EIP 1410 [#1410] Partially Fungible Token Standard
The text was updated successfully, but these errors were encountered: