Creates EIP-5114: Soulbound Token #5114
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,75 @@ | ||
| --- | ||
| eip: 5114 | ||
| title: Soulbound Token | ||
| description: A token that is attached to a "soul" at mint time and cannot be transferred after that. | ||
| author: Micah Zoltu (@MicahZoltu) | ||
| discussions-to: https://ethereum-magicians.org/t/eip-5114-soulbound-token/9417 | ||
| status: Draft | ||
| type: Standards Track | ||
| category: ERC | ||
| created: 2022-05-30 | ||
| requires: 721 | ||
| --- | ||
|
|
||
| ## Abstract | ||
| A soulbound token is a token that is bound to another Non-Fungible Token (NFT; e.g., a EIP-721 token) when it is minted, and cannot be transferred/moved after that. | ||
|
|
||
|
There was a problem hiding this comment. I'm not sure why this EIP needs to exist. Are there many use cases for nontransferable tokens? Why should implementers prefer this EIP over, say, EIP-4973? Seems like this EIP needs a Motivation section ;) There was a problem hiding this comment. I see what you did there. I may consider adding a motivation after this has merged as a draft, but as it isn't required I would like to move forward without it for now. |
||
| ## Specification | ||
| ```solidity | ||
| interface IERC5114 { | ||
| // fired anytime a new instance of this token is minted | ||
| // this event **MUST NOT** be fired twice for the same `tokenId` | ||
| event Mint(uint256 indexed tokenId, address indexed nftAddress, uint256 indexed nftTokenId); | ||
|
|
||
| // returns the NFT token that owns this token. | ||
| // this function **MUST** throw if the token hasn't been minted yet | ||
| // this function **MUST** always return the same result every time it is called after it has been minted | ||
| // this function **MUST** return the same value as found in the original `Mint` event for the token | ||
| function ownerOf(uint256 index) external view returns (address nftAddress, uint256 nftTokenId); | ||
|
|
||
| // returns a censorship resistant URI with details about this token collection | ||
| // the metadata returned by this is merged with the metadata return by `tokenUri(uint256)` | ||
| // the collectionUri **MUST** be immutable and content addressable (e.g., ipfs://) | ||
| // the collectionUri **MUST NOT** point at mutable/censorable content (e.g., https://) | ||
| // data from `tokenUri` takes precedence over data returned by this method | ||
| // any external links referenced by the content at `collectionUri` also **MUST** follow all of the above rules | ||
| function collectionUri() external view returns (string collectionUri); | ||
|
|
||
| // returns a censorship resistant URI with details about this token instance | ||
| // the tokenUri **MUST** be immutable and content addressable (e.g., ipfs://) | ||
| // the tokenUri **MUST NOT** point at mutable/censorable content (e.g., https://) | ||
| // data from this takes precedence over data returned by `collectionUri` | ||
| // any external links referenced by the content at `tokenUri` also **MUST** follow all of the above rules | ||
| function tokenUri(uint256 tokenId) external view returns (string tokenUri); | ||
|
There was a problem hiding this comment. Wouldn't using There was a problem hiding this comment. I considered it, but I don't think 721 compatibility matters much because the Perhaps there are specific tools that don't need to do owner lookups but do need to URI lookups that would benefit from consistency across methods? Personally I would like to see a compelling reason to break the superior (IMO) naming convention of capitalizing only the first letter of acronyms (it avoids situations like There was a problem hiding this comment. IMO naming convention arguments should be out of scope of this EIP. But a separate EIP could make normative statements on function capitalization conventions. I was mainly arguing for consistency with EIP-721 but it's not a hard objection from my side. |
||
| } | ||
| ``` | ||
|
|
||
| ## Rationale | ||
| ### Immutability | ||
| By requiring that tokens can never move, we both guarantee non-separability and non-mergeability among collections of soulbound tokens that are bound to a single NFT while simultaneously allowing users to aggressively cache results. | ||
| ### Content Addressable URIs Required | ||
| Soulbound tokens are meant to be permanent badges/indicators attached to a persona. | ||
| This means that not only can the user not transfer ownership, but the minter also cannot withdraw/transfer/change ownership as well. | ||
| This includes mutating or removing any remote content as a means of censoring or manipulating specific users. | ||
| ### No Specification for tokenUri Data Format | ||
| The format of the data pointed to by `collectionUri()` and `tokenUri(uint256)` is intentionally left out of this standard in favor of separate standards that can be iterated on in the future. | ||
| The immutability constraints are the only thing defined by this to ensure that the spirit of this token is maintained, regardless of the specifics of the data format. | ||
|
|
||
| ## Backwards Compatibility | ||
| This is a new token type and is not meant to be backward compatible with any existing tokens other than existing viable souls (like EIP-721 tokens). | ||
|
|
||
| ## Security Considerations | ||
| Users of tokens that claim to implement this EIP must be diligent in verifying they actually do. | ||
| A token author can create a token that, upon initial probing of the API surface, may appear to follow the rules when in reality it doesn't. | ||
| For example, the contract could allow transfers via some mechanism and simply not utilize them initially. | ||
|
|
||
| It should also be made clear that soulbound tokens are not bound to a human, they are bound to a persona. | ||
| A persona is any actor (which could be a group of humans) that collects multiple soulbound tokens over time to build up a collection of badges. | ||
| This persona may transfer to another human, or to another group of humans, and anyone interacting with a persona should not assume that there is a single permanent immutable human behind that persona. | ||
|
|
||
| It is possible for a soulbound token to be bound to another soulbound token. | ||
| In theory, if all tokens in the chain are created at the same time they could form a loop. | ||
| Software that tries to walk such a chain should take care to have an exit strategy if a loop is detected. | ||
|
|
||
| ## Copyright | ||
| Copyright and related rights waived via [CC0](../LICENSE.md). | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this requirement necessary? I believe you can bind EIP5114 to any address?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The EIP references EIP-721, so it requires it (not all editors agree on this policy).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm, in abstract it says that EIP5114 requires it to be bound to another NFT, and gives example of EIP721. In section "Backwards Compatibility" Its stated that EIP721 HAS to be used as a soul. I think the EIP should be more specific if EIP721 as a soul is mandatory, or is some other token or EIP also acceptable.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Any EIP that matches the interface
ownerOf(uint256 id)I think is the actual requirement. EIP-721 is an example of that, as is EIP-5114.