SBTs are eternal* extensions to the blockchain address they are minted on.
- What are SBTs?
- What you should look out for wen SBT?
kycDAO wrote the NEAR Non-Transferable NFT standard (draft). We are involved in the CASA (Chain Agnostic Standard Alliance) Account-bound NFT work. We actively participate in the DAOstar One Identity Working Group. And we are building services using a particular SBT implementation that gave us the experience to experiment and consider a wide variation of non-transferable NFTs.
What are SBTs?
Soulbound tokens are the new phenomena the crypto ecosystem is raving about.
Soulbound tokens (SBTs) are essentially non-transferable assets, often a Non-Transferable NFT. NTNFTs or account bound NFTs have been discussed since 2017 but only gained a significant audience early in 2022 when Vitalik first posted about them on his blog [Soulbound 22/1/26].
NFTs gained cultural recognition in 2021, with an unprecedented growth seemingly coming from nowhere. The JPG attached blockchain assets created an entirely new subgenre of opportunities, attracting a brand new crowd of crypto enthusiasts. By now, most internet users have come across the term NFT, or Non-Fungible Token, due to the media’s ability to write about a technologically complex topic and include visual clues.
SBTs are essentially a twist on the already established NFT standard, with one significant difference. These assets are non-transferable. They do not offer the secondary market opportunities NFT marketplaces are infamous for. This inability to transfer these tokens brings a wide variety of use cases, previously not possible using “plain” transferable tokens.
SBTs address the question around “reputation.” The concept of on-chain reputation has been a broadly debated topic as it generates new avenues for interactions. However, only a tiny subset of on-chain reputation is related to a blockchain address [e.g., number and volume of previous transactions, repaid loans, governance votes]. Still, many other aspects of a wallet [value of assets, the participation or roles in DAOs or multi-sig, or the NFT collections it controls] are external from a blockchain perspective.
What You Should Look Out for 'Wen SBT'
There is no single type of SBT, and there should not be one!
CT [Crypto Twitter] is abuzz, with thread after thread discussing the depth, possibilities, dangers, and even the meaning of “soul.” The term Soulbound Token has gained too much attention with too few technical implementations. The community is scrambling to gain attention by adopting and deploying SBT-like contracts for various use cases.
Considerations to make before going down the SBT route:
Every SBT should be consented to by the recipient. This is the most controversial question the community will have to deal with. It is easy to imagine the misuse of an NTNFT. Just like decentralization, it is not in control of one single entity; the community, as a whole, must design against abuse through easy-to-use standards with: reference implementations, implementer and user education, governance considerations, and potential punishment where possible.
- Does it have to be on-chain?
Personally Identifiable Information (PII) should NOT be stored on-chain, regardless of the technology used to “hide” it. [more on PII in the privacy section below]
We believe that it depends on the use-case and use-case considerations. However, before committing to a technology, everyone must put the user first. It is simple to deploy a participant credentialing contract or capture off-chain status; however, without considerations for the entire life-cycle of the credential, no credentials should be issued on a chain.
- Does it have to be non-transferable?
Just because something is hot, it does not have to be everywhere. After several crypto cycles, it is clear that the ecosystem gets ecstatic about new ideas, which should go through a boom and bust cycle before finding a proper use. Early mistakes are often forgotten, but disclosing private information during this hype could lead to a loss of privacy that will deteriorate the community's trust in the technology. Projects implementing SBTs should always put their community first by keeping the builders accountable and transparent.
- What is in the metadata?
NFTs are not just a JPG or SVG stored on the blockchain. Like NFTs, SBTs can have various functions they can execute, enforce, or represent, depending on the deployment.
- Is it human or only software readable?
The question of readability is vital from a privacy perspective. Anything that humans can read will be aggregated. Only software readable soulbound credentials have the implicit benefit of introducing a layer of privacy by requiring a “schema” that can be kept private. Public credentials do not have to publicly disclose their content or intended use.
- Deciphering metadata requires privileged access?
Keeping the schema permissioned, meaning only made available for selected participants that meet specific criteria, introduces an essential layer of privacy but requires mechanisms for interoperability.
- Does it have an active/passive status?
A non-transferable token that has no mechanism to leave the address on which it was minted might require a status indicator that can be controlled by the user or the smart contract owner.
- Can it be burned?
On-chain, everything is transparent and eternal. Introducing a burn function ( most commonly a transfer to a 0 address) is one way to remove a soulbond credential from the receiving address. After burning a token, it will only indirectly correlate to an address. Burn functionality can be enabled/performed by the address owner, the smart contract owner, or both.
- Is it governed?
Soulbounding (soulbinding) does not have to mean permanently fixed. Considering governance for the entire issuing contract or a subset of functions can enable gradual experimentation without perpetually committing to a format.
- Can it be updated?
Specific use cases will require updates.
- Can it be revoked?
Revoking a credential is similar to performing a burn. However, in the case of limited SBTs, reissuing a previously revoked credential could require unique conditions.
- Can it freeze/unfreeze?
Early adoption could offer opportunities while disabling secondary market applications. Some projects could consider governing a dormant transfer function.
- Can it be extended?
Like updates, extensions can be a powerful way to provide new or enhanced functionality to an already existing token.
- Does it have functions controlled by different keys?
Not all functions must be controlled by a single governance mechanism; specific parameters can have their own controllers.
- Can it be reminted?
In the case of losing access to a wallet, the ability to remint a credential to a new wallet could be considered. It requires some mechanisms to verify whether the previous and current wallet holders match. Puja Ohlhaver, E. Glen Weyl, and Vitalik Buterin’s #DeSoc paper [link] suggested high bandwidth social measures as a possible solution.
- Privacy from a personal perspective (the shoulds).
Most people are not aware of the importance of privacy. Implementers of soulbound tokens should consider privacy a priority when deploying new contracts. The loss of privacy with publicly consumable credentials should not be the only choice. The user should be able to decide whether they want to publicly disclose their credentials (e.g., by minting) and be able to decline or use an alternative solution even if it means loss of functionality.
- Privacy from a regulatory perspective.
Regulators (GDPR, CCPA, and similar privacy rules) consider any publicly attestable information PII. The hash of PII is also considered PII. [the reason is that today we might not be able to de-hash information, but with future technology, eternally available data can be reversed]. You can read more about PII hashing in our DAO Star One identity working group’s PII work summary.
- Does it have to follow a standard?
Ideally yes. Some NTNFTs might be unique to the issuer; others will aim for interoperability requiring standardization.
- Dangers of SBTs.
No one entity controls what SBTs will contain and who issues them. The community will be responsible for making sure that they can meet their expected use. They can cause harm in the short term if issued by malicious actors or, in the longer term, through wrongful implementations.
Starting a new identity in web3 is appealing; if a sufficient amount of [public] credentials are issued to a wallet, and if the same user with a new wallet will quickly reaffiliate with the previous wallet.
Public data aggregation is happening and will be happening. There is no “what if we build for the good” scenario; the community must expect the worst, as not everyone is here to WAGMI. This must be represented in technical and ethical considerations.
Less is more.
We will get there; many technologies providing privacy and security are still in their infancy; a granular approach is advised.
*the historical presence of a blockchain asset is always eternal.