The Dilemma of Soulbound Tokens

Authored by Isabel Orchard, Mike Alliegro and Raphael Spannocchi

Token-based voting has run its course, there, we said it.

While many DAOs still use this strategy, the last two years have clearly exposed some fundamental flaws. Widespread financialization, concentration of power in a few hands and bribing economies are the most common ailments.

Vitalik Buterin, no less, has recently co-authored a paper with Glen Weyl and Puja Ohlhaver introducing the concept of “Soulbound Tokens”. We’ll abbreviate this mouthful to SBT to save ourselves a lot of typing and the reader a lot of time, since it will come up often in this blog post.

Bound to an address, non-transferable and thereby not tradeable, these tokens are meant to represent something purer, and more tied to the identity of contributors. They could make governance and rewards more equitable and “fair” than mechanisms with tradeable tokens. The word soulbound comes from World of Warcraft where players got soulbound rewards they couldn’t trade or sell to other characters. Vitalik Buterin was a big WoW degen and the revelation that his achievements could be taken away by the development company at a moments notice allegedly sparked his resolve to develop what became Ethereum.

Let’s take a close look at the strengths of SBTs, how they’re made, but also their potential for harm. Come enter the fascinating world of reputation layers that want to transform the way groups organize. You will meet vast potential for good, combined with horrific dystopian surveillance possibilities. Let’s jump into the rabbit hole.

Rabbithole photo by Filipe Delgado.

What is an on-chain reputation and why should you have one?

Cryptocurrencies represent the first major innovation in coordination technology since the industrial revolution established the chain of command as the de-facto standard to do work at scale.

Instead of command-and-control structures, cryptocurrencies set the incentives in a way that individual actors optimize their own utility if they cooperate according to the rules of the game.

The brilliant idea was first implemented by Satoshi Nakamoto in his landmark 2008 whitepaper titled: Bitcoin, a peer to peer electronic cash system. That reality might have a word or two to say about the theory became apparent a few years after, when the top Bitcoin miners had to declare their intent not to collude or merge, lest they control more than 51% of the hashing power, and gain the ability to write even fraudulent transactions at will.

From a perspective of pure financial utility this was not a straightforward decision. Economies of scale would have rewarded a collusion, especially if it was covert. But the trust of participants in Bitcoin could have been irreversibly damaged if fraudulent transactions would ever be detected. Not colluding can be seen as altruistic in the short-term or as a vote of confidence for Bitcoin’s long-term future.

This short excursion into crypto history can serve us an illustration of the limitations of even the best designed incentive management constructs. When participants act only for their own profit, with no regard for the long game, every system is doomed.

We could also say that Bitcoin miners didn’t collude because they were worried about their reputation, and the reputation of the Bitcoin blockchain as a whole. We’ve seen time and time again that purely financial incentives do not yield stable systems. Power concentrations, pump and dump schemes and rug pulls are all profitable to some, while damaging to most.

On-chain reputation offers a way for DAO governance to encourage contributors and reward the most outstanding members. These rewards can entail:

• Exclusive access to Discord channels
• Participation in polls and the ability to influence governance
• Higher protocol emissions
• Early access to events or releases
• More weight of a contributors opinion in a DAOs decision process

Since DAOs strive towards automation of processes, they need to have a way so that smart contracts can identify who has been rewarded. Reputation layers introduce on-chain, smart contract verifiable reputation tokens, often called Soulbound Tokens, or Non-Transferable Social Tokens (NTST). Reputation layers want to identify the persons that do the most for a DAO and make them visible. So they implement mechanisms that allow them to be attached to an entity or person and are not transferable.

The right keys for the right locks; the promise of SBTs in a nutshell. Photo by cottonbro.

For DAO governance, SBTs offer a way to reward contributors in a non-monetary way. They force governance to think outside the financial box about what they can do to retain top members and how to best reward them for their contributions. In their most abstract form, SBTs are simply address-bound, or non-transferable tokens, that DAO members can use to identify certain traits in others.

The closest real-world analogy would be the ribbons, medals and badges the military gives to distinguish soldiers with extensive experience or extraordinary achievements. These badges are distinct from rank, and offer a more fine-grained way to distinguish service members.

For contributors, SBTs offer a way to store their experiences, skills, achievements and metaverse loot in a secure way, without having to rely on centralized third parties to maintain their score. Contributors can take their achievements with them when they move to another DAO or can show to GameFi players that they already proved their mettle in other arenas.

SBTs are valuable, precisely because they are not transferable. But their value is not financial, at least not straight away. Instead they represent a way to gain access, including access to people. And they command respect and give their holder instant recognition if a DAO supports their specific data set. This combination of access, respect and recognition is a priceless asset that can only be achieved through good work, and not bought and sold on an exchange.

The non-financial dimension of SBTs make reputation layers desirable for governance who increasingly look for ways to complement or replace token-based reward mechanisms.

Why does token-based voting lead to centralization?

Token-based voting falls victim to one major criticism — the detour into plutocracy.

For a proposal to pass in a token-based governance system, it must first hit quorum (the necessary participation rate established by DAO founders), and then secure more votes in favor than against. Unable to meet quorum and the proposal fails.

Simply put, if one (purchasable) token equals one vote in a DAO, then it only takes a wealthy and determined entity to purchase a substantial number of tokens and concentrate majority voting power in their hands. A more sophisticated version of this would be a Sybil attack, whereby one user employs multiple wallets to accrue the majority vote share. Not only does this benefit the user in swaying the vote a particular way, but also ensures that the proposal meets quorum.

Centralization of power through financial means is not a new challenge and has been faced by electoral systems all over the world. Today, 165 countries (approximately 91.7%) have enacted legislation to prohibit vote buying in order to precisely tackle this dilemma. With that backdrop, it seems somewhat bizarre to have ever had decentralized governance votes up for sale .

An example of token-based governance leading to extraordinary centralization can be seen with Uniswap. The pie chart below illustrates the voting power distribution for UNI holders on the DEX. Over three quarters of voting power is concentrated in the hands of whales, while a whopping 99.45% of voting power rests with users holding over 10,000 UNI tokens, and almost 80% with whales who hold more than 1,000,000 UNI.

Data by Flipside Crypto

The transparency of digital governance breeds voter apathy. As individual community members watch whale token holders dominate the outcome of proposals, they become less and less inclined to participate. The fact that even after a series of equally weighted temperature checks and open-to-all discussions, your final vote still carries minimal marginal utility, is bound to dissuade users from engaging.

As participation declines, the addresses choosing the direction of the DAO by moving votes forward become fewer and fewer. This results in stunted development of the DAO. For the same reason that cumulative intelligence across large populations is greater than one highly intelligent individual, DAOs flourish when more heads are put together to solve each problem. Decreased participation means less energy spent evaluating the question at hand.

Another risk to consider is the centralization of decision-making power without even holding the necessary capital. Instead of a slow acquisition of tokens in order to gradually become a whale and increase one’s influence over the direction of a DAO, a user with a hefty interest in the outcome of one specific proposal could mobilize and strike at once.

This was the case for MakerDAO on October 26, 2020 when BProtocol borrowed 13,000 MKR tokens (approximately $7 million) in order to push through the votes for the proposal regarding its own project on MakerDAO. BProtocol took out a flash loan from the dYdX platform in order to temporarily acquire the capital needed. Flash loans are short-term and must be paid back in one block space, which makes them rather attractive as means for a governance attack without having to incur long term expenses.

What are Soulbound Tokens?

Soulbound Tokens are non-transferable (but possibly revocable), publicly visible, non-fungible tokens. Unlike most existing NFTs, SBTs must be issued (or attested to) and cannot be transferred or sold, which makes them a more suitable primitive for establishing robust digital identities. Although the first iterations of SBTs will be publicly visible, which is simpler to design, these programmable tokens will ultimately be public or private at the discretion of the holder.

Implementation of SBTs are currently possible through modification of the ERC-721 (NFTs) standard by having all transfer functions revert. However, this implementation is suboptimal because wallets cannot interpret whether an ERC-721 token transfer function fails because it is an SBT or because of faulty input parameters. Therefore, users would not know if an NFT was non-transferable without looking into the contract’s code.

As an alternative, the Ethereum community has recently proposed EIP-4973: Account Bound Tokens and EIP-5114\ which define a standard interface for non-transferable NFTs. The primary difference between ERC-721 and the new standards is that the latter implement a feature-detection mechanism to signal non-transferability. The standard would also expose function burn(address _tokenId) and require it to be callable at any time by the owner to ensure an owner’s right to publicly disassociate themselves from what has been issued towards their account. Neither of the new proposals has found significant support from the Ethereum community, yet.

With this standard, existing wallets would store and display SBTs in the same manner as transferable NFTs. However, wallets would be able to detect if a token is non-transferable and implement functionality to support a better user experience. For example, wallets could hide the transfer button when the token is displayed or educate the user about non-transferable NFTs through notifications or disclosures. In addition to feature detection, the standard would enable additional interoperability and improve on-chain data indexing.

SBTs are often mentioned in the same sentence as verified credentials (VCs) and decentralized identifications (DIDs). The distinction between these is that VCs and DIDs are non-crypto native standards that could be integrated on-chain to form SBTs. VCs are issued to reflect certain off-chain behavior or achievements and then verified by their issuers. Forum activity or Github pull requests are just two examples of possible VCs that would be useful for DAO governance.

While anyone can mint and issue SBTs, usage is largely dependent on the establishment of reputable issuers that users trust. Established DAOs or protocols that issue SBTs would rely on their reputation to imbue the tokens with relevance for the end user. This presents a cold-start problem for the space — few (if any) protocols use SBTs to reward users or provide additional services (e.g. uncollateralized loans) which provides little incentive for issuing them. However, SBTs are still quite new — as the space matures, we could certainly see a proliferation of reputable issuers and an ecosystem of protocols and DAOs that leverage them.

Use Cases of Soulbound Tokens (SBTs)

SBTs can represent any aspect of a users’ identity, like education credentials, work history, or conference attendance, which together create an extended, on-chain resume. By allowing users to establish their reputation on-chain, SBTs unlock new possibilities for DAOs, contributors, and governance designs, including:

• DAO Sybil resistance
• Novel governance designs
• Community organization

Currently, on-chain reputation is limited to the data available — the record of transactions, balances, and computations that compose the blockchain. SBTs can establish a more comprehensive on-chain reputation by allowing users to be issued tokens that represent any off-chain or on-chain accomplishment or credential. For example, users could be issued SBTs that represent university degrees, CPAs, licenses or DAO core unit roles. The non-transferability of these tokens means that DAOs and protocols can actually trust that the user earned the credential themselves, rather than purchased it.

This property enables communities to form around verifiable interests, skills, or affiliations. DAOs can seek out users for core teams that hold certain SBTs, like ones that represent treasury management experience. Additionally, users can establish a track record of accomplishments, through acquiring SBTs, and take these tokens with them as they move from DAO to DAO.

DAO Sybil Resistance

SBTs offer the possibility of mitigating DAO sybil attacks. Since SBTs are unique, issued to a single address, and attested to, they allow DAOs to distinguish between real users and probable bots. For example, DAOs could issue “proof-of-humanity” SBTs to verifiably real contributors, which would allow them and others to prevent Sybil attacks and bot spam. DAOs could also offer more voting power to users that hold reputable SBTs — like licenses or certifications — or spin up working groups with users that have specific skill sets, as identified by their SBTs.

Sybil resistance recently became a hot topic in MakerDAO. SBTs would offer a convenient solution here.

Novel governance designs

SBTs also allow DAOs to establish novel, fairer governance designs, that rely on reputation for sufficient sybil resistance. Quadratic voting, for example, prevents whales from monopolizing power and allows smaller wallets to have a greater impact in governance. However, it can be easily gamed by creating many wallets with small balances. In his Liberation Through Radical Decentralization article, Vitalik describes the problem: “QV relies heavily on the notion of verifiable, separate human identities, because a community member could multiply her effective influence dramatically by misrepresenting herself as multiple individuals.” SBTs allow DAOs to identify unique users and prevent this issue.

Effect of quadratic voting on vote weights. It takes (x+1)2 votes to overpower x votes.

Community organization

Thus far, Web3 has largely relied on token sales or airdrops to jumpstart new communities, which often fail to identify users that are truly interested in supporting the community. SBTs provide a more robust solution to “enable communities to be convened at unique intersections of Souls” (Decentralized Society: Finding Web3’s Soul). Using SBTs, DAOs could more effectively identify valuable members and form cohesive communities. For example, DAOs could convene a community of developers that hold certain conference attendance SBTs. Or DAOs focused on data-analytics could recruit users that hold SBTs that represent data proficiency. Ultimately, SBTs make recruitment more efficient for DAOs and mobility between projects easier for users.

What are the failure modes of Soulbound Tokens?

Any transformational technology has the possibility of veering off into a dystopian nightmare. For SBTs, two hypothetical worst-case scenarios come to mind:

First, SBTs could give states unprecedented ways to track citizen behavior and then gate access to services to only allow citizens with a certain conduct, similar to what is already happening in China, with its social score system. We’ll call this failure more population scale surveillance.

Second, the unwarranted dilution of voting power by factoring out SBT correlation. We’ll explain what both of these look like in a second. The latter applies to decentralized governance and the former to broader society. Let’s call this failure mode algorithmic bias.

Population Scale Surveillance

Let’s look into the first failure mode of SBTs, a future so rife with surveillance and coercion that it would make George Orwell’s 1984 a pleasant utopia. If we assume that a citizen’s SBT starts at their birth, with their basic identification and then tracks activities throughout their life, down to simple misdemeanors like crossing a pedestrian red light. Access to services, from luxuries like traveling abroad and staying at great hotels, down to access to the labor market and basic necessities could be gated by certain aspects of an SBT, and the presence or absence of certain verified credentials.

Coupled with central bank issued digital currencies, that could be revoked or restricted on a per address basis, this opens up command and control possibilities that even the most nefarious and paranoid dictators of the past would never have dreamt.

Social Credit Scores in China affect business deeply. Source: Merics

Even now, there’s no short supply when it comes to examples of government interest in surveillance. The boom in global sales for NGO Group’s Pegasus spyware, the CCP’s Golden Shield Project, Russia’s NtechLab, or the five eyes intelligence alliance.

Proponents of SBTs argue that they need to be less dystopian than current massive surveillance through ad networks and tracking cookies. They claim that the current web2 architecture is inevitably dystopian whereas decentralized systems remain “only possibly” dystopian. While web2 enables top-down digital bureaucracies to harness your information, SBTs offer horizontal co-determination of the future.

Algorithmic Bias

Let’s shift gears and look at DAO governance, to see what failure modes of SBTs could happen there. Token-based voting allows a sort of Sybil attack, in which one user employs multiple wallets to accrue the majority of tokens and centralize decision making power. The advantage this move has over purely purchasing the majority of tokens outright is that it masks the attacker’s centralization of power. The default assumption is that one wallet address is tied to one user. By employing multiple wallets, the attacker leads the community to believe that power is dispersed, when it is not.

In their paper on SBTs, Weyl, Ohlhaver and Buterin pose what could be described as a soft Sybil attack in which a vote is supported by a large number of Souls with correlating SBTs. The level of correlation between Souls would be measured with a SBT correlation score. A high correlation score indicates that Souls share partialities. A low correlation score indicates that Souls are acting as independent agents.

They further suggest that in the case of a soft Sybil attack, the correlation score for groups of Souls could be tracked. A higher correlation could result in a lower overall vote weight. On the other hand, the same tally from a more diverse collection of souls, with a low correlation score, would have a higher weight. The justification for modifying vote weight based on SBT correlation is based on the claim that votes cast by Souls with a high correlation score are votes cast under the same bias or judgment in error.

He’s making a list, he’s checking it twice… No, not Santa… Algorithms have biases too. Source: fairbytes

Three assumptions go into that claim: 1) a bias can be directly inferred from x SBT, 2) this bias can be directly inferred from a certain SBT for multiple users, and 3) the bias from these shared SBTs was a leading motivation for these users’ decisions.

Now picture this: DAO administrators purposefully deem a high SBT correlation score with another Soul as active collusion, and reduce these voters’ weight by a significant amount. All of these Souls now have less influence simply because an algorithm deemed them to be correlated.

Here’s an even worse scenario: A Soul that is deemed to be in cahoots with a group of 100 others by a high correlation score is viewed as part of a Sybil attack. Not only is their collective vote weight now a fraction of what it was, but their reputation is also tarnished.

The leap of faith to infer collusion from correlation is significant and we should be wary of the dangerous assumption that digital affiliation can accurately map out the thoughts that lead a user to vote a certain way opening the floodgates for censorship.

What issues do Soulbound Token users face?

While SBTs unlock a number of new use cases, they also introduce issues that will need to be addressed. Initial SBTs will likely be publicly visible by default, which can have serious privacy-related consequences. Issuers could send “undesirable” SBTs to users, who would be unable to transfer, send, or hide the unwanted tokens, hindering their ability to autonomously manage their digital identity.

There are potential solutions to this issue. An optionally-implementable function mintWithPermit can be implemented to allow an SBT receiver to “lazy-mint” with an SBT issuer’s signed permission. However, implementation of this function would be at the discretion of the issuer so this does not prevent ill intentioned issuers from forgoing it.

SBTs could also store data off-chain, leaving only the hash of the data on-chain. The holder could then decide where to store the off-chain data, like on their own device or on IFPS. While certainly more complex, SBTs could also leverage zero-knowledge proofs to cryptographically prove ownership of specific SBTs without revealing the data to anyone.

SBTs may dissuade users from changing wallets or rotating keys for security purposes. If a private key is stolen, users will be unable to recover their on-chain reputation. For users who have established an on-chain reputation through SBTs, loss of access would essentially result in loss of digital identity. Therefore, issuers will need to implement revocation and reassignment processes to allow users to highlight theft or wallet change. Issuers would then revoke and reassign previously issued SBTs.

Community recovery is key to making Soulbound Tokens work.

SBTs could also allow for community recovery. Vitalik’s recent paper, Decentralized Society: Finding Web3’s Soul, outlines the case for a community recovery model that recovers a user’s private keys by requiring a subset of the users communities (likely original SBT issuers) to consent. Initial implementation of community recovery would assume access to secure off-chain communication channels, through which the user prompts his communities to authenticate and attest to his or her identity.

Ultimately, a practical mechanism for facilitating community recovery will need to be thought through and developed. Thankfully, implementation of a robust solution may lead to a decline in wallet theft (to gain access to SBTs) because keys could easily be recovered.

Which protocols build reputation layers?

Our blog post was pretty heady and theoretical until now. What if you want to deploy SBTs to your DAO? Do you have to write the smart contracts yourself? Thankfully not. We’ve found a couple of startups who are developing simple or at-least no code solutions that can help you get started in no time.

Disco.xyz

The mirror ball themed startup has developed cutting edge tech around decentralized identifications (DIDs) and verified credentials (VCs). Data is stored on the Ceramic network and is encrypted, signed and tamper-evident. Verified credentials are a hot topic in Web2 at the moment, with the W3C developing open standards. VCs will play a pivotal role in making off-chain activity available for integration in SBTs.

Disco IDs are currently available on Ethereum only, but planned to roll out on other layer one networks in the future, plus other storage networks besides Ceramic are in the works. Users will be able to port their credentials from one storage network to another.

Verified credentials are basically the badges and ribbons a user collects, which are issued and signed by other users, who could be DAOs but could also be individuals. Credentials are private by default, and users choose which credentials they display on their disco profile at any given time. Malicious credentials issuers have no way to harm disco users, that way, and would just waste a ton of gas.

Disco already supports Twitter handles, Discord handles and domain name integration, plus users can self-issue credentials to add color like issuing their music preferences or favorite colors as credentials to display on their disco profile.

Soulbound Studio

Uses a different route to issue badges to addresses. Soulbound Studio is a no-code interface to The Graph, where users can build Subgraph queries by simply pointing and clicking on parameters.

The results of these queries can then be used to issue NFTs. Imagine issuing a most-active users badge to the addresses that interacted with a protocol’s smart contract the most. Or a best-voter badge to users who voted on the most on-chain polls. Badges can have multiple levels to distinguish between different levels of engagement and give the top contributors more sway.

The Graph supports all NEAR or EVM compatible chains now, so Soulbound users are in for a treat. The US-based team is busy building their initial product and users can already start to interact with the no-code solution with a limited parameter set.

Basing the solution on the Graph allows DAO governance to set-and-forget the issuance of badges, but also means they aren’t private.

Otterspace

DAO members or called Otters in Otterspace, and their website claims that Whales are not Otters’ friends. Otterspace implements EIP-4973 for address bound tokens, and has schemes for attestation, issuance and revoking these.

Otterspace is waitlist-only atm, but anyone can mint his Soul Otter badge on Ethereum’s Rinkeby testnet here.

Otter badges can then be used to gate access to Clarity, Snapshot, Radicle, Discord channels or Wonderverse tasks and Coordinape payments. Because of the standard implementation of SBTs other protocols or dApps can be built on top of Otterspace in a permissionless manner.

Because of their waitlist we were not able to take Otterspace for a spin, though. The good thing about Otterspace is that they’re building tools for issuing but also for verifying SBTs. Otterspace integrates into Discord among others and allows admins to access-gate channels.

ShowKarma.xyz

Karma follows a similar approach to Souldbound Labs, where DAO governance specifies certain metrics that result in a badge being issued. On-chain and off-chain activity can be included. And Karma presents beautiful leaderboards where contributors can see their score and how they compare to others, plus what they need to do to level up.

Karma issues standard ERC721 NFTs that are transferable. According to CEO mmurthy.eth non-transferability creates more problems than it solves. He asserts that users will just sell the private keys to the addresses that certain coveted SBTs are bound to and a market for these tokens is ready to appear. In his view standard NFTs allow a wide range of existing tools and wallets to interact with Karma badges and they also allow users to get rid of any badges they do not want to have associated with them by sending them to their favorite enemy a burn address.

Conclusion

“So what can I tell you, my brother, my killer, what can I possibly say”, Leonard Cohen croons in his revered song Famous Blue Raincoat. The poignant dichotomy between brother and killer makes this line memorable and elicits the kind of sharp ambivalence that Cohen wants to convey.

Soulbound Tokens ewoke similar sentiments. Weyl, Ohlhaver and Buterin herald them as the silver bullet against “today’s hyper-financialization” in their seminal paper, and others simply say “No” in the face of the dystopian, all-encompassing surveillance and social scoring they could help to manifest.

Alfred Nobel invented dynamite to help miners in their gruesome task to drive shafts into the rock. He was abhorred by the use of explosives in wars and upon seeing the carnage his brain-child wreaked on the battlefield founded the Nobel prize to award peaceful scientific discoveries.

It is now upon the community at large to make sure they understand deeply what the dangers of SBTs are and to create a kind of technology that mitigates that as best as it can. But technology is only one part of the puzzle. The community should also make sure to point out any actors that use this technology in ways that don’t reflect the values of openness and decentralization.

In writing this paper we intentionally deleted the discussion of one SBT product that was focused on KYC and compliance. We do not want to promote these actors, as “smart” as their business model may seem at the outset. Crypto is about sovereignty and ownership, not about command and control. Let’s keep it that way.

Soulbound Tokens offer a fascinating dilemma:

• They offer an attractive alternative to financial rewards helping to attract and retain the talent that matters most.
• They have the potential to introduce surveillance capabilities that would make Orwell’s 1984 read like a holiday diary.

Ultimately it is up to us, the community and the practitioners in this space to make sure we resolve this dilemma and develop SBTs to their maximum potential for good.