Introducing FA2: A Multi-Asset Interface for Tezos

A request for comment about TZIP-12: a proposal for a unified interface supporting multiple token types and multi-asset contracts on Tezos

TQ Tezos
TQ Tezos
Mar 6, 2020 · 9 min read

Overview

This post introduces FA2 (TZIP-12), a proposal for a unified token contract interface, supporting both a wide range of token types (e.g. fungible, non-fungible, non-transferrable, etc.) as well as multi-asset contracts (a la ERC-1155). FA2 aspires to offer wide expressivity to create novel implementations and even invent token types while maintaining a common interface standard for wallet integrators and external developers.

In initiating a request for comment, we hope to identify opportunities to refine the interface through feedback and early use. And please reach out if interested in collaborating!

Key Resources:

This post introduces FA2 and its motivations at a high level. We recommend reading the TZIP-12 proposal and trying it yourself using Stove Labs’ tutorial.

As noted in “Next Steps”, we will soon provide reference implementations for single- and multi- asset versions of FA2 alongside a blog post about implementation patterns.

Introduction

Background

Over the past several years, Ethereum’s ERC-20 (fungible tokens) and ERC-721 (non-fungible tokens) have become synonymous with blockchain-based assets. In response to growing demand for an ERC-20 equivalent interface standard on Tezos, last year we released FA1.2 (TZIP-7) based on work with Serokell and Nomadic Labs. FA1.2 implementations have emerged in SmartPy, LIGO, Lorentz, and others.

As noted last year, we’ve aimed to follow up FA1.2 with a new token standard proposal, beginning with prototypes inspired by ERC-1155. This eventually led us to FA2, a new token standard proposal we are introducing today for public comment on Tezos Agora.

While FA1.2 has seen robust demand for financial use cases needing a single fungible token contract, FA2 is agnostic to token type and allows both single- and multi-token contracts via one standard API. All entry points in FA2 are batch operations, allowing multiple transfers of different tokens and/or token types to be executed in one atomic transaction.

This allows FA2 to enable all of the familiar functionality of FA1.2 but also broadens the potential for tokenization on Tezos significantly.

FA2 provides developers a wide latitude to define and invent token types with complex token interactions while maintaining a standard API for wallets and external applications. Such examples include NFTs for collectible assets, non-transferrable badges to incentivize behaviors, and multi-asset contracts containing thousands of different gaming items with interactive, transmutable behaviors.

FA2 Design Considerations

The FA2 proposal is also inspired by direct experience implementing tokens (e.g. FA1.2) on Tezos and by feedback on early FA2 prototypes from nearly two dozen external individuals and teams. Included in this group were EIP standards proposers, tokenization platforms, custodians, and institutional users, as well as gaming, exchange, and marketplace builders. We’ve also gathered input from indexer developers, language creators, prominent security auditors, and Tezos core developers. Additionally, we’ve worked directly with early implementers and potential integrators of FA2, incorporating their feedback while iterating on the specification.

Two common themes emerged from our experience with FA1.2 and broader research into how users and developers actually use tokens on Ethereum:

1. Standards fragmentation by token type in Ethereum has been driven by adoption, rather than intent

  • Ethereum’s major token standards have emerged based on popular token types (ERC-20 for fungible tokens, ERC-721 for non-fungible)

2. Permissions standardization must balance flexibility for customization (e.g. whitelisting) with a need to avoid fragmentation (e.g. by compatibility with popular contracts)

  • Over-specification of permissioning restricts developers’ expressivity to create novel implementations and creates integration friction for wallets, constraining network effects from both sides

FA2 also led us to reflect more broadly on how standard proposals interplay with Tezos as a self-amending protocol which can add new functionality over time. For these purposes, we have been especially interested in potential core features discussed on Agora such as contract signatures (“stamps”), event logging, and read-only calls, all of which might improve usability and could be useful for updating the standard.

To facilitate rapid iteration and external feedback, we’ve chosen CameLIGO for the initial interface specification and reference implementation, using the opportunity to provide significant feedback to the LIGO language team (in the form of dozens of Gitlab issues). We will also soon publish both a Michelson interface and SmartPy implementation for FA2 incorporating any changes to the spec based on community feedback.

Standard vs. Implementation

What should be the scope of an interface standard and what should be left to implementers?

Standardization aims to solve collective action problems, situations in which users would all benefit by cooperating but find it too costly to do so alone. In the case of a token, the API standard has already been chosen at the time of contract development, i.e. before the user accesses it, making standardization necessary. An API standard instead is used to ensure interoperability with related applications and wallets which want to support tokens but do not want to have to support many different APIs.

However, a standard is enforced on all implementers, so being too feature-rich or over-specified risks taxing all users, not just contract deployers. By contrast, under-specified standards risk fragmentation, creating walled gardens in which different incompatible standards or implementations become stuck.

In the context of tokens, such concerns are particularly salient to permissioning, defined here as rules governing who can send, receive, and/or administer tokens on another user’s behalf and how. Standard permissioning is especially necessary for both trust-minimized interactions with external contracts (e.g. an auction or a DAO) as well as for centrally-administered tokens like digital securities.

Early designs of FA2 considered splitting this permissioning entirely from the core transfer semantic, aiming to completely modularize the standard. But as described in Practical Use below, some amount of minimal permissioning standardization may be needed to ensure ease of adoption for wallets and other end-users and avoid fragmentation.

As a result, FA2’s interface specification proposes to standardize transfer semantics (supporting both single and multi-token transfers), accessing balances and total supply, metadata, and some basic operator permissioning. It also proposes an entrypoint called permissions_descriptor allowing external contracts or clients to discover an FA2 contract’s permissioning schema and configure it.

Conversely, FA2 proposes to leave it to implementers to handle common considerations such as defining the contract’s token type(s) (e.g. non-fungible vs. fungible vs. semi-fungible), administration and whitelisting, contract upgradability, and supply operations (e.g. mint/burn).

As visualized in the diagram below, FA2 also leaves to implementers to decide on their preferred permissioning architecture: namely, whether they would prefer to implement permissioning via the same contract (i.e. a “monolith”), a transfer hook to another contract, or a separate wrapper contract. For more detailed explanation of permissioning or “permissions policies”, please see FA2 Permissions Policies and Configuration in the TZIP-12 proposal.

Image for post
Image for post
FA2 Implementation Patterns

An upcoming blog post called “Implementing FA2” will cover implementation examples in greater depth and the pros and cons of different architectures.

Practical Use (i.e. learning from Ethereum)

How do developers and users actually use and interact with token contracts?

Standards are ratified by use rather than by white papers, proposals, or working groups. In practice, token standards gain network effects with real use as tooling is built to quickly integrate them into exchanges, wallets, and marketplaces.

Experience with ERC-20, ERC-721, and ERC-1155 provided some of the strongest insight into how token contracts are actually used.

For example, ERC-20 has permissioning so narrowly scoped (allowance) that it is commonly ignored by users who set a very high value out of convenience. On the other hand, ERC-1155 has a very broad notion of permission, allowing operators (an external contract that can be provided transfer permissions) unlimited ability to transfer all tokens within a contract while also requiring a token receiver interface to receive tokens. The latter was found to add significant friction during prototyping, a point validated by discussions with major institutional custodians and wallet developers who would have to interact with it.

FA2 aims to provide a usable permission policy at the right level of granularity. In the case of multi-asset contracts, we’ve proposed to introduce operators by token type (set as all token types for single-asset contracts). Given ERC-20 users’ tendency to opt-out of allowances de facto when approving transfers by external contracts, we’ve also considered operator expiration and a notion of default expiry (e.g. n blocks or n transactions) for operators.

Overall, many of these considerations reflect a broader question of where in the stack (e.g. in token standards vs. a dedicated wallet permissions standard) different permissioning schemas should be standardized and at what level of granularity. In the case of spending limits (a la allowances) or operator expiry, real-world behavior with ERC-20 suggests that smart contract wallets (a la Argent) or even the protocol itself may be better places to configure such granular permissioning than within a token standard.

Similarly, during our design process we identified features which are very well-suited for specific applications (e.g. pre-authorization for certain exchanges) or tooling (e.g. storage standardization for indexers). Yet in many cases these were likely not universal enough or may introduce other kinds of subtle path dependence for future standardization efforts or core development.

However, pursuing a highly generalized standard attempts to please all users at the risk of pleasing none at all. In designing FA2, we also placed priority on ensuring support for high-volume use cases that comprise the lion’s share of blockchain-based asset activity today: namely, how such designs would affect swaps and NFT-based use cases.

Future-proofing

How can we ensure that standards evolve as Tezos itself evolves?

Tezos’ nascency as a platform and self-amending nature pose unique challenges for proposing an interface standard. Multiple reviewers suggested to avoid optimizing too heavily on gas costs at the expense of a high quality design, particularly given Tezos’ ability to improve via the amendment process.

More specifically, features under discussion, such as event logging, contract signatures, and read-only calls may improve usability and reduce friction and we hope to extend or upgrade FA2 if such features are approved by the Tezos community. Below we speculate on how such prospective features would affect FA2 and what a transition would look like for implementers.

Image for post
Image for post
For more, see Contract Signatures and Read-only Calls

Further Directions and Request for Comment

Below are some questions we’ve provided as part of our FA2 request-for-comment and which inform ongoing efforts to improve the proposal.

Permissions

  • Are operators the best available approach to permissioning transfers by external contracts?

Metadata

  • Should (or to what extent should) contract metadata be an independent standard / protocol feature or should it be specific to a token standard a la ERC-20?

Storage

  • Should any parts of contract storage be standardized (e.g. to assist indexers)?

Future Proofing (see section above)

  • How might FA2 be affected by future amendments?

Next Steps

  • Agora/Blog Post: Implementing FA2

Reference Implementations in development or planned:

  • SmartPy implementations (single- and multi-asset versions)

We also hope to schedule a regular technical call to discuss future directions for FA2 and take public comments. Stay tuned!

Acknowledgements

We are deeply grateful for all who have provided early feedback on FA2. We plan to provide a public acknowledgements list in our upcoming post, Implementing FA2.

TQ Tezos

TQ Tezos works to advance the Tezos ecosystem by helping…

TQ Tezos

Written by

TQ Tezos

TQ Tezos works to advance the Tezos ecosystem by helping companies build on Tezos, creating open source software, and connecting the community.

TQ Tezos

TQ Tezos

TQ Tezos works to advance the Tezos ecosystem by helping companies build on Tezos, creating open source software, and connecting the community.

TQ Tezos

Written by

TQ Tezos

TQ Tezos works to advance the Tezos ecosystem by helping companies build on Tezos, creating open source software, and connecting the community.

TQ Tezos

TQ Tezos

TQ Tezos works to advance the Tezos ecosystem by helping companies build on Tezos, creating open source software, and connecting the community.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store