Soulbound Token

The defining feature of an SBT is its permanent binding to a single wallet address. Unlike NFTs or fungible tokens, SBTs cannot be sold, traded, or transferred to another account. This immutability creates a persistent, tamper-proof record of identity attributes, such as educational degrees, professional licenses, or event attendance, that cannot be purchased or lost.

SBTs function as composable building blocks for a decentralized identity (DID) system. By aggregating SBTs from various issuers (e.g., universities, employers, DAOs), a user's wallet becomes a verifiable, self-sovereign resume. This enables soulbound reputation systems for governance (e.g., voting power based on contributions), undercollateralized lending, and sybil-resistant airdrops.

SBTs are programmable credentials that can encode complex logic and conditions. An issuer can embed:

• Expiration dates for time-bound memberships.
• Revocation mechanisms controlled by the issuer or on-chain conditions.
• Privacy-preserving proofs using zero-knowledge technology to verify a credential (e.g., "is over 18") without revealing the underlying data.

As on-chain primitives, SBTs are composable with other smart contracts and decentralized applications (dApps). This allows for innovative use cases:

• A lending protocol can grant credit based on a user's SBT-proven employment history.
• A DAO can gate access to a private channel based on possession of a specific contributor SBT.
• Interoperable reputation can travel across different applications and blockchain ecosystems.

While both are unique tokens, key differences are:

• Transferability: NFTs are assets designed to be traded; SBTs are permanently bound.
• Primary Function: NFTs represent ownership of an item (art, collectible). SBTs represent attributes or credentials of an identity.
• Economic Model: NFTs have a clear market value. SBTs are non-financialized, focusing on social capital and verification.

SBTs are implemented as smart contracts, often extending existing token standards. Common approaches include:

• EIP-4973 (Account-bound Tokens): A proposed standard for non-transferable tokens on Ethereum.
• Custom ERC-721/1155 Modifications: Using popular NFT standards with a locked transfer function.
• Issuers range from on-chain protocols (like POAP for event proof) to off-chain entities (like universities) that sign verifiable credentials minted as SBTs.

Artists use SBTs to create deeper, non-speculative relationships with their audience.

• Provable Patronage: Collectors receive an SBT as proof of early support, which may unlock future works or experiences.
• Artist Attribution: SBTs can immutably link derivative or remixed works back to the original creator, ensuring proper on-chain provenance.
• Dynamic Artworks: The visual properties of an NFT could change based on SBTs held in the collector's wallet, reflecting their journey with the artist.

Despite their potential, SBT implementations face significant hurdles:

• Privacy: Publicly associating all credentials to a single Soul (wallet) creates severe privacy risks. Solutions like zero-knowledge proofs (ZK-SBTs) are critical.
• Revocation: Mechanisms for entities to revoke issued SBTs (e.g., for misconduct) must be decentralized and resistant to censorship.
• Interoperability: A standardized schema (like Verifiable Credentials) is needed for SBTs to be universally recognized across platforms.
• Key Management: The permanent loss of a private key means the irreversible loss of one's digital soul, requiring robust social recovery systems.

The non-transferable and immutable nature of SBTs on a public ledger creates a critical security consideration: irrecoverable loss. If a private key is lost or compromised, the associated SBTs—representing identity, degrees, or licenses—cannot be reclaimed or transferred to a new wallet. This contrasts with financial assets where recovery phrases restore access; here, the credential itself is permanently inaccessible or, worse, under an attacker's control with no revocation mechanism.

By default, SBTs minted on transparent blockchains like Ethereum create a permanent, public record of personal attributes. This can lead to:

• Unintended correlation: Linking a wallet's entire transaction history to a real-world identity via a single SBT (e.g., a university diploma).
• Social graph exposure: SBTs from DAOs or communities publicly map social and professional connections.
• Sensitive trait revelation: Health status, employment history, or membership in private groups becomes globally visible. Mitigations include zero-knowledge proofs (ZKPs) and private data attestations.

A core security promise of SBTs is Sybil resistance—preventing a single entity from creating multiple fake identities. However, this depends entirely on the trustworthiness and security of the issuer. Considerations include:

• Issuer key compromise: If an issuer's signing key is stolen, an attacker can mint fraudulent, verifiable credentials.
• Centralization risk: The system's integrity relies on the issuer's continued operation and honesty.
• Verification logic: Smart contracts must rigorously check the issuer's signature and enforce non-transferability rules to prevent forged or transferred SBTs.

Managing the lifecycle of an SBT is a complex security challenge. Unlike revoking a cookie or API key, blockchain immutability makes revocation difficult. Common patterns include:

• Issuer-managed revocation lists: The issuer maintains an on-chain or off-chain list of revoked SBT identifiers, which verifiers must check, adding complexity.
• Expiration timestamps: SBTs with built-in expiry, requiring periodic renewal.
• Key rotation schemes: Allowing users to migrate SBTs to a new wallet after proving ownership, often requiring issuer intervention. Each method involves trade-offs between user control, issuer overhead, and on-chain gas costs.

The SBT's logic is enforced by its smart contract, which must be meticulously audited. Critical vulnerabilities specific to non-transferable tokens include:

• Broken transfer locks: Flaws allowing SBTs to be transferred or sold, breaking the core premise.
• Reentrancy attacks on mint/burn functions: Could allow malicious minting or improper revocation.
• Access control flaws: Unauthorized addresses gaining privileges to mint or administer SBTs.
• Upgradeability risks: If the contract is upgradeable, malicious upgrades could alter the rules governing all issued tokens.

Several cryptographic primitives are being developed to address SBT privacy concerns:

• Zero-Knowledge Proofs (ZKPs): Allow a user to prove they hold a valid SBT from a trusted issuer without revealing the SBT's specific identifier or associated wallet address (e.g., zk-SNARKs, zk-STARKs).
• Semaphore: A protocol for anonymous signaling, where members of a group can prove membership and broadcast votes or signals without revealing their identity.
• Private Identity Commitments: Storing only a cryptographic commitment (hash) of the SBT data on-chain, with the full data held privately off-chain.

Proof of Personhood is a cryptographic mechanism to verify that an on-chain identity corresponds to a unique human, resisting Sybil attacks. SBTs are a primary tool for constructing such proofs.

• Mechanism: By collecting attestations (SBTs) from trusted entities or via biometric verification (e.g., Worldcoin's Orb).
• Application: Enables fair airdrops, governance (1-person-1-vote), and access to human-only services.

A Non-Transferable Token (NTT) is the broader token standard category to which SBTs belong. The defining characteristic is the disabled or severely restricted transferFrom function.

• Technical Base: Often an extension of ERC-721 with transfer logic overridden to revert.
• Scope: While all SBTs are NTTs, not all NTTs are SBTs (e.g., a non-transferable in-game item bound to a player account).

A Soul is the wallet or decentralized identity that holds SBTs. It represents the entity (person, organization, device) whose reputation and affiliations are being established on-chain.

• Function: Acts as the public, composable ledger of a subject's credentials.
• Ecosystem Concept: Popularized by the "Soulbound" whitepaper, which envisions a network of Souls (wallets with SBTs) forming a decentralized society (DeSoc).