Vitalik Buterin: Do NFTs need to be bound?

Author: Vitalik Buterin, Founder of Ethereum

Original Title: "Soulbound"

Translated by: Block unicorn

One characteristic of World of Warcraft is the second nature of players, but it is largely undiscussed outside the gaming community, which is the concept of soulbound items. Once a soulbound item is picked up, it cannot be transferred or sold to other players.

Most of the very powerful items in the game are soulbound, usually requiring the completion of complex quests or the defeat of very powerful monsters, often needing the help of three to thirty-nine other players. Therefore, in order for your character to get close to having the best weapons and armor, you have no choice but to participate in killing these extremely difficult monsters yourself.

The purpose of this mechanism is quite clear: it maintains the challenge and fun of the game by ensuring that you earn the best items; you must truly do the hard work and figure out how to kill dragons. You can't just spend ten hours a year killing pigs, earn a few thousand gold coins, and then buy epic magical armor from other players who killed dragons for you.

Of course, this system is quite imperfect: you can pay a team of professionals to accompany you to kill dragons and collect the loot, or even directly buy a character on the secondary market, all without—game dollars—so you don't even have to kill pigs. But even so, it is still much better than having every item always priced.

What if NFTs could be soulbound?

Current forms of NFTs share many of the same attributes as rare and epic items in massively multiplayer online games. They have social signaling value: those who own them can flaunt them, and there are more and more tools to help users do so. Recently, Twitter began rolling out an integration that allows users to showcase their NFTs in their profile pictures.

But what exactly do these NFTs signal? Certainly, part of the answer is some skill in acquiring NFTs and knowing which NFTs to acquire. But since NFTs are tradable items, another large part of the answer inevitably becomes that NFTs are a signal of wealth.

CryptoPunks are now often sold for millions of dollars.

If someone shows you an NFT that can be obtained by doing X, you cannot tell whether they did X themselves or just paid someone else to do X. Sometimes this is not an issue: for NFTs supporting a charitable cause, those who buy them from the secondary market are sacrificing their own funds for the cause, helping the charity through the motivation of others buying NFTs, so there is no reason to discriminate against them. In fact, charitable NFTs alone can bring many benefits. But what if the NFTs we want to create are not just about who has the most money, but are actually trying to signal something else?

A prime example of a project attempting to do this is POAP, or "Proof of Attendance Protocol." POAP is a standard through which projects can send NFTs representing the idea that the recipient personally participated in certain events.

Part of my own POAP collection, most of which comes from events I have attended over the years.

POAP is a great example of an NFT that would work better if it could be soulbound. If someone is looking at your POAPs, they are not interested in whether you paid to attend certain events. They are interested in whether you attended the event in person. The proposal to put certificates (like driver's licenses, university degrees, age proofs) on-chain faces a similar issue: if someone who does not qualify can directly buy the certificate from someone who does, its value is greatly diminished.

While transferable NFTs have their place and are very valuable for supporting artists and charities, there is a vast and yet-to-be-explored design space for what non-transferable NFTs could become.

What if governance rights were soulbound?

This is one of five additional articles I wrote on the nauseating topic: "Nathan Schneider on the Limits of Crypto Economics," "Beyond Token Voting Governance," "Coordination, Good and Bad," "On Collusion," "Governance, Part 2: Oligarchic Rule is Still Bad," but it is still worth repeating: if governance mechanisms can lead to very bad outcomes if governance rights are easily transferable. There are mainly two reasons for this:

• If the goal is to widely distribute governance rights, then transferability is counterproductive because concentrated interests are more likely to buy governance rights from others.

• If the goal is to give governance rights to capable people, then transferability is counterproductive because nothing prevents governance rights from being acquired by determined but incompetent individuals.

If you take seriously the saying "the people who want to govern the most are the least suited to do so," then you should be skeptical of transferability, precisely because transferability allows governance power to flow from those most likely to provide valuable input to governance to those most likely to cause problems due to their desire for power.

So what if we tried to make governance rights non-transferable? What if we tried to create a CityDAO where people actually living in the city have more voting power, or at least reliable democracy and avoid the undue influence of whales hoarding large amounts of citizen NFTs? What if DAO governance of blockchain protocols could somehow condition governance power on participation? Once again, a large and fruitful design space opens up that is difficult to enter today.

Implementing Non-Transferability in Practice

POAP has made a technical decision not to prevent the transferability of POAPs themselves. There are good reasons for this: users may have valid reasons to want to migrate all their assets from one wallet to another (for example, for security reasons), and the security of "naively" implemented non-transferability is not very strong anyway, as users can create a wrapper account containing the NFTs and then sell their ownership.

In fact, there are quite a few cases where POAPs are frequently bought and sold when there are economic reasons. Adidas recently released a POAP to their fans for free, allowing users to gain priority access to merchandise sales. What happened? Well, of course, many POAPs were quickly transferred to the highest bidder.

Transfers are more than items, and this is not the only time.

To address this issue, the POAP team suggests focusing on non-transferability checks implemented by developers themselves: if the current owner's address is the same as the original owner's address, they can check on-chain, and they can add more complex checks over time if deemed necessary. For now, this is a more forward-looking approach.

Perhaps the most powerful non-transferable NFTs today are human proof profiles. Theoretically, anyone can create a human proof profile using a smart contract account with transferable ownership and then sell that account. But the human proof protocol has a revocation feature that allows the original owner to make a video requesting the deletion of the profile, and the Kleros court decides whether the video comes from the same person as the original creator.

Once the profile is successfully deleted, they can reapply to create a new profile. Therefore, if you buy someone else's proof profile, your property may soon be taken away from you, making ownership transfer infeasible. Human proof profiles are effectively soulbound, and the infrastructure built on them can allow on-chain items to be bound to specific humans.

Can we limit transferability without going all the way, with everything built on human proof? It becomes more challenging, but for certain use cases, some medium-strength methods may already be good enough. Binding NFTs to ENS names is a simple option, assuming users care enough about their ENS names that they are unwilling to transfer them. Currently, we may see a range of methods to limit transferability, with different projects choosing different trade-offs between security and convenience.

Non-Transferability and Privacy

The cryptographic strong privacy of transferable assets is relatively easy to understand: you take your coins, put them into tornado.cash or a similar platform, and then withdraw them to a new account. But how do we add privacy for soulbound items if you cannot transfer them to a new account or even a smart contract? If human proof begins to gain more adoption, privacy becomes even more important, as the alternative is that all our activities are directly mapped to our faces on-chain.

Fortunately, some quite simple technical options are possible:

• Store the project at an address that is (i) indexed, (ii) the recipient address, and (iii) a hash of a secret belonging to the recipient. You can reveal your secret to an interface, and that interface will scan all items that might belong to you, but those without your secret cannot see which items are yours.

• Publish a hash of a bunch of projects and give each recipient their Merkle branch.

• If a smart contract needs to check whether you own a certain type of item, you can provide a ZK-SNARK.

Transfers can occur on-chain; the simplest technique might just be a transaction calling a factory contract to invalidate old projects and validate new projects, using ZK-SNARK to prove the operation is valid.

Privacy is an important component for making this ecosystem work well. In some cases, the underlying things represented by the project are already public, so trying to add privacy is pointless. But in many other cases, users do not want to disclose everything they own.

If one day in the future, vaccination becomes a POAP, one of the worst things we could do is create a system where POAPs are automatically issued to everyone visible, leaving everyone with no choice but to let their medical decisions be influenced by what looks cool in their specific social circles. Making privacy a core part of the design can avoid these negative outcomes and increase our chances of creating great things.

From Here to There

A common criticism of the current "web3" space is that everything is money-driven, with a celebration of wealth ownership and outright waste that limits the appeal and long-term sustainability of the culture that emerges around these items. Of course, even financialized NFTs can provide some important benefits, such as funding artists and charities that would otherwise go unrecognized.

However, this approach has limitations, and there are many underdeveloped opportunities in trying to move beyond financialization. Creating more "soulbound" items in the crypto space could be a pathway to alternatives where NFTs can represent more of who you are, rather than just what you can afford.

However, doing so presents technical challenges, and there exists an uneasy "interface" between the desire to restrict or prevent transfers and the blockchain ecosystem, where so far all standards have been designed around maximum transferability. Attaching projects to "identity objects" that users cannot (as with human proof profiles) or do not wish (as with ENS names) to exchange seems to be the most promising route, though challenges remain in making such use easy to implement, private, and secure.

We need to think harder and solve these challenges. If we can, it will open a broader door for blockchain to become the center of a collaborative and interesting ecosystem, rather than just one focused on money.