Overview
(Inspired by Vitalik’s blog post: Soulbound)
There is a category of NFTs that represent a personal achievement, e.g. Proof Of Attendance Protocol (POAP) or badge for winning a hackathon. A similar category are NFTs that represent governance/voting rights.
Since NFTs today can be freely transferred their meaning/value is not guaranteed.
E.g. I could buy a Gitcoin Hackathon Winner NFT from someone and claim that I have won when applying for a job. Or a malicious user could obtain DAO voting rights by buying/stealing other persons voting NFTs.
This is not in the interest of both issuer and owner.
Naive solution
As an NFT issuer I could design the NFT smart contract so that NFTs can never be transferred after minting. But this would be a problem for cases of compromised wallet or people in general changing or restructuring their addresses/wallets.
BrightID solution
BrightID can help fix this problem in two ways:
- Verification: Check the transfer history of a NFT to detect change of owning BrightID
- Restriction: Only allow transfer of a NFT if the target address is owned by the same BrightID as the current owner
Option 1 - Verification:
General idea is that any website can check and display the trail of the NFT owning addresses. Current NFT owner can point to that verification trail to prove he is the original owner.
The website would need to
- Get history of owner addresses
- For each address check if is linked with a BrightID
- Warn user if
- there was a change of BrightID
- current owner is not linked with a BrightID
- current brightID is not verified
The NFT owner would need to
- link current and all previous owning addresses with his BrightID
Option 2 - Transfer restriction
General idea is that the NFT contract enforces binding of the NFT to a BrightID.
The NFT smart contract would need to
- only allow minting if the target address is linked with a BrightID
- only allow transferring if the target address is linked with the same BrightID as the current owner
- optional: require a certain verification for minting
The NFT owner would need to
- link the NFT owner address with his BrightID before minting or transferring
Thoughts/open questions
- Is the whole approach feasible with our technology? Can we do this on-chain in a reliable way? I’m still lacking complete understanding of how our app linking process works together with smart contracts.
- Option 1 seems to offer the easier integration path. It can start just as a signalling tool without actually enforcing anything and evolve to be more strict by time.
- While option 2 is more restrictive for the user it has the advantage that actual DApps (e.g. a voting DAO) do not need to implement any check on their own. They can rely on the NFT contract to make sure that the NFT never changes ownership to another person.