Thoughts on Token Identity


#1

Trigger: And that’s what I’ve done. Maintained it for 20 years. This old broom’s had 17 new heads and 14 new handles in its time.
Sid: How the hell can it be the same bloody broom then?
Trigger: There’s the picture. What more proof do you need?

As we maintain our built-in list of ERC-20 tokens, one question keeps reoccurring - what piece of information (if any) does uniquely identify any particular token type. The typical visible properties of a token are:

  • contract address
  • symbol
  • name
  • decimals count
  • logo

Of those, only logo image is always defined off-chain. Symbol, name and decimals may be defined in the contract, within their respective fields. But since those fields are optional, they can also be defined externally along with the logo. And even if they are defined in the contract, they may still be changed by the contract owner at some point if the contract allows it.

For example, I could create a new ERC-20 token, let’s call it ExampleCoin, let’s give it EXC symbol and use some cheap icon as the logo. At some point, I may wish to rebrand my token and call it CoolExampleToken, use a different symbol to match the new name - CEXT and get a nicer looking logo. The question is - is it still the same token? Intuitively, the answer is yes. Contract address is the same, all the balances are the same - it’s literally the same thing just rebranded and it does not matter whether or not the change was made on or off chain.

From that we can assume and accept that contract address is a unique and only identifier we may ever need for any token. But that’s also not the case. In some cases token issuers may decide that it is sufficiently worth the effort to deploy a completely new smart contract, usually with important bugfixes or new features. In that case, all balances are “migrated” from the old smart contract into the new one and users (and wallet developers) are instructed to use the new contract address going forward. One example is REP (Augur) contract change which was done to fix a critical security issue.

So, it’s something that we experience as the “same” token with same name, logo, symbol, decimals and of course same balances. Even though technically it’s a completely new token that was specifically designed to replace the old one.

To summarize, I’d say that we need a new unique token identifier that would transcend not only branding whims and fancies, but also the current deployment of its smart contract. Some mechanism that can let the old contract let us know that it has a descendant or just let us verify the succession on-chain, without having to resort to reading blog posts on trusted web sites to find out about the swap. Contract address isn’t a good identifier because it’s tied to a particular implementation. Symbol and name aren’t good identifiers simply because they aren’t unique.

What other options do we have? ENS maybe?


#2

I know metamask is going to use this: https://ethereum-magicians.org/t/eip-747-wallet-watchasset/1048 and here https://github.com/estebanmino/EIPs/blob/master/EIPS/eip-747.md


#3

ENS would be great but you can’t expect all tokens to rely on it.

It looks to me the address should still be the unique identifier used internally. At the same time we should enforce the unicity of the symbol as we implicitly use it as unique identifier through the code.

As long as we manually curate tokens there will be a layer of trust between us and tokens implementors. We decide who can own a particular symbol in Status. So we can always trust those party when they request an address update.