Hi guys, very happy to see more discussion and progress, congrats!
Forced transfer token unfreezing
I believe itâs essential that a token maintains its original frozen/unfrozen state after being forcefully transferred, independent of the transfer itself.
@ariutokintumi, @EdwinMata, there are other complex scenarios in which the forceTransfer
function would not be technically sufficient on its own, such as the case in which a user has both frozen and unfrozen tokens, and a court ordered transfer of either of those. For example, an extra parameter would be needed to specify it, and 2 calls instead of 1 if both frozen and unfrozen tokens wanted to be transferred.
Iâd specify a baseline behaviour, and implement specific flows with multicall atomic transactions (outside the ERC), as @xaler proposed. To me, the baseline behaviour is unfreezing when forcefully transferring tokens if needed.
Renaming
- Renamed isTransferAllowed â canTransfer (matches ERC-3643, ERC-7518, ERC-7751)
- Renamed forceTransfer â forcedTransfer (matches ERC-3643)
- Renamed getFrozen â getFrozenTokens (matches ERC-3643)
Given the current direction of the ERC, Iâm not onboard with the renaming.
Synergies with ERC-3643
There are important differences in the definition of ERC-3643 and ERC-7943 that would make reusing the interface layer difficult.
ERC-7943 will have to get its own implementation by integrators, regardless of existing ERC-3643 support.
And then, there is different expected behaviour from the analogous functions listed above between ERC-3643 and ERC-7943 that would either need to be changed or well documented to minimize confusion, apart from the ones that would not be changed (setFrozen
).
Furthermore, @Joachim-Lebrun response to my initial proposion of a minimal ERC-3643 standard stated that the small changes would already break existing integrations.
Synergies with ERC-7518 and ERC-7551
I would say thereâs also not much homogeneity between ERC-3643, ERC-7518, ERC-7551, and the current ERC-7943 definition.
ERC-7518 has:
-
lockedBalanceOf
-
canTransfer
-
forceTransfer
-
freezeAddress
-
unFreeze
ERC-7551 has:
-
frozenBalanceOf
-
canTransfer
-
canTransferFrom
-
forceTransferFrom
-
freezeTokens
-
unfreezeTokens
Furthermore, theyâre in draft/proposal stages.
Heterogeneous naming
This is a nitpick, but I find the resulting naming of functions much more confusing:
-
canTransfer
and isUserAllowed
instead of isTransferAllowed
and isUserAllowed
.
-
getFrozenTokens
in ERC-721 would not make sense.
-
forcedTransfer
(past participle or adjective and verb/noun) is less clear to me than forceTransfer
(verb and noun).
ERC scope
Iâll refloat my first comment in the thread, as I think it still stands:
I then believe there are two possible paths for this standard:
- Universal token transfer check, non-opinionated on the admin or functionality standpoint. Additional ERCs can be built on top to standardize whitelisting, pausing/unpausing, access-control, or other compliance mechanisms.
- Universal RWA token, with core token functionality embedded: forceTransfer/recall, freezeTokens, frozenBalance. Compliance functionality should be built on top, similarly to the previous option.
I believe a security/RWA/permissioned token standard should be opinionated on the core token functionality.
I believe the value of the ERC lies in the core functionality and it being shared across major token standards (ERC20, ERC721, ERC1155), and that itâs more than sufficient to justify interface divergences.
isTransferAllowed
to canTransfer
If the renaming takes place, note that ERC7943.isTransferAllowed
is currently defined as checking ERC7943.isUserAllowed
, from the sender and recipient. ERC3643.canTransfer
does not make this check.
I believe either ERC7943.isTransferAllowed
behaviour is changed to match ERC3643.canTransfer
or the difference should be documented in the ERC.
Pausability
I wouldnât include it. I see little benefit in adding pausability to a standard. At the end, this is a feature that allows the team behind a token to react to security incidents, so under ânormal operationâ pausability shouldnât be even perceived by the end user.
I would say protocol security teams would decide how (and to what degree) pause their systems, and the uRWA spec is not the place to enforce that. Also, it raises weird questions about isTransferAllowed and isUserAllowed as you pointed out. Imo, the best we can do to specify what those functions should do is speculate until we see a couple of pausable RWA in the wild.
@ernestognw, my point from previous comments stands.
Additionally, I do see some benefit in the user-facing part of pausability, that is specification on whether the token is paused, above the baseline check from isTransferAllowed
. The same way that isUserAllowed
is nested in practice within isTransferAllowed
.