Hello everyone,
I’ve been wrestling with a problem that I believe will only become more critical as Ethereum continues to absorb real-world use cases, and I wanted to get this community’s feedback on a potential solution.
Summary / TL;DR
I’m proposing a two-part EIP standard to handle token transfer restrictions in a way that doesn’t break composability.
- A “Token Layer” EIP that lets a token point to an external “Policy Contract.”
- A “Policy Layer” EIP that creates a registry for standard policy interfaces (like whitelists, vesting schedules, etc.), so dApps can actually understand the rules.
The goal is to stop the fragmentation we see with RWA and gaming tokens and allow them to play nicely with the existing DeFi ecosystem.
The Problem: The Coming RWA Composability Crisis
We all know the power of DeFi comes from composability, the “money legos” a la Aave, Uniswap, Maker, etc. This works because ERC-20 is a simple, predictable standard.
But now, consider Real-World Assets (RWAs). A token representing a share of stock must have rules. It can’t be transferred to a non-KYC’d address or a wallet in a sanctioned country. Today, projects solve this by hard-coding custom, unique logic into their token contracts.
TokenAfrom Company A has a simpleisWhitelisted()check.TokenBfrom Company B has aisWhitelisted()check AND aisLockedUp()time check.TokenC(a gaming NFT) has aisBoundToPlayer()check.
A DeFi protocol like Aave can’t support any of these without writing expensive, custom, one-off integrations for each. The tokens become isolated islands, unable to participate in the broader DeFi ocean. We’re heading towards a future of massive fragmentation.
A Proposed Two-Layer Solution
Instead of coding rules inside the token, what if the token just delegated the decision?
EIP-A (The “Port”): A super simple standard (let’s call it ITokenPolicyAware) that adds a single function to a token: policyContract() returns (address). This just points to the contract that holds the rules. The token itself stays simple.
EIP-B (The “Devices”): This is the crucial second piece. An on-chain registry where developers can register their policy contracts against standard interfaces (IWhitelistPolicy, IVestingPolicy, etc.) using the EIP-165 standard.
This means a dApp can not only see that a token has rules, but it can query the registry to find out what kind of rules it has, and interact with them in a predictable way. It’s like moving from proprietary charging ports to a universal USB-C standard where the system can identify the device you just plugged in.
A Quick Example: How Aave Wins
- Alice tries to deposit
$FUTR, a tokenized stock, into Aave. - Aave sees
$FUTRimplements EIP-A and callspolicyContract()to get the policy address. - Aave asks the EIP-B Registry: “What kind of policy is this?”
- The Registry replies: “It implements the standard
IVestingPolicyinterface.” - Aave now knows it can call standard functions like
releasableAmount(alice)on the policy to calculate her actual liquid collateral, ignoring the locked portion. - Aave accepts the deposit, fully understanding the token’s properties, all without any custom code.
Questions for the Community
This is just an idea, and I’m here to have it stress-tested and improved.
- Is this a problem you’ve encountered or anticipate? Is the fragmentation threat real?
- Is the two-EIP approach (separating the token layer from the policy registry) the right call? Or would a single, monolithic standard be better?
- Beyond whitelists and vesting, what other “standard policy interfaces” would be most immediately useful for your projects? (Taxation? Cooldowns? KYC tiers?)
- What are the biggest security risks or economic exploits this system might introduce?
Looking forward to hearing your thoughts and tearing this idea apart to build it back stronger.
Cheers,
@SuperDevFavour