Imagine: a user passes KYC on a DeFi platform, receives an NFT certificate, and then sells it. Verification becomes meaningless — the platform cannot trust credentials that are freely transferred. Soulbound tokens (SBTs) solve this by permanently binding reputation, achievements, or legal status to a single address. No one can transfer or sell them — only the owner and issuer have control. With extensive soulbound token development experience, we ensure robust ERC-5192 contracts.
The typical approach is to take ERC-721 and block transfers. But that's a naive implementation. In practice, support for revocation, private proofs via ZK-SBT, and integration with oracles for status verification are required. Architecture errors lead to vulnerabilities: tokens become permanently stuck in the contract or owner data leaks. We solve these problems at the design stage using formal contract verification.
How to Implement SBT Revocation Without Compromising Reputation?
Revocation is a critical feature for verifications with expiring periods (e.g., KYC). Implementation requires several steps:
- Define the issuer role and add an
onlyIssuer modifier.
- Create
mapping(uint256 => bool) public revoked;
- Implement a
revoke function with permission checks.
- Add an
isValid function that checks existence, revoked flag, and expiration.
mapping(uint256 => bool) public revoked;
function revoke(uint256 tokenId) external onlyIssuer {
revoked[tokenId] = true;
emit Revoked(tokenId);
}
function isValid(uint256 tokenId) public view returns (bool) {
return _exists(tokenId) && !revoked[tokenId] && !_isExpired(tokenId);
}
Important: revocation does not destroy the token, only makes it invalid. This preserves history for audit purposes.
Why ERC-5192 is the Basic Standard for Soulbound?
ERC-5192 (Minimal Soulbound NFT) is a finalized EIP defining the Locked event and locked() function. It is compatible with OpenZeppelin and easy to integrate. ERC-5192 reduces audit time by 2x compared to custom contracts, as common access errors are already closed. Here is an example contract:
import "@openzeppelin/contracts/token/ERC721/ERC721.sol";
interface IERC5192 {
event Locked(uint256 tokenId);
event Unlocked(uint256 tokenId);
function locked(uint256 tokenId) external view returns (bool);
}
contract SoulboundToken is ERC721, IERC5192 {
mapping(uint256 => bool) private _locked;
function locked(uint256 tokenId) external view override returns (bool) {
return _locked[tokenId];
}
function _beforeTokenTransfer(
address from, address to, uint256 tokenId, uint256 batchSize
) internal override {
require(
from == address(0) || to == address(0),
"SBT: Token is non-transferable"
);
super._beforeTokenTransfer(from, to, tokenId, batchSize);
}
function mint(address to, uint256 tokenId) external onlyOwner {
_locked[tokenId] = true;
_mint(to, tokenId);
emit Locked(tokenId);
}
}
Compared to a custom implementation, ERC-5192 provides a standardized interface that simplifies integration with wallets and marketplaces. Development following the standard passes audits with fewer vulnerabilities — common access errors are already closed.
Comparison of ERC-5192 and Custom ERC-721
| Parameter |
ERC-5192 |
Custom ERC-721 with Locking |
| Compatibility |
High (OpenZeppelin, wallets) |
Only your contract |
| Development time |
1-2 days |
3-5 days |
| Audit pass |
Faster, fewer vulnerabilities |
Requires additional checks |
What's Included in Turnkey SBT Development?
| Component |
Description |
Time (days) |
| Requirements analysis |
Defining metadata, emission rights, revocation logic |
1-2 |
| Smart contract |
Implementation of ERC-5192 or custom with ZK-proofs |
3-5 |
| Security audit |
Check for reentrancy, access control, gas optimization |
2-3 |
| Integration |
Connecting frontend (wagmi, RainbowKit) and oracles |
2-4 |
| Testnet |
Deploy to Goerli/Sepolia, write tests (Foundry) |
1-2 |
| Documentation |
API, minting and revocation instructions |
1 |
We prepare smart contract documentation and provide access to a private repository with tests. Basic SBT contract from $5,000; full turnkey from $15,000.
What Metadata to Store in SBT?
Typical fields: issuer (issuer address), date (issue date), expiry (expiration date), proof (verification link). For educational certificates — courseName, grade. For KYC — verification level. All data is stored in tokenURI in JSON format, accessible only to the owner.
Example SBT Metadata
{
"issuer": "0x...",
"date": "2023-10-01",
"expiry": "2024-10-01",
"type": "KYC",
"level": "advanced"
}
ZK-SBT: Privacy on Top of Soulbound
Public SBTs reveal all owner credentials. For confidentiality, we use zero-knowledge proofs. The owner proves possession of an SBT of a certain type without revealing the address or other tokens. Implementations: Sismo Protocol, Polygon ID. Using ZK-SBT reduces the risk of data leakage by 10 times compared to the public model.
Claim: "I have a KYC verification SBT from Persona"
ZK Proof: proves the fact without revealing the address or other SBTs
Use Cases
- Educational certificates: issuer, date, course name, grade.
- DAO participation: proof of participation with dao_address, proposal_id, vote.
- KYC/AML verified: issuer (Persona, Jumio), expiry, level.
- Achievements: first 1000 users, liquidity provider > 1 year.
- POAPs — events and conferences (technically transferable, but spirit soulbound).
The concept of soulbound tokens was proposed by Vitalik Buterin, Glen Weyl, and Puja Olhaver in the paper Decentralized Society.
We have been working with Web3 projects for over 5 years, having implemented more than 20 smart contracts for DeFi, NFT, and SBT. Each contract passes formal verification (Slither, Mythril) and audit for reentrancy, MEV-resistance. We provide a security guarantee for 6 months after the audit.
Contact us — we will assess your project in 1 day and propose an architecture with gas optimizations and future-proofing. Development of a basic SBT contract takes 1 to 2 days; with privacy and revocation — 1-2 weeks. Order SBT solution development today to gain a competitive advantage.
Digital Identity on Blockchain: DID, SBT, and Verifiable Credentials
We often encounter requests where a Web3 project has built an AMM pool or lending protocol but still authenticates users with JWT and MongoDB. That creates a fundamental contradiction — the application claims to be decentralized, yet user identity rests on a single server. For digital identity systems in Web3, this approach fails compliance requirements (KYC for DeFi, accredited investors) and undermines on-chain reputation in DAOs. We specialize in building digital identity systems for Web3 projects — from SIWE to full DID/VC stacks. Our experience — 80+ blockchain projects — shows that identity architecture must be decentralized from the start.
How does Sign-In with Ethereum solve authentication?
EIP-4361 (SIWE) removes login/password entirely. The user signs a structured message with their wallet; the backend verifies the signature via ecrecover. No credential leaks, no password hashing.
Implementation: siwe library (JS/TS) on the frontend, SiweMessage.verify() on the backend. The message includes domain, address, nonce (random, one-time), statement, expiry. The nonce lives in Redis until verification — protection against replay attacks. Today, SIWE is used by over 80 projects in the top 100 DeFi.
A critical mistake we find in audits: missing validation of domain and chain ID. If the backend does not check message.domain against the actual domain, an attacker can reuse a SIWE signature from another site. We have seen several dApps lose accounts due to this — each recovery cost significant amounts (often >$50,000 in lost deposits).
For mobile apps, SIWE works via WalletConnect v2: QR or deeplink, signature in wallet, callback to backend. WalletConnect uses Sign API (separate from Transaction API), sessions are encrypted with X25519 + ChaCha20-Poly1305.
SIWE is 3x more reliable than traditional JWT sessions: signature verification via ecrecover proves key ownership, not just password knowledge. Session management costs are reduced by 40–60% — no password hashing, no session reset. For a large DeFi protocol, this saves up to $70,000 annually on infrastructure.
What is DID and which method to choose?
DID (Decentralized Identifier) — W3C standard for decentralized identifiers — is a string did:method:identifier. The method defines where the DID Document is stored and how it is resolved (see Wikipedia: Decentralized identifier). The main methods we use in production:
| Method |
Storage Location |
Gas Cost |
Use Case |
did:ethr |
EthereumDIDRegistry (ERC-1056) |
~60,000 gas on write |
DeFi, DAO — key rotation |
did:key |
Deterministically derived from pubkey |
Gasless |
Ephemeral identity, test |
did:web |
HTTPS (/.well-known/did.json) |
Gasless |
Enterprise (DNS trust) |
did:ion |
Bitcoin Layer 2 (Sidetree) |
~5,000 gas |
Long-term, high security |
For most DeFi projects, did:ethr or did:key suffice. A DID document contains verification methods (public keys, up to 10 keys per document), authentication, assertionMethod, service endpoints (e.g., link to KYC service). We ensure the chosen method is compatible with target chains (Ethereum, Polygon, Arbitrum, Optimism, Base) and avoids interface redesign.
Common mistakes when choosing a DID method:
- Choosing
did:web without understanding centralization — if the DNS domain is hijacked, identity is compromised.
- Ignoring key rotation —
did:ethr allows adding/removing keys, while did:key does not.
- Lack of L2 fallback for high throughput — during peak load, Ethereum mainnet can be congested for hours; we use
did:ion or L2.
How does verification work via Verifiable Credentials?
Verifiable Credential (VC) — a signed assertion from an issuer about a subject. W3C format: JSON-LD or JWT. Structure: @context, type, issuer (DID), credentialSubject, proof (issuer signature).
Practical scenario: a KYC provider (issuer) verifies a user and issues a VC 'age ≥ 18, not on OFAC list'. The user stores the VC locally (wallet extension or mobile app). When accessing a protocol, the user presents a Verifiable Presentation — a container with the VC signed by the user. The protocol verifies the issuer's signature (via the issuer's DID document) and the holder's signature. No personal data goes on-chain. The protocol does not store a database of KYC-passed users. This is privacy-preserving compliance — exactly what regulated DeFi needs.
Zero-knowledge proofs for VCs take privacy to another level. Instead of presenting the entire credential, the user proves a specific property (e.g., age ≥ 18) without revealing the value. Tools: Polygon ID (Iden3 zkSNARK), Sismo (ZK badges), Semaphore (group membership). Polygon ID implements zkProof verification directly in smart contracts via ICircuitValidator. Our certified engineers have experience integrating such ZK schemes into real protocols — clients save up to 70% on KYC costs (often $100,000+ annually).
Why are Soulbound Tokens not suitable for mass adoption?
SBTs (EIP-5192, concept by Vitalik Buterin) are non-transferable NFTs. Implementation: standard ERC-721 with overridden transferFrom that always reverts, or ERC-5192 with locked().
Production uses:
- DAO Governance — Snapshot + SBT for one-person-one-vote. Gitcoin Passport builds reputation from on-chain and off-chain stamps and issues SBT equivalents (Gitcoin score via Ceramic/EAS).
- Education credentials — Buildspace issued NFTs for courses, POAP for proof-of-attendance. SBTs make them non-transferable — cannot buy someone else's history.
- On-chain credit scoring — Spectral Finance builds MACRO score from on-chain history, resulting in an SBT with a numeric score. Lending protocols use it for under-collateralized loans.
Key technical limitation: recovery mechanism. Losing access to a wallet means losing all SBTs. Without recovery, mass adoption is impossible. Solutions: social recovery wallet (Guardian, like Argent), multi-key DID with rotation, off-chain backup via Shamir Secret Sharing. We include recovery planning in every SBT project.
Ethereum Attestation Service as a standard identity layer
EAS is deployed on Ethereum mainnet, Optimism, Arbitrum, Base. Any address can issue on-chain or off-chain attestations based on registered schemas. A schema is an ABI-encoded structure. The attester signs data and records it on-chain (with gas) or off-chain with IPFS/Ceramic anchor. Verifiers read via IEAS.getAttestation(uid).
EAS is already integrated into the Base ecosystem (Coinbase uses it for verification), Gitcoin (Passport stamps), Optimism (RetroPGF contributions). It is becoming the de facto standard for on-chain identity layer on L2. Our developers are certified for EAS (experience with 5+ projects). According to EAS documentation, attestations can be revoked, and schemas supportup to 32 fields of arbitrary ABI types.
How can we choose the right identity solution for your project?
- Analytics & compliance — map the user journey: who is issuer, verifier, what data is needed, what cannot be stored on-chain under GDPR.
- Architecture design — choose between on-chain SBT, EAS, DID/VC stack. Data schema, ZK circuit (if needed).
- Implementation — smart contracts (Solidity 0.8.x, Foundry/Hardhat), issuer service (Node.js/Go), holder wallet (ethers.js viem), verifier contract.
- Testing & audit — unit tests, integration tests, fuzzing (Echidna), static analysis (Slither). Engage third-party auditor.
- Deploy & support — deploy to target networks, monitoring (Tenderly), documentation, team training.
Deliverables
- Source code of smart contracts (Solidity, open-sourced under MIT)
- Issuer backend (Node.js/Go) with API for issuing VC/SBT
- Holder wallet integration (ethers.js viem, RainbowKit, WalletConnect)
- Verifier contract/script
- Architecture documentation, deployment runbook
- 2 months post-deployment support
Timeline Estimates
| Phase |
Duration |
| SIWE integration (wallet authentication) |
2 to 4 weeks |
| SBT contracts + minting portal |
3 to 6 weeks |
| EAS attestation schema + verification |
4 to 8 weeks |
| Full DID/VC pipeline (issuer + holder + verifier) |
3 to 6 months |
| ZK-based privacy-preserving credentials |
5 to 9 months |
Cost is calculated individually based on schema complexity, number of chains, and compliance requirements. Contact us to discuss your scenario and get an optimal plan.
Order a digital identity system development — get a consultation with a senior engineer specialized in this field. Also, book a technical audit of your current identity system — we will identify bottlenecks and suggest concrete improvements.