MIP-xxxx: Token Standards #142
Replies: 5 comments
-
|
This topic has been extensively discussed during the Wallets and Dapps Working group call held on Jun 10th 2026. Meeting notes attached below: |
Beta Was this translation helpful? Give feedback.
-
|
Updated "Ledger" token types as "Native" token types as @0xisk recommendation. |
Beta Was this translation helpful? Give feedback.
-
Only the public interface. The underlying state shape might differ greatly between different tokens depending on the exact functionality they implement.
Native events are coming; See https://github.com/midnightntwrk/midnight-improvement-proposals/blob/main/mips/mip-0002-public-contract-log-emission.md
It does not need apply to ledger tokens only really. DID avenue is interesting on the very basis of being decentralized in the idea, but who would issue the authorizing DID in the first place? |
Beta Was this translation helpful? Give feedback.
-
I think it is the right cut. Each kind has its own challenges and gaps on Midnight, so collapsing them would make it harder to remember about particular case or ignore some privacy-led requirements. |
Beta Was this translation helpful? Give feedback.
-
|
In order to have good contract composability and a generally good user experience, we need to minimize the number of addresses a wallet needs to know about and maintain. If every single contract is doing its own custom domain-specific hash in order to create an "accountId" for the user, that is the same as adding a new address the wallet needs to track. For public programmable tokens, what we need is the ability to verify ownership of UserAddress inside compact. This can allow for public programmable tokens to be sent from one user to another by just knowning the receiver's unshielded address (UserAddress). If both parties have to first transact with the contract before value can be sent, this is a user experience dead-end. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Preliminary discussion to scope a coherent token-standards effort across the token types Midnight supports. The four base quadrants are:
Plus two hybrid types that sit between the ledger and contract worlds:
Each likely deserves its own standard, or at least its own section. The shielded vs unshielded split alone changes what is even expressible (
balanceOfandtotalSupplyonly make sense on the unshielded side; contract tokens add another dimension of public vs private state).This thread is intended as an umbrella discussion, not a replacement for the more focused proposals already in flight. Where existing MIPs cover a topic, they should remain the canonical place to debate it; the goal here is to make sure all four quadrants are addressed coherently and that nothing falls through the cracks.
Native tokens
The protocol pins the on-chain shape:
CoinInfo, commitments, nullifiers, and the offer / balance structure are fixed. What remains open lives off-chain or at the wallet layer:(nonce, type, value)plus optional memo)Wallets are landing now, so divergence here is the most time-sensitive risk.
Contract tokens
Logic is fully customizable in Compact, which makes the surface look ERC-20-shaped, but Kachina's separation of public on-chain state from private witness state changes how "balance" and "transfer" are actually expressed. There is also a real architectural choice between balance-in-
Map(account model) and balance-held-as-contract-coin (UTXO held by the contract). The standard should pick one or define both, and decide whether private-state shape is part of the standard or implementation-defined.Hybrid tokens
Hybrid tokens aim for the best of both worlds: a coin that lives in the Zswap ledger layer (native efficiency, and privacy in the shielded case) while its full lifecycle is governed by a Compact contract (mint policy, transfer rules, compliance hooks).
The blocker today is spend bypass. A Zswap coin's nullifier is derived from either the owner's secret key or a contract address. When a contract holds the UTXO, spending requires the contract's authorization, so contract logic is enforced. But when the user is the UTXO owner, they can construct a spend with their own key and operate Zswap directly, bypassing the managing contract entirely. So a contract-managed ledger token only holds as long as the contract custodies the coin, which defeats the point of a user-held hybrid token.
There is a potential fix, tentatively called custom spend logic, which would let a coin carry spend conditions that must be satisfied regardless of who owns the UTXO. That mechanism is out of scope for this thread and is expected to be discussed in its own MPS/MIP. This thread should note the dependency but not try to design it here.
Related proposals already under discussion
shield,toUtxo,unshield,fromUtxo) that bridge aMap-based balance into either shielded or unshielded UTXOs while preserving supply invariants. Flags theUint<64>mint limit and UTXO fragmentation as open.Together those cover metadata, contract-token UTXO interop, and atomic-swap RFQ.
Aspects not yet addressed by an open proposal:
Open questions for this thread
Intentionally broad. Topic-specific questions should stay in the MIPs above.
Transferevents on a chain with no native event log?Looking for thoughts on scope, sequencing, and which precedents (Cardano CIPs, Zcash ZIPs, EIPs) are the closest analogues per quadrant.
Beta Was this translation helpful? Give feedback.
All reactions