With the recent announcement of token extensions, Solana adds new standarized features for token issuers, increasing the ease and flexibility of building on Solana. Token extensions will also allow businesses to leverage the benefits of a public blockchain (transparency, liquidity, existing users, interoperability with dApps) while still conforming to regulatory constraints and standard business practices.
In the early days of the internet, companies thought it necessary to establish their own private internal intranet due to concerns about security, privacy, control, reliability, performance, and cost. In retrospect, staying in a private bubble meant those companies missed out on the network effects, one of the internet's primary benefits. Over time, however, thanks to advancements in technology, software, and security, companies realized the benefits of being part of the internet and changed course, except in more limited scenarios such as internal communications and sensitive data.
Similarly, as the blockchain landscape evolves, companies that may previously have planned to build on private blockchains due to certain regulatory restrictions or business requirements may reconsider, thanks to Solana token extensions. Launched on January 24th, 2024, these extensions aren't merely incremental updates; they represent a nuanced evolution in token functionality. Before token extensions, SPL tokens had fairly simple limited functionality: transfer, create, mint and burn, account management, and delegate authority. Now, there are twelve token extensions that token issuers can use to augment the functionality and usage of their tokens.
The Twelve Token Extensions
Transfer Hooks
Transfer hooks allow token issuers to create a program through which any token transfer must pass and meet certain conditions before the transfer is approved. This could be useful for businesses like a tokenized fund that must ensure that the user has passed KYC, is accredited, and is perhaps under a certain limit.
Confidential Transfers
For most businesses, the core features of blockchains (transparency, audibility) are at odds with strategic privacy or even legal requirements around how certain information is publicly disclosed. Letting competitors know a business’ exact sales volume in real-time, potentially down to the store level, would likely be a barrier to adoption. Even now, businesses are wary of how much information they leak to credit card companies because it could be used against them to raise fees. Confidential transfers may offer a potential solution to facilitate blockchain payments while preserving privacy.
With confidential transfers, the entire payment flow could be done through zero-knowledge proofs baked into the confidential transfer token extension. In this example, the blockchain would publicly show that a user transferred tokens to a business’ public address but would hide the value of that transfer. Then, the token issuer could enable an auditor to have special privileges to decrypt the transactions completely.
Permanent Delegate
Described as “god-mode” for the token issuer, the permanent delegate extension allows the issuer to revoke or destroy tokens at any time. This could be an important feature for stablecoin issuers to comply with anti-money laundering laws and OFAC sanctions. According to DL News, stablecoin issuers like Paxos (issuers of US dollar stablecoin USDP) and GMO Trust (issuer of GYEN, a Japanese Yen stablecoin) are already leveraging the feature.
The permanent delegate extension does give me pause due to the risks it poses to an unsuspecting digital crypto user. For instance, someone might see a new token and buy it without understanding that permanent delegate is enabled, only to have the tokens revoked or burned. Of course, there are already many ways for criminals to separate people’s hard-earned money from their wallets, so this is not anything new, but it is at least worth noting that it does add another tool to the scammer’s toolbelt. People are already willing to deposit assets into shady tokens with zero due diligence, but hopefully the wallets on Solana, which have been pretty on top of these things, will at least make it abundantly clear when this token extension is enabled.
Metadata
The metadata extension enables the creation of fungible and semi-fungible tokens with fully programmable on-chain attributes. The envisioned use case is for games where characters or different items could retain their unique attributes on-chain.
Non-transferable Tokens
This extension allows the creation of non-transferable tokens. This could be useful for POAPs (“Proof of Attendance Protocol”) so that projects could identify loyal addresses that participate in IRL community events. By making the tokens non-transferable, those projects could have more confidence that the addresses with those tokens were genuine community members rather than farmers or opportunists who purchased a POAP.
Interest Bearing Tokens
Allows a token issuer to set an interest rate on the token and record the accrued interest.
Other extensions are Metadata Pointer, Mint Close Authority, Default Account State, Required Memo on Transfer, Immutable Owner, CPI Guard, and Transfer Fees.
In the future, it’s possible that the library of extensions may continue to grow, further increasing standardized functionality. Importantly, however, token extensions maintain the same core functionality of any SPL token, ensuring that composability does not break with the new features so they can be used in all the typical Solana dApps. By utilizing token extensions, which have been extensively audited by Halborn, Zellic, NCC, Trail of Bits, and OtterSec., teams building on Solana do not have to worry about writing these features from scratch and getting them audited, reducing the cost of developing new dApps and increasing the speed to market.
Over the coming months, it will be interesting to see which token issuers adopt these token extensions, which become the most popular, and how the ecosystem deals with the additional vectors for scammers to harm users. Finding product-market fit with large crypto-curious companies will undoubtedly still take time but token extensions address some of the key concerns that previously held back companies from considering building on Solana.