How to balance UX and security with semi-custodial tokens
Problem
Blockchain technology is branching beyond finance. Tokens are now being used in games, art, social networks etc. This is to be expected as the space and the tech continues to mature. But using the technology requires at minimum:
- Downloading a crypto wallet
- Funding the wallet to pay for gas fees
Even though there are many wallets to choose from and ways to get funds, this this sort of onboarding is unfriendly to outsiders. Even with the two requirements above, one may ask:
- What’s the best crypto wallet and what are the differences?
- How do I get these funds into my wallet and how much do I need?
When it comes to layer 2 (L2) blockchains, interacting with these games and social networks cost less than $0.001 in gas fees. From a product perspective, is it good user experience to force users to install a wallet, buy funds and spend a fraction of a penny to get started?
This problem is expected in the web3 space. Not acceptable for mass adoption. We often forget that the technology should be secondary. We should prioritize users getting to their desired end state.
Solution
What if using blockchain technology
- Did not require downloading a wallet
- Did not require users paying gas fees
Users should get started instantly. This will improve user experience. The tech should be secondary. A possible solution are Semi-Custodial Tokens.
What Are Semi-Custodial Tokens?
Semi-Custodial Tokens are tokens that can be toggled between custodial or non-custodial. A token can either be owned by an admin or user. Never both.
Custodial
Definition: The admin can mint, burn and transfer tokens on your behalf.
Pros:
- User does not need a wallet
- User does not need to pay for gas
Cons:
- If admin keys gets hacked, all custodial tokens are compromised
Non-Custodial
Definition: A user can call a function to get full ownership of their tokens
Pros:
- User will hold self-custody over their tokens, regardless of of admin key hacks
Cons:
- User needs a non-custodial wallet
- User needs to fund their wallets
How To Toggle Semi-Custodial Tokens
By default, admins will have custody of tokens. This allows better user experience. If the value of the token increases and a user wants to own the token, they can call a setCustody
function. Effectively, a user can defer self-custody until a point in time when they feel comfortable doing so.
setCustody(true)
- User has custody
- User pays for gas
- Admin cannot move/burn tokens
setCustody(false)
- User doesn’t have custody
- User doesn’t pay for gas (admin pays)
- Admin can move/burn tokens
Only the user can toggle their own address: tx.origin
. Setting custody allows more flexibility for users and developers.
No Wallet Required
If there is no wallet, where do we send funds to?
We can hash a web2 identifier to create an address.
Semi-custodial contracts allow users to log into their favorite web2 platform. Each platform such as a game, twitter, social profiles like Twitter or Discord, email address etc. has their own unique identifier. We can use this identifier to map to an address.
Use Case
A use case would be a crypto game. If a player wants to transfer a token, they must approve every transaction (wallet popup), disrupting the game flow. On the other hand a Semi-Custodial Token will allow the admin (game server/developer) to send on your behalf, making the game play smoother.
A typical flow can be
- User logs in with email to play game
- When user clicks “transfer”, send message to server
- Server gets user email to create the 0x address
- Server pays gas fees and sends token on behalf of the player
ERC-20 Source Code
ERC-721 Source Code
ERC-1155 Source Code
Conclusion
There are pros and cons for custodial and non-custodial applications. Some users want self custody while others want usability. Why not provide both?