A fully on-chain reputation system that assigns every Ethereum wallet a permanent, non-transferable identity token — one that evolves as the wallet behaves. No servers. No databases. No IPFS. Just Solidity, storage, and truth.
Every Ethereum wallet looks the same to a smart contract. A DeFi power user who has voted in dozens of governance proposals, repaid multiple loans, and held through three market cycles is indistinguishable — at the protocol level — from a wallet created five minutes ago with a single ETH transfer.
This creates a fundamental problem for any protocol that wants to reward trust, extend credit, or weight governance influence. Without persistent, verifiable on-chain identity, every system defaults to treating wallets as anonymous and equal — which they are not.
"The RST Protocol solves this. Not with a centralised score, not with a KYC provider, not with a social graph — but with raw on-chain behaviour, permanently recorded and cryptographically verified."
When a wallet interacts with the RST Protocol, every action they take — every vote cast, every loan repaid, every airdrop held — is permanently written to the blockchain and translated into a numeric reputation score between 0 and 1000.
The result is a composable reputation layer that any DeFi protocol can read from. Lending protocols can offer larger undercollateralised loans to Platinum wallets. DAOs can weight Platinum votes three times higher than Unranked wallets. All of this happens transparently, on-chain, without a single database or API call.
Nothing is minted immediately. Your wallet exists in an Unranked state — a score of zero, no token. The protocol is aware of you, but your on-chain story has not yet begun.
The moment you cast a vote, repay a loan, or perform any tracked action through the ReputationVault, two things happen at once: your score is updated, and if you do not already have a Soulbound Token, one is issued to your wallet automatically.
Every subsequent action modifies your score upward or downward. The scoring is bounded between 0 and 1000. Your score reflects a lifetime of on-chain behaviour, not just your most recent transaction.
As your score crosses tier thresholds — 100 for Bronze, 300 for Silver, 600 for Gold, 850 for Platinum — the artwork displayed by your Soulbound Token changes on the fly. No re-minting. No gas cost.
The RST Protocol is composed of three independent smart contracts, each with a single, clearly defined responsibility. This separation is not just a design preference — it is a security requirement.
The token — which holds the permanent record of who owns which Soulbound Token — is completely immutable. The engine — which calculates scores, resolves tiers, and decides when to issue tokens — is upgradeable via the UUPS proxy pattern. Scoring logic is not ground truth. It is policy, and policy must be allowed to evolve.
ReputationToken is where permanent records live. Every wallet's Soulbound Token ownership is stored here, and this contract will never change. It enforces the ERC-5484 standard — which means it fires the correct Issued event with burn authorisation details when a token is created, registers its own interface ID so other contracts can detect it, and absolutely refuses to allow any token transfer between wallets. The transfer lock is enforced at the lowest possible level inside OpenZeppelin's ERC-721 base, meaning no present or future code path can bypass it.
The token contract can only be controlled by the engine address, which is set exactly once after deployment and can never be changed again. This engine lock means even if the owner's private key were compromised, the token records themselves are fully protected.
ReputationEngine is where intelligence lives. It receives action signals from authorised callers — primarily the ReputationVault — and updates scores accordingly. The engine uses a pure math library called ReputationMath to calculate score changes. Every score delta is routed through an Action enum rather than raw signed integers, which prevents callers from injecting arbitrary score changes. The engine is deployed behind a UUPS proxy, meaning its logic can be upgraded while the proxy address remains unchanged.
The engine is responsible for one automatic behaviour that happens on every first action: if the acting wallet does not yet have a Soulbound Token, it calls the token contract to issue one. This removes any separate minting step for the user.
ReputationVault is the user-facing entry point. It simulates the kinds of actions that real DeFi protocols would perform — DAO governance, lending, airdrop mechanics, NFT minting — and records each one to the engine. Cooldowns are enforced per action type: voting and NFT minting have 12-hour cooldowns, proposal submission has a 24-hour cooldown, loan and airdrop actions are gated by natural state rather than time.
The airdrop mechanic is particularly deliberate: claiming an airdrop starts a timer, and settling it before 30 days have passed penalises the wallet with −20 points. Settling after 30 days rewards it with +15.
Your score places you in exactly one tier at any given time. Tiers determine two concrete privileges: how much your vote counts in governance, and how large an undercollateralised loan you can access.
Grey hexagon with a question mark — your journey begins here.
Copper circle bearing a six-point star — early trust established.
Silver circle with a five-point star — a recognised participant.
Gold circle crowned with gemstones — a protocol veteran.
Platinum ring with a cut diamond — the pinnacle of on-chain identity.
Every action maps to a signed score delta. Positive actions build your reputation. Negative actions erode it. There is no undo, no appeal, and no reset.
Participating in governance signals long-term alignment with a protocol.
Submitting a proposal requires effort, research, and genuine skin in the game.
Repaying debt on-chain is the strongest signal of financial trustworthiness.
Holding an airdrop for 30 days demonstrates patience and project belief.
NFT minting shows active community participation and cultural engagement.
Defaulting on a loan is the most severe trust violation in DeFi.
Selling an airdrop immediately signals opportunism over genuine participation.
Every tier has a distinct medal design, generated entirely in Solidity as raw SVG markup. There is no external storage, no IPFS gateway, no image host. The SVG is constructed character by character inside the contract and returned as a Base64-encoded data URI directly from the tokenURI function.
The Unranked medal is a grey hexagon bearing a question mark — deliberately austere. The Bronze medal is a copper circle with a six-point star. Silver brings a five-point star and a cooler metallic palette. Gold introduces a crown with five coloured gemstones. Platinum is the most elaborate — a layered diamond facet with sparkle accents and multiple concentric rings.
"The most elegant detail: the medal is dynamic. The contract reads your current score from the engine every time tokenURI is called and renders the appropriate tier's artwork. As you climb from Bronze to Gold, your medal upgrades on every refresh — with no re-mint, no transaction, no gas."
This design means the Soulbound Token is genuinely living artwork. It is a visual representation of your on-chain reputation that updates in real time. Any wallet, marketplace, or dashboard that supports ERC-721 tokenURI rendering will display your current tier automatically.
The token contract — which holds every wallet's SBT ownership record — is deliberately non-upgradeable. SBT ownership is the ground truth of on-chain identity. If the token contract were upgradeable, a compromised owner could silently reassign tokens or remove the transfer lock, destroying the soulbound guarantee entirely. Permanence is not a limitation here — it is the feature.
The scoring engine that calculates reputation is built on the UUPS proxy pattern. This separates two distinct concerns: ownership (immutable) and intelligence (upgradeable). As new action types emerge, as tier thresholds need recalibration, or as the protocol evolves, the engine can be upgraded without touching the token layer. Your wallet's SBT address and token ID never change.
Every medal — from the grey hexagon of an Unranked wallet to the platinum diamond of a Platinum holder — is generated entirely in Solidity as an on-chain SVG. The metadata lives in the blockchain itself. No external storage, no IPFS gateway that can go offline, no company server that can be shut down. Your token's artwork exists as long as Ethereum exists.
When you call tokenURI() for a given token, the contract reads the wallet's current score from the engine and generates the appropriate medal on the fly. This means your medal upgrades automatically as your reputation improves — Bronze becomes Silver becomes Gold — without any re-minting, gas cost, or user action. The art reflects truth in real time.
The system enforces strict uniqueness. Every wallet can hold exactly one Soulbound Token. Once issued, it cannot be transferred to another address — ever. It is not listed on marketplaces. It is not sold. It is not gifted. The wallet that earned it is the only wallet that will ever hold it. If the token is burned, a new one can be re-issued to the same wallet on their next action.
Most reputation systems only track positive signals. This protocol tracks both. Defaulting on a loan costs 50 points — the single largest single-action penalty in the system. Dumping an airdrop costs 20. These are not trivial deductions. A wallet that defaults erases months of careful governance participation in a single transaction. Reputation is fragile by design.
Every state-changing function in the system follows the Checks-Effects-Interactions pattern without exception. This means all validation happens first, all storage writes happen second, and any external calls happen last.
Reentrancy guards are applied to every state-changing function in both the Engine and the Vault. The Vault is not upgradeable and has no delegate calls, eliminating a large class of proxy-related vulnerabilities. The Engine's UUPS upgrade mechanism is gated behind the owner address.
Score arithmetic is handled by a pure library with no state and no external calls. The Action enum gates all score mutations — it is impossible for any caller to supply an arbitrary integer delta. Score bounds are enforced at both the entry and exit of every calculation.
These contracts implement production-grade security patterns and have been thoroughly self-audited by the author. They have not undergone a formal external security audit. Do not deploy to mainnet with real funds without engaging a professional smart contract auditing firm.
All contracts are verified and publicly readable on Etherscan. Interact with the proxy address for the Engine — never the implementation directly.