Alert Source Discuss
⚠️ Draft Standards Track: ERC

ERC-8040: ESG Tokenization Protocol

Environmental, Social, and Governance (ESG) asset tokenization with metadata, attestations, and lifecycle integrity.

Authors Leandro Lemos (@agronetlabs) <leandro@agronet.io>
Created 2025-09-06
Discussion Link https://ethereum-magicians.org/t/erc-8040-esg-tokenization-protocol/25846
Requires EIP-20, EIP-721, EIP-1155

Table of Contents

Abstract

This ERC defines an overlay interface and metadata schema for representing Environmental, Social, and Governance (ESG) assets with existing token standards. Compliant contracts expose ESG metadata through a token-specific URI and an optional on-chain metadata view, record attestations as cryptographic digests, and emit events when assets are minted, audited, attested, or retired. The interface is intended to be implemented alongside ERC-20, ERC-721, or ERC-1155 so that ESG assets can keep their normal transfer semantics while adding machine-readable lifecycle state.

Specification

The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “NOT RECOMMENDED”, “MAY”, and “OPTIONAL” in this document are to be interpreted as described in RFC 2119 and RFC 8174.

This ERC is an overlay for tokenized ESG assets. Implementations maintain normal token ownership and transfer behavior through a base token standard, and add this ERC’s functions for ESG metadata retrieval, audit recording, attestation recording, and retirement. Each token has a lifecycle status of issued, audited, or retired.

Metadata Structure

Tokens MUST expose a metadata JSON document with the following minimum fields. Implementations MUST make this document available from esgURI(uint256 tokenId). Implementations MAY also return the same values through getMetadata(uint256 tokenId) when storing the metadata on-chain.

{
  "standard": "ERC-8040/1.0",
  "category": "carbon",
  "geo": "BR-RS",
  "carbon_value": 12.5,
  "cycle": "2025-Q3",
  "digest": "sha3-512:...",
  "physical_id": "seal:XYZ123",
  "attestation": {
    "atf_digest": "sha3-512:...",
    "signer": "did:atf:ai:..."
  },
  "status": "issued|audited|retired",
  "evidence": "cid:Qm..."
}

The standard field identifies the metadata version. The category field describes the ESG asset class. The geo field identifies the geographic area for the asset. The carbon_value field represents the asset value for carbon assets. The digest, physical_id, attestation, and evidence fields bind the token to source records, external attestations, and supporting documentation. The status field records the lifecycle state.

Smart Contract Interface

Contracts implementing this standard MUST support the following interface:

pragma solidity ^0.8.0;

interface IERC8040 {
    /// @notice Metadata structure for Environmental, Social, and Governance tokens.
    /// @dev Digest fields use bytes to support SHA3-512 values without truncation.
    struct Metadata {
        string standard;
        string category;
        string geo;
        uint256 carbon_value;
        string cycle;
        bytes digest; // SHA3-512 digest of the metadata or source document.
        string physical_id;
        Attestation attestation;
        string status;
        string evidence;
    }
    
    /// @notice Attestation structure for an external audit or validation result.
    /// @dev atf_digest is a SHA3-512 digest of the attestation record.
    struct Attestation {
        bytes atf_digest;
        string signer;
    }
    
    /// @notice Mints a new ESG token with provided metadata.
    /// @dev The caller MUST be authorized by the implementation to issue ESG assets.
    ///      The initial lifecycle status MUST be issued.
    /// @param metadata The ESG metadata structure.
    /// @return tokenId The ID of the newly minted token
    function mintESGToken(Metadata memory metadata) external returns (uint256 tokenId);
    
    /// @notice Records an audit for an existing ESG token.
    /// @dev The caller MUST be authorized by the implementation to audit ESG assets.
    ///      The lifecycle status MUST become audited after a successful audit.
    /// @param tokenId The token to audit.
    /// @param auditDigest SHA3-512 digest of the audit report.
    function auditESGToken(uint256 tokenId, bytes memory auditDigest) external;
    
    /// @notice Retires an ESG token permanently.
    /// @dev The caller MUST be the token owner, an approved operator, or otherwise
    ///      authorized by the implementation. Retired tokens MUST NOT be reactivated.
    /// @param tokenId The token to retire.
    /// @param reason Human-readable retirement reason.
    function retireESGToken(uint256 tokenId, string memory reason) external;
    
    /// @notice Returns the ESG metadata Uniform Resource Identifier (URI) for a token.
    /// @param tokenId The token ID.
    /// @return The URI string pointing to the metadata JSON document.
    function esgURI(uint256 tokenId) external view returns (string memory);
    
    /// @notice Returns the complete on-chain metadata for a token.
    /// @param tokenId The token ID.
    /// @return The complete Metadata structure.
    function getMetadata(uint256 tokenId) external view returns (Metadata memory);
    
    /// @notice Emitted when a new ESG token is minted.
    /// @param tokenId The ID of the minted token.
    /// @param category The ESG category, such as carbon.
    /// @param geo Geographic identifier, such as an ISO 3166-2 subdivision code.
    event Minted(uint256 indexed tokenId, string category, string geo);

    /// @notice Emitted when an ESG token is audited.
    /// @param tokenId The ID of the audited token.
    /// @param auditDigest SHA3-512 digest of the audit report.
    event Audited(uint256 indexed tokenId, bytes auditDigest);
    
    /// @notice Emitted when a token receives an external attestation.
    /// @param tokenId The ID of the attested token.
    /// @param atfDigest SHA3-512 digest of the attestation record.
    /// @param esgURI The URI of the ESG metadata.
    event Attested(uint256 indexed tokenId, bytes atfDigest, string esgURI);
    
    /// @notice Emitted when a token is permanently retired.
    /// @param tokenId The ID of the retired token.
    /// @param timestamp The retirement timestamp.
    /// @param reason Human-readable retirement reason.
    event Retired(uint256 indexed tokenId, uint256 timestamp, string reason);
}

JSON-RPC Example 

{
  "method": "eth_call",
  "params": [
    {
      "to": "0xContractAddress",
      "data": "0x..."
    }
  ],
  "example_metadata": {
    "category": "carbon",
    "geo": "BR-RS",
    "carbon_value": 12.5,
    "digest": "sha3-512:abc123def456...",
    "attestation": {
      "atf_digest": "sha3-512:xyz789...",
      "signer": "did:atf:ai:validator-001"
    }
  }
}

Mapping & Compatibility

This ERC does not replace ERC-20, ERC-721, or ERC-1155. A compliant contract implements this ERC in addition to at least one base token standard.

  • ERC-20: Each unit represents a standardized fraction, such as 1e18 units representing one metric tonne of carbon dioxide equivalent (tCO2e).
  • ERC-721: Single credit with unique esgURI and immutable metadata.
  • ERC-1155: Homogeneous batch with common URI, metadata, and fungible amounts.

Rationale

  • Deterministic flows: Lifecycle follows strict state transitions (issued to audited to retired).
  • Immutable metadata: SHA3-512 digests bind metadata and evidence documents to the token record.
  • Machine-verifiable audit trails: Attestation digests and events allow off-chain systems to verify audit records deterministically.
  • Post-quantum readiness: SHA3-512 hash functions provide preimage resistance suitable for long-lived audit records.
  • Full hash storage: Using bytes instead of bytes32 allows complete SHA3-512 digest storage (64 bytes).

Security Considerations

  1. Metadata immutability: All metadata fields MUST be cryptographically sealed after minting.
  2. Validation independence: Implementations MUST NOT rely on unauthenticated off-chain statements. Attestations MUST be represented by verifiable digests and events.
  3. Digest integrity: SHA3-512 (64 bytes) ensures audit-trail integrity. Implementations MUST use bytes type to store complete 512-bit digests.
  4. Post-quantum cryptography: Hash functions and signature schemes MUST be quantum-resistant. SHA3-512 provides 512-bit security suitable for post-quantum scenarios.
  5. Irreversible retirement: Once retired, tokens cannot be reactivated.
  6. Physical seal validation: On-chain digest MUST match physical seal cryptographic hash.
  7. Input validation: All off-chain documents MUST be hashed using SHA3-512 and publicly referenced on-chain.
  8. Hash truncation prevention: Implementations MUST NOT truncate SHA3-512 digests. The bytes type MUST be used instead of bytes32 to prevent loss of cryptographic security.

Copyright and related rights waived via CC0.

Citation

Please cite this document as:

Leandro Lemos (@agronetlabs) <leandro@agronet.io>, "ERC-8040: ESG Tokenization Protocol [DRAFT]," Ethereum Improvement Proposals, no. 8040, September 2025. Available: https://eips.ethereum.org/EIPS/eip-8040.