# Token Whitelisting Requirements

[**See the most up to date technical requirements for whitelisting.**](https://gov.bancor.network/t/whitelisting-requirements/1849)

***Requirements:***

### Transparency&#x20;

1. The token contract needs to be verified on Etherscan.&#x20;
2. The token contract should have an audit from a known security auditor or explain why it wasn’t audited (for example, if it’s a standard token from the OpenZeppelin library).&#x20;
3. The project should have a publicly visible test suite with decent test coverage.

### Administrative Risk&#x20;

Special administrative privileges over the protocol - such as minting privileges - should be restricted:

1. They **should not** be owned by EOA.&#x20;
2. They can be governed by multisigs.&#x20;
3. They can enforce timelock or similar restrictions.

Protocols that don’t comply with this should provide an explanation why (the DAO reserves the right to decide whether to accept the explanation or not).

The above **may not** contradict with the technical requirements - e.g. an upgradable token can not be whitelisted regardless of the reasoning.

### Technical&#x20;

1. The token contract should not be upgradable.&#x20;
2. Only the token holders themselves should be able to transfer or burn their tokens. It shouldn’t be possible for any other account (including owners/admins) to transfer or burn tokens belonging to other users, without their explicit permission.&#x20;
3. Minting of new tokens should be restricted and conform to the whitepaper and the security audit.&#x20;
4. Rebasing tokens or tokens with elastic supply aren’t currently supported.&#x20;
5. Tokens that apply transfer fees aren’t currently supported.&#x20;
6. Token transfers shouldn’t be pausable or subjected to a whitelist unless a reasonable explanation is provided.&#x20;
7. There should not be any restrictions on transferring or trading (e.g., restricting how many blocks you have to hold a token before you can transfer it, fees/taxes on transfers, including to/from trading pools, etc.)&#x20;
8. The token should not have any transfer hooks (notifications on sender/recipient etc.) as those open the possibility for re-entrancy issues

### Economic Requirements&#x20;

1. The token should be fairly distributed (e.g., it can’t be concentrated in a few addresses). If not, the token can only be whitelisted if they provide external liquidity protection equal to the proposed trading liquidity.
2. Deprecated tokens cannot be whitelisted if already deprecated at the time of the proposal


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.bancor.network/about-bancor-network/resources-for-daos/token-whitelisting-requirements.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.