TNSTNS
Whitepaper

TNS: Token Naming Service

The Problem

Solana has shown that the dream of low-latency, low-cost infrastructure comes with a tradeoff: when token creation is inexpensive and symbols are unrestricted, duplicate identifiers proliferate. Thousands of tokens can share the same symbol. Search "BONK" on any Solana DEX and you'll find hundreds of results. Which one is authentic? Users are harmed daily by fraudulent tokens bearing identical symbols.

This is unsustainable. For Solana to mature—for RWAs to come on-chain, for blue-chip institutions to participate—there must be a way to verify token authenticity with certainty.

The Verification Challenge

Today, aggregators and explorers work hard to verify tokens, but face inherent challenges at scale:

  • Manual review processes that can't keep pace with millions of new tokens
  • No on-chain source of truth for symbol ownership
  • Each platform maintaining separate verification systems

These challenges mean:

  1. Duplicated effort — Every platform solves the same problem independently
  2. Inconsistent results — A token verified on one platform may not be on another
  3. Scaling limits — Human review can't match the pace of token creation
  4. No self-service — Legitimate projects must wait for external verification

This is not how trust should work on a decentralized network.

Why Uniqueness Matters

The NYSE and NASDAQ solved this problem decades ago: one symbol, one security. You can't list two different stocks as "AAPL." This isn't bureaucracy—it's infrastructure.

When a trader sees AAPL, they know exactly what they're buying. No ambiguity. No scams. The symbol itself carries trust.

Real-world assets coming on-chain need the same trust infrastructure:

  • A tokenized share of Apple stock needs to be THE "AAPL" token
  • A stablecoin needs to be THE verified issuer
  • A real estate token needs provable authenticity

Without symbol uniqueness, RWA adoption remains blocked by verification uncertainty. Solana needs this primitive.

The Solution: TNS

ENS (Ethereum Name Service) provides human-readable names for Ethereum. SNS (Solana Name Service) does the same for Solana with .sol domains. But neither solves the token symbol problem—they map names to wallets, not symbols to token mints, which is arguably more important for investors.

TNS (Token Naming Service) is a decentralized registry for unique token symbols on Solana.

A better primitive exists on Solana to enforce symbol uniqueness efficiently. It is called PDAs (Program Derived Addresses).

Core mechanics:

  • Each symbol (e.g., "BONK") can only be registered once
  • Registration creates an on-chain PDA: ["symbol", "BONK"]
  • The PDA stores the verified mint address
  • Anyone can verify a token with a single lookup or CPI call

That's it. No oracles. No committees. No data science. Just a simple on-chain registry that answers: "What is THE verified mint for this symbol?"

On-Chain Verification

Any program can verify symbols with a simple PDA lookup or CPI call. Trusted programs can reject unregistered tokens on-chain.

Off-chain verification

// Single RPC call - no search required
const [pda] = PublicKey.findProgramAddressSync(
  [Buffer.from("token"), Buffer.from(symbol)],
  TNS_PROGRAM_ID
);


const account = await connection.getAccountInfo(pda);
const isVerified = account !== null;

On-chain guards

// CPI: Read TNS account
let tns_account = Account::<Token>::try_from(&tns_pda)?;


// Guard: Symbol must be registered to place trade
require!(
    tns_account.mint == token_mint.key(),
    ErrorCode::UnverifiedSymbol
);

No API calls. No trusted third parties. Just math.

Pricing Mechanism

TNS mirrors the economics of traditional domain names, but with fixed, immutable rules.

Registration cost:

  • Base price: ~$10 USD (in SOL), matching .com wholesale at protocol inception (Jan 2026)
  • Annual increase: 7%, inspired by ICANN/Verisign pricing models
  • Maximum registration: 10 years at a time, inspired by ICANN policy

Discounts:

  • Multi-year registration: Up to 25% off at 10 years

Renewal:

  • Symbols must be renewed before expiration
  • 90-day grace period after expiration
  • After grace period, anyone can call the expiration crank and earn 10% of the original registration fee
  • Symbol becomes available for re-registration

Key difference: Unlike traditional domain registries, these rules are hardcoded into the smart contract. No renegotiation. No backroom deals. The protocol is governed by code, not committees.

Namespace Capacity

TNS supports alphanumeric symbols up to 10 characters (A-Z, 0-9), producing a theoretical namespace of approximately 3.76 quadrillion unique symbols — more than stars in the Milky Way. For context, there are roughly 85,000 stock ticker symbols globally today, making the TNS namespace approximately 305 million times larger than the traditional symbol space.

Even modest adoption represents meaningful registry activity. For example, if 0.0000001% of the namespace were registered at the base price of $10/year, that would be 3.76 million active symbols — roughly 44x the size of all global stock exchanges combined. At that scale, annual registration fees would total approximately $37.6M funding protocol development and ecosystem grants.

This is not a projection or forecast — it is an illustration of the namespace's theoretical scale relative to traditional symbol registries. Actual adoption will depend on market demand, integrations, and the broader growth of on-chain assets.

Verified Identities: Prior Art

ENS (Ethereum) and SNS (Solana) proved that users value verified, unique identities on-chain. But symbols serve a different purpose than social names — they're how markets identify assets.

  • Domain names (ENS/SNS) — Social identity, personal branding, human-readable addresses
  • Symbols (TNS) — Asset identification, market infrastructure, RWA interoperability

A major goal of blockchain is bringing Real World Assets (RWA) on-chain. TNS reserves existing stock symbols during genesis to prevent collisions — ensuring interoperability between traditional and on-chain markets. See the Genesis Lists for the full methodology and data sources. TNS is not competing with traditional finance. It is infrastructure that allows both systems to coexist and eventually converge.

Why Symbols Expire

A common question: should symbols be recyclable? ENS debated this extensively and chose expiration. TNS does the same. Here's why.

Historical precedent:

  • Stock tickers — Recycled constantly. "META" used to be Roundhill Ball Metaverse ETF before Facebook took it. "TWTR" became X. Markets adapt.
  • DNS — google.com can technically expire. It works because Google has overwhelming incentive to renew. Abandoned domains recycle, and this is a feature, not a bug.
  • ENS — Has expiration. The concern was squatting vs. lost wallet keys locking names forever.

When would a symbol actually change hands?

For BONK to become available, ALL of these must be true:

  1. Original owner didn't value it enough to renew (costs ~$10/year)
  2. No investor valued it enough to renew (costs ~$10/year)
  3. 90-day grace period passed with no renewal
  4. Someone else registered it

If a token has any real value, someone will pay $10/year. The scenario where "BONK suddenly means something else" only happens when the project is truly dead AND no investor, community member, or speculator cares enough to spend $10.

Is that bad? We'd argue no. If BONK is so dead that nobody in the world will pay $10 to keep the name, maybe the namespace should recycle. In 100 years, a new project might legitimately want "BONK."

The real protection is economic: if you're the token holder and it's worth something, you have every incentive to renew. If you're an investor, you have every incentive to renew on their behalf. Anyone can renew any symbol. As long as anyone in the ecosystem values a symbol, it stays registered.

Open Questions

TNS is still a proposal. We need help from the DAO to finalize key design decisions. The following questions remain open for DAO input.

1. Should symbols be able to expire at all?

For expiration

Stock symbols expire and get recycled. Domains expire. This prevents permanent squatting and allows the namespace to recycle when projects truly die. If a symbol has any value, someone will pay ~$10/year to renew it.

Against expiration

Permanent registration provides certainty. Token holders shouldn't worry about losing their symbol. Lost keys could mean losing a symbol forever even if the project is still active.

2. Should the current authority be able to update the mint?

For allowing mint updates

There is a natural disincentive for any legitimate project doing this maliciously. It would be like Google changing their domain to random.com or AAPL randomly changing their stock ticker to BBPL. It would only have negative downward pressure on their business. This is mainly for fixing mistakes.

Against allowing mint updates

Immutability provides stronger guarantees. If a symbol can never change, integrators can cache the mapping forever. Simpler mental model, fewer edge cases to handle.

3. Should CAPS be enforced in symbol names?

For enforcing CAPS

Stock tickers are always uppercase. Enforcing CAPS prevents confusion between "BONK", "Bonk", and "BoNK". Simpler namespace, clearer rules.

Against enforcing CAPS

Some tokens use mixed case as part of their brand. Crypto culture is different from tradfi. Let the market decide what conventions emerge.

4. What happens when on-chain tokens collide with RWA stock symbols?

On-chain wins

First-come, first-served is the only fair rule. If a crypto token already registered "AAPL", the RWA issuer needs to pick a different symbol. Traditional finance has mechanisms for ticker changes—crypto doesn't.

RWA priority

Reserved symbols should be protected for legitimate RWA issuers. A meme token squatting on "AAPL" shouldn't block Apple from tokenizing their stock with the symbol everyone expects.

5. Should TNS require that a token's metadata be immutable?

On Metaplex, the update authority can change a token's symbol at any time if metadata is mutable. A project could register "BONK" on TNS, then change their Metaplex symbol to something else—leaving the TNS record pointing at a token that no longer calls itself BONK.

For requiring immutability

Strongest guarantee that the TNS record stays accurate. If the symbol can't change on the token side, the mapping is permanent and trustworthy. Integrators can cache the result forever.

Against requiring immutability

Many legitimate projects keep metadata mutable for operational reasons (fixing typos, rebranding). Metaplex is all-or-nothing—you can't lock just the symbol field. There's also a natural economic disincentive: why would a project pay to register a symbol and then change it? And if they did, they wouldn't keep renewing—so the symbol would expire and become available again. The indexer could flag mismatches in the meantime.

Launch Strategy

Decentralization is a process, not a starting point. TNS launches with training wheels that are progressively removed until the protocol becomes fully autonomous infrastructure.

Q1 2026

Phase 1: Genesis

Working with the DAO to verify the list of existing symbols and seed them for free for 5 years. Verified tokens can be claimed by their mint authority. Reserved tradfi symbols (S&P 500, Russell 3000) and non-whitelisted tokens require admin approval.

Who can register:
Verified → admin
Reserved → admin
Not listed → admin
Open questions for the DAO:
Should symbols be able to expire at all?
Should the current authority be able to update the mint?
Q2 2026

Phase 2: Open Registration

Non-whitelisted symbols open to anyone. Verified tokens remain protected for mint authorities. Reserved tradfi symbols stay admin-only for legitimate RWA onboarding.

Who can register:
Verified → mint authority
Reserved → admin
Not listed → anyone
Q3-Q4 2026

Phase 3: Full Decentralization

All restrictions removed. Any symbol—including reserved finance tickers—becomes first-come, first-served.

Who can register:
All symbols → anyone
2027+

Phase 4: Immutability

Upgrade authority permanently revoked. No admin, no governance, no changes. Pure infrastructure, like TCP/IP.

Token-2027: A New Standard On-Chain

What if duplicate symbols were impossible? A new token standard could enforce uniqueness at creation—not through flags, but by design.

The Mint Instruction

// In the new token standard's mint instruction:
let tns_result = tns_program::cpi::lookup(symbol);


// Reject if symbol already exists
require!(
    tns_result.is_none(),
    ErrorCode::SymbolAlreadyExists
);


// Register symbol atomically with mint
tns_program::cpi::register(symbol, new_mint.key())?;

In this proposed standard, the mint instruction itself CPIs into TNS. If the symbol already exists, the mint fails. If it doesn't exist, it's atomically registered at creation time. No separate registration step needed.

Two standards, two purposes:

  • Token / Token-2022 — The current standard. Anyone can create any symbol. Duplicates allowed. Great for memes, experiments, and permissionless creation. Requires on-chain lookup to know if it's the verified token.
  • Token-2027 — A new standard where mint CPIs into TNS—failing if the symbol exists, auto-registering if it doesn't. If it's this type, it's unique by definition.

This is a proposal, not a guarantee. Whether this becomes an official standard depends on community adoption. The on-chain verification above works today—this is about what's possible next. TNS provides value regardless of whether Token-2027 is adopted.

Conclusion

Solana doesn't need more data science for token verification. It needs a simple, decentralized registry that makes symbols unique—just like the stock market figured out a century ago and DNS has been doing since its inception.

TNS is that registry.

One symbol. One token. Verifiable by anyone. Designed for permissionless operation.