Utxo+merkle layer1 token
Utxo model is more elegant than account based model for token. It has the difficulty for layer1 token script to judge whether an input is a valid token utxo. Recently utxo+oracle model has been discussed a lot but a trusted third party is introduced which is what bitcoin tries to remove. Instead of an oracle, we can have each token utxo to specify the token utxo set it trusts. Utxo set is large but we can use the merkle tree trick to store it in utxo.
Wallet or client needs to track and verify whether merkle root in a utxo is valid. It also needs to construct the lastest utxo set merkle root used in output.
Re-org issue. Re-org can make a valid merkle invalid. We may need 6 confirmations to make a utxo into merkle. An alternative way is to allow the utxo to turn itself back into valid one by specifying a valid merkle using anonther tx.
Newer utxo as input. It will be treated as invalid and can't be used as input. The simplest way is to turn it(by signing a tx) into a new utxo with the lastest utxo set merkle and use it with the utxo.