These are really good questions.
I don’t think there is an easy way to securely pay all bond owners at the same time, except if there are fewer than 16 of them and you can do a group transaction.
I am thinking of two potential solutions (that can definitely be refined):
- Do not use at all a token and instead store in local storage the details about the bond. To transfer the bond to someone else, you need to do a smart contract call (instead of an ASA transfer). This has the advantage of being quite easy to implement but you lose the advantage of ASA transfer.
- Each time a bond is issued, you create a new smart contract address (stateless TEAL) that will be the creator of the bond NFT and you store the bond parameters in the local storage of this new contract. Note that the stateful TEAL application can generate itself the smart contract address as it consists of the hash of the smart contract (that can be reconstructed as the concatenation of several strings). There is an additional trick to reduce size of the stateful application described at the bottom of this post. Note also that the stateful TEAL application can access the creator of any NFT so can check it is an NFT mapping to a real bond and retrieve the bond parameters from there.
Trick to reduce the size of the stateful application: The stateless smart contract will consist of three parts (once compiled): prefix, some value x to distinguish each bond, suffix.
The prefix is short (most likely just the version number and the bytecblock instruction) but the suffix can be long. What you can do is hardcode the hash of the suffix instead of the suffix in the application and require one argument of the application to be the suffix itself.
This way you moved the long suffix from the program (very constrained in size) to the arguments (much less constrained in size).