The Security Tokens and ERC1400 standard — What it is, and how to make one!

Adam Boudjemaa
13 min readOct 9, 2019


The Security Tokens and ERC1400 standard — What it is, and how to make one!


Since the advent of Bitcoin in 2008, the world has seen a completely new dimension of decentralized ecosystem and protocols powered by several sophisticated technologies, which include Blockchain, a distributed ledger with a sequential series of blocks that are tied together with a hash. Satoshi Nakamoto’s vision was to disrupt the traditional payments industry with an open, borderless, neutral, censorship-resistant and decentralized payment system which he called ‘Bitcoin’.

In the early days of Bitcoin, it quickly took off among the Cypherpunks community members because the core fundamental and ideological principals behind Bitcoin were closely in line with the principals of the Cypherpunks community. Once Bitcoin caught some momentum, people started regarding and mirroring it with the early days of the internet. Initially, Bitcoin was very slow and could only handle 4 transactions per second (with an average transaction size of 420 Bytes). Since a lot of people were using Bitcoin, it often chocked the network that caused massive delays in the transaction processing time.

Many initiatives were taken by the Open Source Software Community members, like SegWit, which increased the number of transactions per second (TPS) from 4 to 8. Despite all the initial problems, people quickly realized the power of decentralization and started to innovate with different products aimed to solve the shortcomings and limitations that the Bitcoin network had. Keeping in view all the limitations of the Bitcoin network, Ethereum was born. It was proposed by Vitalik Buterin in late 2013, and the Ethereum network went live in July 2015.

Vitalik Buterin often describes Ethereum as ‘The World Computer’. Ethereum is the world’s first blockchain which is fully programmable and Turing complete, which allows the developers to launch Decentralized Applications (DApps), conduct Initial Coin Offerings (ICOs), Security Token Offerings (STOs), etc by writing smart contracts on the Ethereum Blockchain itself. Being an early player in the market, Ethereum brought a revolution in the Blockchain ecosystem and thousands of companies and individuals launched their tokens and decentralized applications on the Ethereum platform.

There are two main categories of tokens that you can launch on the Ethereum platform — Utility Token and Security Token. In this article, we will discuss different kinds of tokens, and how you can code an ERC-1400 security token on the Ethereum platform.

The difference between a Coin and a Token

The word ‘Cryptocurrency’ is always used to refer both coins and tokens which often causes a lot of confusion among the audience and they start using both the terms interchangeably. However, there are some key differences between the two.

In simple terms, coins are the kind of cryptocurrencies that have their own blockchain. Coins are the actual fuel for any given blockchain, and they provide an incentive model to secure the decentralized network. Coins often have similar characteristics of money, as they are divisible, fungible and acceptable. On the other hand, tokens are the kind of cryptocurrencies that do not have their own blockchain.

Tokens are released on the application layer of any programmable blockchain platform like Ethereum, EOS, TRON, etc. Any programmable blockchain can only have one single coin as its main currency, while it can have an unlimited number of tokens that serve a variety of different purposes. On the Ethereum platform, a token can be launched by writing and publishing a smart contract that follows a given set of standards.

What are Security Tokens?

Security tokens can be defined as the kind of digital assets, which are subjected to federal securities and regulations. In very simple terms, security tokens are just your regular tokens that qualify and meet the following four clauses:

  • The desired token is actually a monetary investment.
  • The monetary investment goes to a company or a common enterprise.
  • There is an expectation of some profit from the ownership of token.
  • The generation of expected profit depends on the work of third parties.

The above four clauses are called ‘The Howey Test’, and any particular token that meets all these four clauses and passes The Howey Test is subjected to the same regulations that are applied to traditional securities. If any ICO falls under the category of securities but doesn’t follow the regulations, it can be subject to penalties. This article won’t be discussing the main regulations, but there are three main federal security regulations in the USA for the security tokens as noted by Anthony Pompliano, namely:

  • Regulation D
  • Regulation A+
  • Regulation S

Security Tokens vs Utility Tokens — The key differences

There are two main categories of tokens, Utility Tokens, and Security Tokens. Utility tokens are meant to give you access to a particular product or service on the blockchain, and they can also be used as a means of payment between two interoperable applications. As the name implies, the utility tokens serve a particular ‘utility’ and can be used under the scope which is defined in its smart contract of the decentralized application.

On the other hand, Security Tokens represent any kind of ‘ownership’ in assets which are tokenized. The assets can be anything like real estate, equities, debt, etc. The ownership model is defined in the smart contract that governs the security token. Companies used to launch utility tokens through Initial Coin Offering (ICO), and they now have an option to launch security tokens through Security Token Offering (STO).

Security tokens can be fungible or non-fungible, sharing many of the characteristics of ERC20 and ERC721 standards.

They have laid the foundation of the new era of finance 3.0 which will drive innovation, adoption, and globalization of digital securities.

What are the benefits of Security Tokens?

The ownership of tokenized assets in the form of security tokens brings a lot of opportunities and benefits over the traditional finance industry as we know it. We will discuss three key benefits of security tokens that will disrupt the traditional finance industry in many ways, which include global market exposure, no middlemen and lower fees, increase credibility and reduced risks of spam.

  • Global market exposure — Traditionally, it is very hard for people sitting outside the US to invest in US-based private or public companies because of too many hurdles. Security tokens make it easier, and they enable asset owners to reach the global investor audience and market their deals to anyone within the regulatory limits. This will increase adoption, brings a larger investor base to the table and ensure healthy competition.
  • No middlemen and lower fees — The traditional finance industry is very congested with a lot of middlemen like bankers and lawyers, etc. The involvement of middlemen drastically increases the fees, brings complexity to the process and increase paperwork. Security tokens remove the need of these middlemen because the smart contract brings automation and governs the structure of the deal, which reduces the fees and costs involved, results in less paperwork and ensures transparency.
  • Increased credibility and reduced risks of spam — Because of the lack of proper regulations and accountability, traditional ICO space had too much spam which decreased investors’ trust and acted as a barrier for new investors in the market. Since security tokens represent real work assets with proper regulatory framework governing the issuance of tokens, this will help reduce spam and increase the investors’ trust in the crypto space. This will also increase blockchain adoption with a global investor base, and bridge the gap between traditional finance and the blockchain world.

The feasibility of security tokens on a public blockchain

The most discussed and debated upon topic these days is whether public blockchains are feasible for the issuance of security tokens, or a private blockchain with features specific to security tokens would be a much better option. In this section, we will discuss the three main benefits that public blockchain brings to the security tokens ecosystem.

  • Trust and transparency — Public blockchains are known for increased trust and transparency that they bring to the network. Technically, security tokens are just smart contracts that are launched on a blockchain network. By launching these smart contracts on a public blockchain, people around the world would be having access to the code-base, they can audit the code, see the transactions, issuance, dividends, etc. This would help establish global trust and attract an open community.
By launching these smart contracts on a public blockchain, people around the world would be having access to the code-base, they can audit the code, see the transactions, issuance, dividends, etc.
  • Enhanced security — One of the main benefits of public blockchain networks is that they are tried and tested, and by having a large user base, they have very robust security. Security tokens are surrounded by too many regulations, and robust security is the key to the hosted smart contracts that govern these security tokens. Public blockchains also tend to follow common standards that make smart contracts for both utility tokens and security tokens interoperable.
  • Global reach and network effect — Since public blockchains have a global reach and adoption, it will result in a strong network effect where the potential investor base for the tokenized assets would be very large and diverse.

Security token standards and why they are important

By the end of 2018, Ethereum had the largest share of 80% in the ICO market, which means that 80% of the tokens in the initial coin offerings were launched on the Ethereum platform. This phenomenon isn’t a coincidence, but rather a careful community decision that led Ethereum to become the market leader — and that decision is the standardization of tokens. The development community of Ethereum launched a set of standards, which is a set of guidelines for the developers who want to launch their tokens on the Ethereum platform.

The most popular standard was the ERC-20 token standard which was adopted by the community like a storm. ERC-20 led to a boom in the utility tokens space and helped create a multi-billion dollar market. The main benefits of token standardization include:

  • They make the tokens interoperable so they can speak the same language as other tokens and smart contracts.
  • They enhance the compatibility of your token with other supporting applications in the decentralized ecosystem, like an exchange.
  • They reduce the chances of errors and provide a template that includes all the necessary information.
  • They increase the fungibility of your tokens because of interoperability.

Just like ERC-20 is the token standard for the traditional utility tokens, ERC-1400 is declared to be the default token standard for security tokens. ERC-1400 would bring a boom to the world of security tokens just like ERC-20 brought to the world of utility tokens. This new standard will encourage companies around the globe to adopt Ethereum as a platform and launch their security tokens in independent STOs.

The ERC-1400 token standard for security tokens

The ERC-1400 is a standard for security tokens with thorough guidelines and functions which include:

  • Incorporation of differentiated ownership model.
  • Error signaling.
  • Document references.
  • Gatekeeper (operator) access control and issuance or Redemption semantics.

ERC-1400 can also work with the branching standards that serve a variety of different purposes, like the ERC-1410 which is a partially fungible security token standard. The authors of ERC-1400 security token standard include Adam Dossa (Polymath), Pablo Ruiz (Polymath), Stephane Gosselin (Numerai), and Fabian Vogelsteller (creator of the ERC-20 standard), and was launched by the Polymath network. In the next section, we will show how you can code an ERC-1400 on the Ethereum platform.

Let's compile and publish a simple ERC-1400 token on Ethereum Blockchain

You might be familiar with the ERC-20 token standard which took the ICO world by storm. ERC-20 tokens are easier to code, and the two main parameters needed to perform a successful transfer of an ERC-20 token are the address of the recipient and the total value of the transfer.

function transfer (address recipient, uint256 value)

This simplicity is very useful but it doesn’t give the issuer any control on the token issuance process itself. This is one of the reasons why ERC-20 isn’t the best choice for security tokens, because of all the federal securities regulations that the security token must comply with.

That’s where the ERC-1400 standard comes in, which gives more control to the issuer of the security token so that they can comply with all the federal securities regulations, perform off-chain KYC checks, validate the investor, get the necessary certificates signed and push the final data onto the blockchain in a compressed binary format along with the successful transaction. As you can see, ERC-1400 involves a combination of both on-chain and off-chain events in order to issue a token in a successful transaction. One small mistake, and you are subject to penalties which would incur huge losses.

CoFi OS — A powerful solutions for security tokens

This is where CoFi OS (old Dauriel network) comes into play, which is a solution made by ConsenSys for issuing and exchanging security tokens and other tokenized financial assets on the Ethereum Blockchain. CoFi OS supports complete ERC-1400 implementation for partially fungible security tokens. It also supports the ERC-777 implementation for asset transfers.

CoFi Transaction for a security token

CoFi OS supports a special kind of ERC-1400 supported transaction format, which includes an extra ‘data’ parameter. This additional ‘data’ parameter is used in the ERC-1400 token implementation to inject all the necessary off-chain certificates (KYC, investor validation, investor’s consent etc) along with a successful transaction.

function transferWithData (address recipient, uint256 value, bytes data)

This gives more control to the issuer of the security token so that he can comply with all the regulations and perform necessary checks before transferring the ownership of the token. The image below shows how The CoFi OS transaction differs from the traditional transaction that involves a simple token transfer.

This ‘certificate’ field in CoFi OS is comprised of 5 key elements.

  • The ID of the function which makes sure that the certificate is unique and can’t be used on another function.
  • The input parameters, which make sure that they are verified by the issuer.
  • The data of validity, which ensure the expiry date of the certificate
  • An additional nonce, which makes sure that that this certificate can’t be duplicated or used twice
The diagram above shows the internal structure of the ‘certificate’ field. The final certificate is signed by the issuer before publishing.

The ERC-1400 interface

The ERC-1400 contains hundreds of interfaces but five of them are most important which we would discuss here one by one.

1 — Document Management

As implied by the name, these functions perform document management operations. Please note that all the documents and certificates are generated and validate off-chain by the issuer before pushing them into a transaction.

function getDocument (bytes32 name) external view returns (string, bytes32);

function setDocument (bytes32 name, string uri, bytes32
documentHash) external;

event Document (bytes32 indexed name, string uri, bytes32 documentHash);

2 — Controller Operation

The function below is responsible for all the controller operations of the smart contracts.

function isControllable () external view returns (bool);

3 — Token Issuance

The following functions in the interface are all related to the issuance of the security tokens.

function isIssuable() external view returns (bool);

function issueByPartition (bytes32 partition, address tokenHolder,
uint256 value, bytes data) external;

event IssuedByPartition (bytes32 indexed partition, address indexed operator, address indexed to, uint256 value, bytes data, bytes operatorData);

4 — Token Redemption

The following functions in the interface control the token redemption process

function redeemByPartition(bytes32 partition, uint256 value, bytes data) external;

function operatorRedeemByPartition (bytes32 partition, address tokenHolder, uint256 value, bytes data, bytes operatorData) external;

event RedeemedByPartition (bytes32 indexed partition,
address indexed operator, address indexed from, uint256 value, bytes data, bytes operatorData);

5 — Transfer Validity

The following two functions perform the transfer validity of the security tokens.

function canTransferByPartition(bytes32 partition, address to, uint256 value, bytes data) external view returns (byte, bytes32, bytes32);

function canOperatorTransferByPartition(bytes32 partition,
address from, address to, uint256 value, bytes data,
bytes operatorData) external view returns (byte, bytes32, bytes32);

Lets make and launch a security token through The Cofi OS

Even though the ERC-1400 implementation involves a lot of complexities, checks and validations due to the regulatory conditions, the Cofi OS has made it easier to make and issue the ERC-1400 security token and perform all the necessary checks through a simple web interface. In this section, we will go through those steps to make and launch a simple ERC1400 security token.

The CoFi OS Network provides different interfaces but we will go through the issuer interface here.

Once you log into your CoFi account, you would be able to see the issuer interface.

There are two independent sections in the issuer interface.

  • One is for the compliance requirements
  • Second one is or the security token configuration itself.

Under the compliance requirements, you would be able to identify all the necessary documentation that either you, or the investor, or the authorities would provide. You must specify these fields before launching your smart contract on the blockchain.

This data would further be used in the interface later for the issuance of the tokens.

Under the security token configuration, the issuer has to specify the name and the submit of the token.

Once finalized, you can click ‘Issue Security Token’ and after a few minutes, your security token would be deployed on a private Ethereum blockchain.

When your security token is issued, you would be presented with the following interface.

For each of the security token that you issued, you would see 5 columns. The first column shows how many assets does the investor owns, the second column shows the email of the investor, the third column shows the registration date, the fourth column shows the address where the recipient has their security tokens, and the final column shows the document verification process that is currently being conducted off-chain. Once all the documents are verified, the transaction is made successful and the status of the investors is changed to ‘verified’.

That’s it! You have now made and issued a security token using The CoFi OS.


2019 would be the year of Security Tokens, the new era of finance 3.0 which would change the way how companies do their fundraising. Security tokens would ensure global participation of the investors, global inclusion, lower fees and more power! The CoFi OS has made it super easy to make and launch your security tokens, and take care of all the regulatory requirements and certifications.



Adam Boudjemaa

Lead Blockchain Developer @polytrade_fin — Head of Blockchain @retreeb_io — Ex-Blockchain Developer @FantomFDN