Real Estate backed security tokens — deploying 🚀 and open sourcing the blockimmo platform smart contracts

and… our HackerOne 🐛 bounty is now public!

Over the last 8 months we’ve been hard at work building the blockimmo platform. In early April we described the smart contracts powering blockimmo. Since then we’ve deployed over 50 smart contracts to the Ropsten test network, intensively tested them with thousands of transactions, and ran end-to-end tests of our platform on the Ethereum MainNet. In June our platform was audited by New Alchemy with near-perfect results. In August our ÐApp was penetration-tested by Hosho with no serious findings, and we launched a private bug bounty program via HackerOne (not a single issue discovered). We’ve continuously improved, refined, and simplified our platform, working closely with our legal partner, MME, and banking partner, Bank Frick, to ensure our platform is fully-compliant with the strict Swiss and Liechtenstein legal / regulatory requirements. The result is a solid, production-ready, regulated platform capable of ushering in a new world of real estate investment and ownership.

Now we’re in the process of rolling out the blockimmo platform to production 🚀. We’re not live yet, but we’re close, very close. Our platform smart contracts have been deployed and are live on the Ethereum main network. This post will thoroughly document the architecture and design of our platform, tying it to our source code and live deployments.

Source code

Contributions in the form of issues, pull requests, and community audits are appreciated 😁.

HackerOne bug bounty 🔎 🐛

We award up to $10,000 for the responsible disclosure of a critical bug.

Design decisions

I mention our design philosophy in the serverless ⚡️ architecture powering blockimmo. The fundamental metrics guiding our software development are simplicity and minimalism. This starts with why and an optimal spec. From here, the next step is selecting the optimal tool(s) 🛠 for the job (meeting spec). We take an exclusive, highly-illiquid asset (real estate) with high-friction transactions (due to a complicated system which breeds a large array of intermediaries / middle-men), and we completely strip it down / simplify it via tokenization on the Ethereum blockchain — the perfect tool for the job. Blockchains excel at managing ownership, and in Ethereum’s case, transitioning this ownership (state) transparently and deterministically (smart contracts)— effectively automating transactions. What we’re left with is a new real estate ecosystem where ownership in small stakes becomes possible (inclusive), investments become liquid (tokens can be traded on the secondary market), and transactions become frictionless (in this case I pay an $0.11 cent fee for a transaction that completes in a few minutes ⚡️💥).

The fundamental layer of our software stack lives here, on the Ethereum blockchain. This layer is composed of focused, modular, and simple smart contracts that interact / fit-in with each other to encapsulate the critical state and computation of our platform. They’re built on the solid, battle-tested OpenZeppelin. We even adopted the design patterns and code-style of OpenZeppelin in our smart contracts to ensure consistent, high quality, and secure code.

The blockimmo AG platform contracts exhibited many positive characteristics including extensive reuse of well known libraries, very modularized source code, and well documented and thorough unit-level test cases. blockimmo AG also took care to follow a number of best practice coding guidelines …
- New Alchemy, blockimmo security audit


This layer is composed of focused, modular, and simple smart contracts that interact / fit-in with each other to produce the behavior of our system / platform.
The blockimmo platform’s control flow graph, generated with Surya, a utility tool for smart contract systems

Analyzing the above graph, we notice:

1) Low / loose coupling between smart contracts. “Low coupling refers to a relationship in which one module interacts with another module through a simple and stable interface and does not need to be concerned with the other module’s internal implementation (see Information Hiding).”

2) Unidirectional data flow. All data in our system flows in a single direction.

3) No circular /cyclical dependencies between smart contracts.

4) Simple. If you look closely, with a bit of re-arranging, the above graph can be drawn with no lines intersecting each other.

We should aim for simplicity because simplicity is a prerequisite for reliability. Simple is often erroneously mistaken for easy. “Easy” means “to be at hand”, “to be approachable”. “Simple” is the opposite of “complex” which means “being intertwined”, “being tied together”. Simple != easy.

Above, we visualize the blockimmo platform (system) with a single tokenized property. As commercial properties are sold via blockimmo (and later, development projects financed and residential properties sold), this system will evolve. We’ve architected and designed our platform such that it can support an ecosystem of real estate where different entities (ie governments, organizations, people, and smart contracts — a subset being DAOs) can plug-in and enable opportunities and possibilities not yet considered. As Steven Wolfram emphasizes, in the computational universe, we’ve now seen how rules that are incredibly simple can produce incredibly rich and complex behavior.


We’re sticking to the core principles and philosophy of Ethereum as closely as possible. That’s part of the reason we’ve decided to open source our smart contracts and invest so much in having our platform audited, penetration-tested, and running a public bug bounty program — all executed in collaboration with the most reputable / leading industry service providers.

There is centralization in our platform / smart contracts. Our platform is of no value if it’s not regulated in a AAA jurisdiction (in our case Switzerland / Lichtenstein). This is only possible (currently) with some degree of centralization. We’ve wrestled with our legal partner, MME, to introduce as little centralization into our platform as possible. The result is centralization in two places: our LandRegistry and Whitelist smart contracts (both controlled by blockimmo AG).

Realistically, investors are actually safer / more secure with this centralization than without. Switzerland / Lichtenstein are such solid jurisdictions that the probability of loss of funds / investments due to centralization are significantly lower than due to a bug / vulnerability in a decentralized system (extremely hard to design properly, and we’re still in early days). Centralization gives us an additional layer of security / safety-net. Learn more about our legal framework and investor protection here (coming soon).

All that said, we’re taking a major step towards the vision — a completely decentralized world of real-estate. We’re very happy to answer any questions or concerns. The best way to reach us is our twitter or reddit.


Properties are officially and legally represented as asset-backed tokens (securities) on the Ethereum blockchain. When a property is tokenized its rights and ownership are encapsulated in an ERC20 token (each property gets its own, independent / unique token). Supply is fixed (every single (commercial) property on the blockimmo platform is represented by 1,000,000 tokens — the token name is the property’s eGrid, and the token symbol is the property’s grundstück).

blockimmo AG is heavily involved (at first) in the tokenization process of each property. Property owners interested in selling a property contact us to list it for-sale on our platform, and after thorough checks and verifications (with industry partners), blockimmo AG will append the TokenizedProperty to our on-chain LandRegistry. If a TokenizedProperty isn’t in the LandRegistry, it isn’t valid! Our legal framework works in synchronization with our smart contracts, and maps this on-chain LandRegistry to the traditional (old-world) registry. This ensures that at any time and in any scenario, an investor can obtain a certificate of ownership (in the old-world).

Tokenized properties are sold via TokenSale. Each property essentially has its own ICO. It would be more appropriate to refer to this as a security token offering (STO) though, as these tokens are (regulated) securities. Properties are valued by strong industry appraisal partners to ensure realistic soft / hard caps. It is also important to note there is no utility / in-between token in these sales. Investments are made directly in Ether, and the seller of the property receives Ether at the conclusion of a successful token sale (this can be converted to a FIAT currency with our brokerage partner, Bitcoin Suisse). One interesting feature of our TokenSale smart contract is the use of Maker’s medianizer to give seller’s the option to set the soft / hard cap of their TokenSale in USD (instead of the default, Ether). This is an extremely simple solution to mitigate the volatility of Ether (from a seller’s perspective) as these sales are often long-running. Investors have the freedom to invest earlier or later in the sale to mitigate (or play) Ether’s volatility.

Once tokenized and sold, commercial properties continue to be managed by well-known local management companies specializing in property management (strictly vetted by blockimmo AG). Quarterly financial performance reports and updates are delivered by the management company to blockimmo AG, thoroughly checked by our finance team, and provided to investors. These properties generate income, and all profits (minus blockimmo AG’s 1% fee) are distributed to the property’s investors via the TokenizedProperty smart contract — proportional to the investor’s share of tokens. Investors are notified when dividends are paid-out, and dividends can be claimed at any time (no expiration date), only claimable by the token holder at the time of payout.

Owners of a property are able to extend and vote on proposals via ShareholderDAO (i.e. vote to elect a new management company for the upcoming year), which is attached to each TokenizedProperty. Voting is proportional to the investor’s share of tokens.

Lastly, as our platform is regulated and these tokens are securities, we must be able to identify the owners of any given property, at any given time. This means we must perform KYC / AML checks, and whitelist investors before they’re able to invest in properties. Our on-chain Whitelist enforces this at the smart contract level — our platform is coded with compliance.


A minimal, simple database mapping properties to their on-chain representation (TokenizedProperty). LandRegistryProxy points to LandRegistry, enabling it to be upgraded if absolutely necessary.


A minimal, simple database mapping public addresses (ie users) to their permissions. WhitelistProxy points to Whitelist, enabling it to be upgraded if absolutely necessary.


An asset-backed token (a property as identified by its E-GRID (a UUID) in the (Swiss) land registry).


A simple DAO attached to a TokenizedProperty (ownership of the property is transferred to this).


Distribute tokens to investors in exchange for Ether.


Eventually our LandRegistry and Whitelist will be token-curated. We’re working towards these registries being the source of truth for land ownership (currently our legal framework is required to bridge / synchronize our on-chain registry to the traditional (old-world) registry). And we’ve dog-fooded 🐶 our platform to tokenize our company — the blockimmo AG security token offering (STO), where 20% of the shares of our company will be sold, is powered by our platform smart contracts and ÐApp — investing in blockimmo AG is exactly the same as investing in a commercial property (as well as receiving your share of dividends) at every layer of our software stack from the UI / UX down to our smart contracts.

Etherscan (verify / info)

All of our smart contracts’ source code is verified in Etherscan, and for TokenizedProperties / TokenSales, additional info is provided in Etherscan.

We re-use our platform smart contracts and ÐApp to tokenize 20% of our company’s shares (blockimmo AG) and sell them in a STO to finance the massive scaling of our platform. Note this is not a utility / in-between token! It is shares of blockimmo AG

More information about our platform launch will be announced soon™ aka in 2–4 weeks 😄. Shortly after going live we’ll post again, and send an email to all who have subscribed (you can do so below).

Did we spark your interest? Would you like to find out more about our platform, technology, or meet us? We’re happy to invite you to our offices in Crypto Valley Zug. Let’s keep in touch!