Restricting Who Can Hold and Trade Your Security Tokens with ERC-1404 and Whitelisting

Part one of a series on ERC-1404

In the realm of security tokens and compliant tokens generally, an issuer may seek to restrict those allowed to hold the token to certain addresses and identities. The simplest way to do this is to add the allowed/approved addresses to a whitelist of ‘authorized’ token holders. In this post, I’ll explore how you can control who is and isn’t allowed to hold your token using this whitelisting method.


There are a few parties to consider when it comes to whitelisting an individual who holds a token. However, for simplicity’s sake, we will focus on the two primary participants in any transaction: the owner of the smart contract and the token holder.

The Token Holder

The token holder is the individual currently holding the token in a crypto wallet that they have access to and control over.

The Owner

The owner (aka, the issuer) is the individual who deploys their asset (or token) as a smart contract on a platform like Ethereum. When a smart contract is deployed, the Ethereum network automatically registers the owner of that contract as the Ethereum address or account that deployed it. The owner carries certain privileges that we will cover in greater detail later.

What is a Smart Contract?

A smart contract is a digital contract that is programmed to perform a specific action when certain conditions are met– without the need for a third party to manage its execution.

For example, let’s say J.K. Rowling authored a new book called Vitalik Buterin and the Sorcerer’s Fork. For her upcoming book, she is using a publisher called Frontier Book Publishers, which only allows customers to pay for the book with Ethereum. They could then deploy a smart contract — linked to their Ethereum address — which, whenever a payment is sent to Frontier, automatically and instantly sends 50% of the payment to Rowling as a royalty. Contrast this with the current fiat system, whereby a payment is first sent to Frontier’s bank account, and then Frontier must separately write a check or issue a payment to Rowling. This streamlining of an unnecessarily convoluted process is just one of the nearly limitless efficiencies that smart contracts can help create.


Tying this back to the concept of whitelisting, when you deploy a new token or asset on Ethereum, you deploy it as smart contract. As a result, you can program your token or asset to perform (or in our case, not perform) certain actions under specific conditions. Whitelisting is the process of programming your token or asset such that it can only be transferred to certain approved addresses.

To illustrate this concept, let’s say J.K. Rowling wants to create her own coin, called HP-Coin. Rowling only wants her five friends to be eligible to hold the HP-Coin, so Rowling deploys an ERC-1404 smart contract with an empty whitelist of addresses. Over the course of the week, she schedules to meet with her five friends for coffee. In these meetings, she tells her friends about HP-Coin and asks that each sets up an Ethereum address to which she can send the coins. Once each friend has set up an address and given it to Rowling, Rowling can add each address to the whitelist. Once the addresses have been added to the whitelist, they are able to receive and send HP-Coin. However, once Rowling sends her friends HP-Coins, they can only send them to each other — as no other addresses have been whitelisted (i.e., given permission to hold HP-Coin).

It’s important to note that whitelisting only applies to permissioned blockchains, which are blockchains that allow issuers to control who can hold their token or participate in the network. For example, Bitcoin is not a permissioned blockchain, so you cannot restrict the transfer of Bitcoin. Any Bitcoin holder can send their Bitcoin to any other person’s Bitcoin wallet at any time, without exception.

The Technicals of Whitelisting Using ERC-1404

Let’s dig a bit deeper to see how whitelisting is implemented at the code level. If the owner is seeking to create and/or augment the whitelist, the following functions may be of interest:

If you are a token holder, exchange or wallet provider looking to check on the restrictions for a given ERC-1404 token, and you have access to an Ethereum node, you can use detectTransferRestriction to determine if a restriction exists for a given transfer. If a restriction code is returned, the exchange or wallet provider can use the information to provide an enhanced user experience to the potential sender or recipient.

A gist with more detailed implementation information can be found here.


Using whitelisting is a great way to ensure that only individuals or entities that have abided by your compliance requirements are eligible to hold your tokens — preventing the investors you have approved from immediately turning around and selling your tokens on an exchange or to other investors who do not meet your compliance requirements.

In follow up posts, I’ll explore how this mechanism can be applied in more real-world situations.

For more information about the EIP and to see the code base, you can visit the ERC-1404 microsite here.