ERC-5453 — Endorsement / Permit for Any Functions

Back to Account & Authentication

ERC-5453: Endorsement / Generalised Permit

ERC-5453 generalises ERC-2612 (permit for ERC-20) to any function call: a function can require a signed endorsement from a third party (validator, multisig signer, KYC service) before executing. Lets dApps require external approvals without per-method custom signature logic.

Used by:

• Compliance gates — actions need an endorsement from a KYC service.
• Multi-party releases — token releases require multiple signed endorsements.
• Optimistic flows — endorsement bypasses a delay if a trusted endorser signs.

Required Pattern

function gatedAction(uint256 amount, Endorsement calldata e) external {
    require(verifyEndorsement(amount, e), "bad endorsement");
    // ... action ...
}

struct Endorsement {
    address endorser;
    uint256 deadline;
    uint8 v; bytes32 r; bytes32 s;
}

Neo Equivalent: Native Witness Scopes Per Call

Neo's witness model already provides per-call signature authorisation. The "endorsement" pattern collapses to: the endorser adds their witness to the transaction; the contract's Runtime.CheckWitness(endorser) succeeds for the gated method.

public static void GatedAction(BigInteger amount, UInt160 endorser)
{
    if (!Runtime.CheckWitness(endorser)) throw new Exception("AUTH:NoEndorsement");
    if (!IsApprovedEndorser(endorser))   throw new Exception("AUTH:NotApprovedEndorser");
    // ... action ...
}

ERC-5453 (Ethereum)	Neo Equivalent	Notes
Off-chain ECDSA endorsement signature	Tx witness from endorser	Native
verifyEndorsement(...) per call	Runtime.CheckWitness(endorser)	Cheaper, native
Endorser allowlist storage	IsApprovedEndorser(addr) view	App-defined
Replay protection via deadline + nonce	Tx nonce + validUntilBlock	Native

Migration Notes

For Solidity contracts using ERC-5453:

1. Drop the typed-data signature parsing — use the endorser's witness on the transaction instead.
2. Maintain an off-chain endorser-allowlist (or on-chain registry).
3. The endorser signs the transaction (alongside the user); the contract's witness check authenticates both.

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;

contract Endorsable {
    mapping(address => bool) public isApprovedEndorser;
    mapping(bytes32 => bool) public consumedNonce;

    function gatedAction(uint256 amount, address endorser, uint256 deadline,
                         bytes32 nonce, bytes calldata sig) external {
        require(block.timestamp <= deadline, "expired");
        require(isApprovedEndorser[endorser], "not approved");
        require(!consumedNonce[nonce], "replay");

        bytes32 digest = keccak256(abi.encodePacked(amount, endorser, deadline, nonce));
        require(_recover(digest, sig) == endorser, "bad sig");

        consumedNonce[nonce] = true;
        // ... action ...
    }

    function _recover(bytes32 digest, bytes memory sig) internal pure returns (address) { /* ecrecover */ }
}

using System;
using System.ComponentModel;
using System.Numerics;
using Neo;
using Neo.SmartContract.Framework;
using Neo.SmartContract.Framework.Attributes;
using Neo.SmartContract.Framework.Native;
using Neo.SmartContract.Framework.Services;

namespace R3E.Examples;

[DisplayName("Endorsable")]
[ContractPermission("*", "*")]
public class Endorsable : SmartContract
{
    private const byte Prefix_Endorser = 0x01;

    public static void GatedAction(BigInteger amount, UInt160 endorser)
    {
        if (!Runtime.CheckWitness(endorser)) throw new Exception("AUTH:NoEndorsement");
        if (Storage.Get(Storage.CurrentContext, EndorserKey(endorser)) is null)
            throw new Exception("AUTH:NotApprovedEndorser");
        // ... action ...
    }

    public static void AddEndorser(UInt160 endorser)
    {
        if (!Runtime.CheckWitness(GetAdmin())) throw new Exception("AUTH:NotAdmin");
        Storage.Put(Storage.CurrentContext, EndorserKey(endorser), 1);
    }

    private static byte[] EndorserKey(UInt160 e) => new byte[] { Prefix_Endorser }.Concat(e);
    private static UInt160 GetAdmin() => (UInt160)"0x0000000000000000000000000000000000000000";
}