ERC-7746 — Composable Security Middleware Hooks

Back to Infrastructure & Patterns

ERC-7746: Composable Security Middleware

ERC-7746 standardises stackable security middleware that can be inserted before / after any external method call. Each middleware gets the call data, can inspect / mutate it, and can short-circuit the call. Used for:

• Pause guards that halt all calls during incidents.
• Per-method rate limits (e.g. "max 10 transfers per block per account").
• Anti-MEV protection that delays / reorders calls.
• Compliance enforcement that injects KYC checks across the contract.

Required Pattern

interface IMiddleware {
    function before(address caller, bytes4 selector, bytes calldata data) external;
    function afterCall(address caller, bytes4 selector, bytes calldata data, bytes calldata result) external;
}

contract Guarded {
    IMiddleware[] public middleware;

    fallback() external {
        for (uint256 i = 0; i < middleware.length; ++i) {
            middleware[i].before(msg.sender, msg.sig, msg.data);
        }
        // ... dispatch + collect result ...
        for (uint256 i = 0; i < middleware.length; ++i) {
            middleware[i].afterCall(msg.sender, msg.sig, msg.data, result);
        }
    }
}

Neo Equivalent: Pre/Post Hook Chain on External Methods

public static void GuardedOp(BigInteger amount)
{
    RunBeforeHooks("guardedOp", new object[] { amount });
    // ... base method body ...
    RunAfterHooks("guardedOp", new object[] { amount }, /* result */ null);
}

private static void RunBeforeHooks(string method, object[] args)
{
    var hooks = GetHooks();
    for (var i = 0; i < hooks.Length; i++)
    {
        Contract.Call(hooks[i], "before", CallFlags.All,
            new object[] { Runtime.CallingScriptHash, method, args });
    }
}

ERC-7746 (Ethereum)	Neo Equivalent	Notes
before(caller, selector, data)	Before(caller, methodName, args) cross-contract call
after(caller, selector, data, result)	After(caller, methodName, args, result)
Middleware revert short-circuits	Cross-contract throw aborts the parent tx	Same atomicity
Stackable middleware list	hooks[] storage; iterated in order	Direct port

Migration Notes

For Solidity protocols using middleware:

1. Each contract that opts in maintains a hooks[] storage (admin-managed).
2. External methods call RunBeforeHooks / RunAfterHooks wrapping the body.
3. Middleware contracts implement Before / After views/methods that may revert to halt the call.

For pause-guard / rate-limit patterns specifically, this is the right shape. For one-off compliance checks, a simpler dedicated validator (per the ERC-7144 mirror) is usually enough.

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;

interface IMiddleware {
    function before(address caller, bytes4 selector, bytes calldata data) external view;
    function afterCall(address caller, bytes4 selector, bytes calldata data, bytes calldata result) external view;
}

contract GuardedContract {
    IMiddleware[] public middleware;

    function guardedOp(uint256 amount) external {
        for (uint256 i = 0; i < middleware.length; ++i) {
            middleware[i].before(msg.sender, msg.sig, msg.data);
        }
        _doOp(amount);
        for (uint256 i = 0; i < middleware.length; ++i) {
            middleware[i].afterCall(msg.sender, msg.sig, msg.data, "");
        }
    }

    function _doOp(uint256 amount) internal { /* base body */ }
}

using System;
using System.ComponentModel;
using System.Numerics;
using Neo;
using Neo.SmartContract.Framework;
using Neo.SmartContract.Framework.Attributes;
using Neo.SmartContract.Framework.Native;
using Neo.SmartContract.Framework.Services;

namespace R3E.Examples;

[DisplayName("GuardedContract")]
[ContractPermission("*", "*")]
public class GuardedContract : SmartContract
{
    private const byte Prefix_Hooks = 0x10;

    public static void GuardedOp(BigInteger amount)
    {
        var caller = Runtime.CallingScriptHash;
        RunHooks("before", "guardedOp", new object[] { amount }, null);
        // ... base body ...
        RunHooks("afterCall", "guardedOp", new object[] { amount }, null);
    }

    private static void RunHooks(string phase, string method, object[] args, object result)
    {
        var hooks = GetHooks();
        for (var i = 0; i < hooks.Length; i++)
        {
            Contract.Call(hooks[i], phase, CallFlags.All,
                new object[] { Runtime.CallingScriptHash, method, args, result });
        }
    }

    public static UInt160[] GetHooks()
    {
        var raw = Storage.Get(Storage.CurrentContext, new byte[] { Prefix_Hooks });
        return raw is null ? new UInt160[0] : (UInt160[])StdLib.Deserialize((ByteString)raw);
    }

    public static void SetHooks(UInt160[] newHooks)
    {
        if (!Runtime.CheckWitness(GetAdmin())) throw new Exception("MW:NotAdmin");
        Storage.Put(Storage.CurrentContext, new byte[] { Prefix_Hooks }, StdLib.Serialize(newHooks));
    }

    private static UInt160 GetAdmin() => (UInt160)"0x0000000000000000000000000000000000000000";
}