ERC-4519 — NFTs Tied to Physical Assets

Back to Token Standards

ERC-4519: NFTs Tied to Physical Assets

ERC-4519 binds an NFT to a physical device (sneaker chip, luxury watch, NFC-tagged collectible, IoT sensor, smart key) by embedding the device's public key into the NFT and requiring a fresh signature from the device for ownership transfers. The NFT goes through a state machine — WAITING_FOR_OWNER → ENGAGED_WITH_OWNER → WAITING_FOR_TRANSFER → … — that mirrors the physical-asset's authentication state. This makes the NFT a trusted digital twin of the physical asset; selling the NFT requires the physical device to attest the transfer.

Used by:

• Authenticated luxury goods (Hermès, Rolex) where each item has a chip + NFT.
• Smart-key NFTs (Tesla, Aiways) where the NFT holder controls vehicle access.
• IoT device ownership (smart locks, surveillance cameras) where the NFT is the owner-key-of-record.
• Authenticated collectibles (NFC-tagged sports memorabilia, art prints) requiring physical-presence verification on resale.

Required State Machine

WAITING_FOR_OWNER
    ↓ (owner signs `setUser` with device's signature)
ENGAGED_WITH_OWNER
    ↓ (owner initiates transfer with `startTransfer`)
WAITING_FOR_TRANSFER
    ↓ (new owner signs `acceptTransfer` with device's fresh signature)
ENGAGED_WITH_OWNER  (new owner)

The fresh device signature on each transition prevents replay attacks and ensures the physical device is present (a stolen NFT without the physical chip is useless — you can't get a fresh signature).

Required Interface (abridged)

interface IERC4519 {
    enum State { WAITING_FOR_OWNER, ENGAGED_WITH_OWNER, WAITING_FOR_TRANSFER }

    event OwnerSet(uint256 tokenId, address oldOwner, address newOwner, State state);
    event TransferInitiated(uint256 indexed tokenId, address indexed from, address indexed to);
    event TransferAccepted(uint256 indexed tokenId, address indexed from, address indexed to);

    function setUser(uint256 tokenId, address newUser, bytes calldata deviceSignature) external;
    function startTransfer(uint256 tokenId, address newOwner) external;
    function acceptTransfer(uint256 tokenId, bytes calldata deviceSignature) external;
    function tokenState(uint256 tokenId) external view returns (State);
    function devicePublicKey(uint256 tokenId) external view returns (bytes memory);
}

Neo Equivalent: NEP-11 + Device Pubkey + State Storage

The Neo port stores the device's public key plus the current state per tokenId; transitions verify a fresh signature from the device.

public static void AcceptTransfer(ByteString tokenId, ByteString deviceSignature)
{
    var state = TokenState(tokenId);
    if (state != 2) throw new Exception("RWA:NotWaitingForTransfer");
    var pendingNewOwner = GetPendingTransferTo(tokenId);
    if (!Runtime.CheckWitness(pendingNewOwner)) throw new Exception("RWA:NotPendingOwner");

    var pubKey = DevicePublicKey(tokenId);
    var nonce  = GetTransferNonce(tokenId);
    var msgToSign = ((ByteString)tokenId).Concat(pendingNewOwner).Concat((ByteString)(byte[])nonce.ToByteArray());
    if (!(bool)CryptoLib.VerifyWithECDsa(msgToSign, (ECPoint)pubKey, deviceSignature, NamedCurveHash.secp256r1SHA256))
        throw new Exception("RWA:InvalidDeviceSignature");

    // Complete transfer.
    Transfer(pendingNewOwner, tokenId, null);
    SetTokenState(tokenId, 1);  // ENGAGED_WITH_OWNER
    BumpTransferNonce(tokenId);
    OnTransferAccepted(tokenId, OwnerOf(tokenId), pendingNewOwner);
}

ERC-4519 (Ethereum)	Neo Equivalent	Notes
Device public key per tokenId	Storage.Put(DeviceKey(tokenId), pubKey)	Stored at mint
State machine (3 states)	BigInteger 0/1/2 in storage	Direct port
setUser(tokenId, newUser, deviceSig)	SetUser(tokenId, newUser, deviceSig)	Verifies device signature
startTransfer(tokenId, newOwner)	StartTransfer(tokenId, newOwner)	Owner-witness-checked
acceptTransfer(tokenId, deviceSig)	AcceptTransfer(tokenId, deviceSig)	Verifies fresh device signature
devicePublicKey(tokenId)	DevicePublicKey(tokenId) view	Returns the bound key
block.timestamp for nonce freshness	Runtime.Time	Same approach

Composition

• ERC-3643 — T-REX. Pair: physical-asset NFTs with regulatory compliance (KYC + asset-attestation).
• ERC-7943 — Universal RWA Interface. Wrap ERC-4519 with uRWA capability flags for cross-token-type RWA registries.
• ERC-2981 — royalties. Resale royalties paid to the manufacturer / brand on each accept-transfer.
• ERC-7066 — lockable. Lock the NFT during transit (between startTransfer and acceptTransfer).

Migration Notes

For Solidity ERC-4519 deployments porting to Neo:

1. Replace ERC-721 inheritance with NEP-11 base.
2. Store device public keys as secp256r1 compressed points (33 bytes); verify with CryptoLib.VerifyWithECDsa.
3. Bump the transfer nonce on each successful transfer to prevent signature replay.
4. The state machine is mechanical — three integer states, three transition methods.

The Neo port has the same physical-asset trust model as Ethereum; neither chain can verify physical possession on its own. The signature fresh-issuance from the device is the only cryptographic guarantee.

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;

contract ERC4519 {
    enum State { WAITING_FOR_OWNER, ENGAGED_WITH_OWNER, WAITING_FOR_TRANSFER }

    mapping(uint256 => bytes)   public devicePublicKey;
    mapping(uint256 => State)   public tokenState;
    mapping(uint256 => address) public ownerOf;
    mapping(uint256 => address) public pendingTransferTo;
    mapping(uint256 => uint256) public transferNonce;

    event TransferInitiated(uint256 indexed tokenId, address indexed from, address indexed to);
    event TransferAccepted(uint256 indexed tokenId, address indexed from, address indexed to);

    function startTransfer(uint256 tokenId, address newOwner) external {
        require(msg.sender == ownerOf[tokenId],            "not owner");
        require(tokenState[tokenId] == State.ENGAGED_WITH_OWNER, "wrong state");
        pendingTransferTo[tokenId] = newOwner;
        tokenState[tokenId] = State.WAITING_FOR_TRANSFER;
        emit TransferInitiated(tokenId, msg.sender, newOwner);
    }

    function acceptTransfer(uint256 tokenId, bytes calldata deviceSig) external {
        require(tokenState[tokenId] == State.WAITING_FOR_TRANSFER, "wrong state");
        require(msg.sender == pendingTransferTo[tokenId],          "not pending");
        bytes memory msgToSign = abi.encodePacked(tokenId, msg.sender, transferNonce[tokenId]);
        // Off-chain or precompile verification of devicePublicKey signing msgToSign with deviceSig.
        // ...
        ownerOf[tokenId] = msg.sender;
        tokenState[tokenId] = State.ENGAGED_WITH_OWNER;
        transferNonce[tokenId]++;
        emit TransferAccepted(tokenId, ownerOf[tokenId], msg.sender);
    }
}

using System;
using System.ComponentModel;
using System.Numerics;
using Neo;
using Neo.Cryptography.ECC;
using Neo.SmartContract.Framework;
using Neo.SmartContract.Framework.Attributes;
using Neo.SmartContract.Framework.Native;
using Neo.SmartContract.Framework.Services;

namespace R3E.Examples;

[DisplayName("PhysicalNFT")]
[ContractPermission("*", "*")]
[SupportedStandards(NepStandard.Nep11)]
public class PhysicalNFT : Nep11Token<TokenState>
{
    public override string Symbol => "PHYS";

    private const byte Prefix_Device   = 0x10;
    private const byte Prefix_State    = 0x11;
    private const byte Prefix_Pending  = 0x12;
    private const byte Prefix_Nonce    = 0x13;

    [DisplayName("TransferInitiated")]
    public static event Action<ByteString, UInt160, UInt160> OnTransferInitiated;
    [DisplayName("TransferAccepted")]
    public static event Action<ByteString, UInt160, UInt160> OnTransferAccepted;

    public static void Mint(UInt160 to, ByteString tokenId, ECPoint devicePubKey)
    {
        // Issuer-only mint.
        Storage.Put(Storage.CurrentContext, DeviceKey(tokenId), devicePubKey.EncodePoint(true));
        Storage.Put(Storage.CurrentContext, StateKey(tokenId),  1);  // ENGAGED_WITH_OWNER
        Mint(tokenId, new TokenState { Owner = to });  // NEP-11 base: Mint(tokenId, TokenState)
    }

    public static void StartTransfer(ByteString tokenId, UInt160 newOwner)
    {
        if (!Runtime.CheckWitness(OwnerOf(tokenId)))         throw new Exception("RWA:NotOwner");
        if (TokenStateOf(tokenId) != 1)                      throw new Exception("RWA:WrongState");
        Storage.Put(Storage.CurrentContext, PendingKey(tokenId), newOwner);
        Storage.Put(Storage.CurrentContext, StateKey(tokenId),   2);  // WAITING_FOR_TRANSFER
        OnTransferInitiated(tokenId, OwnerOf(tokenId), newOwner);
    }

    public static void AcceptTransfer(ByteString tokenId, ByteString deviceSignature)
    {
        if (TokenStateOf(tokenId) != 2)                  throw new Exception("RWA:WrongState");
        var pending = (UInt160)Storage.Get(Storage.CurrentContext, PendingKey(tokenId));
        if (!Runtime.CheckWitness(pending))              throw new Exception("RWA:NotPending");

        var pubKey = (ECPoint)Storage.Get(Storage.CurrentContext, DeviceKey(tokenId));
        var nonce  = (BigInteger)(Storage.Get(Storage.CurrentContext, NonceKey(tokenId)) ?? ByteString.Empty);
        var msg    = tokenId.Concat(pending).Concat((ByteString)(byte[])nonce.ToByteArray());
        if (!(bool)CryptoLib.VerifyWithECDsa(msg, pubKey, deviceSignature, NamedCurveHash.secp256r1SHA256))
            throw new Exception("RWA:InvalidDeviceSignature");

        var oldOwner = OwnerOf(tokenId);
        Transfer(pending, tokenId, null);
        Storage.Put(Storage.CurrentContext, StateKey(tokenId),  1);
        Storage.Put(Storage.CurrentContext, NonceKey(tokenId),  nonce + 1);
        Storage.Delete(Storage.CurrentContext, PendingKey(tokenId));
        OnTransferAccepted(tokenId, oldOwner, pending);
    }

    public static BigInteger TokenStateOf(ByteString tokenId)
        => (BigInteger)(Storage.Get(Storage.CurrentContext, StateKey(tokenId)) ?? ByteString.Empty);
    public static ECPoint DevicePublicKey(ByteString tokenId)
        => (ECPoint)Storage.Get(Storage.CurrentContext, DeviceKey(tokenId));

    private static byte[] DeviceKey(ByteString tokenId)  => new byte[] { Prefix_Device  }.Concat(tokenId);
    private static byte[] StateKey(ByteString tokenId)   => new byte[] { Prefix_State   }.Concat(tokenId);
    private static byte[] PendingKey(ByteString tokenId) => new byte[] { Prefix_Pending }.Concat(tokenId);
    private static byte[] NonceKey(ByteString tokenId)   => new byte[] { Prefix_Nonce   }.Concat(tokenId);
}

Why On-Chain Device Verification Matters

Without on-chain device-signature verification, the NFT becomes a soft claim: anyone holding the NFT could resell it without proving the physical device is in their possession. ERC-4519 makes the NFT conditional ownership — you can hold the NFT, but you can't transfer it without the device's fresh signature. This shifts the attack vector from "steal the NFT" to "steal the device + the NFT", which is materially harder.