ERC-5375 — NFT Author Information and Consent

Back to Token Standards

ERC-5375: NFT Author Information and Consent

ERC-5375 standardises author / creator attribution for NFTs plus the cryptographic consent the author gave to mint the token. Solves the "who actually made this?" problem that plagues NFT marketplaces: without on-chain author metadata, anyone can mint a copy of a famous artist's work to a collection they control, and marketplaces have to rely on off-chain attestation to detect fraud. ERC-5375 lets the author sign a consent message at mint time, embedding both their identity and proof they authorised the mint.

Required Components

The NFT exposes per-token author metadata via JSON metadata extension:

{
  "name": "...",
  "description": "...",
  "authors": [
    {
      "address": "0xa1...",
      "consent": {
        "consent_message": "I consent to the creation of this NFT...",
        "publicKey":  "0x04...",
        "signature":  "0x..."
      }
    }
  ]
}

Marketplaces verify the consent signature client-side; the on-chain contract just stores / serves the metadata.

Neo Equivalent: NEP-11 + Author Metadata Fields

Neo NEP-11 returns metadata via Properties(tokenId) returning a Map of fields. ERC-5375 author / consent fields drop in directly:

public static Map<string, object> Properties(ByteString tokenId)
{
    var props = base.Properties(tokenId);
    var authors = (Map<string, object>[])StdLib.Deserialize(
        (ByteString)Storage.Get(Storage.CurrentContext, AuthorsKey(tokenId)));
    if (authors is not null) props["authors"] = authors;
    return props;
}

public static void RegisterAuthor(
    ByteString tokenId, UInt160 author, ByteString consentMessage,
    ByteString pubKey, ByteString signature)
{
    if (!Runtime.CheckWitness(GetAdmin())) throw new Exception("admin only");
    if (!(bool)CryptoLib.VerifyWithECDsa(consentMessage, (ECPoint)pubKey, signature, NamedCurveHash.secp256r1SHA256))
        throw new Exception("NEP11:InvalidConsent");

    var existing = StoredAuthors(tokenId);
    var entry = new Map<string, object>
    {
        ["address"]   = author,
        ["consent"]   = new Map<string, object>
        {
            ["consent_message"] = consentMessage,
            ["publicKey"]       = pubKey,
            ["signature"]       = signature,
        },
    };
    var updated = new Map<string, object>[existing.Length + 1];
    for (var i = 0; i < existing.Length; i++) updated[i] = existing[i];
    updated[existing.Length] = entry;
    Storage.Put(Storage.CurrentContext, AuthorsKey(tokenId), StdLib.Serialize(updated));
}

ERC-5375 (Ethereum)	Neo Equivalent	Notes
authors[] in JSON metadata	properties(tokenId)["authors"] returning Map array	Same shape over NEP-11's properties view
Off-chain ECDSA signature	On-chain VerifyWithECDsa at registration time	Stronger — invalid signatures reject before storage
Consent message format	Free-form ByteString consent payload	Author / collection's choice
ENS / address resolution	UInt160 author addresses	Neo equivalent
Multiple authors per token	Array of author entries	Direct port

Composition

• ERC-2981 — NFT royalties. Pair: registered authors collect the royalty splits.
• ERC-2309 — consecutive batch mints. For mints of N tokens with the same author, register the author once at the collection level instead of per-tokenId.
• ERC-7160 — multi-metadata. Different metadata versions can carry different author lists if a token has been remixed.

Migration Notes

For Solidity NFT collections using ERC-5375:

1. Replace off-chain consent verification with on-chain VerifyWithECDsa at registration time (cheaper for marketplaces — they trust the contract's check, not their own ad-hoc verifier).
2. Store the author array per tokenId in serialised form.
3. Override Properties(tokenId) to merge author info with base metadata.

The Neo port has stronger guarantees than the Ethereum source — invalid signatures never reach storage, and marketplaces don't need to re-verify (they can trust the on-chain registration).

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;

contract ERC5375 {
    struct AuthorConsent {
        bytes consentMessage;
        bytes publicKey;
        bytes signature;
    }
    struct AuthorEntry { address author; AuthorConsent consent; }

    mapping(uint256 => AuthorEntry[]) internal _authors;

    function registerAuthor(uint256 tokenId, AuthorEntry calldata entry) external {
        // Off-chain: marketplace verifies the entry.consent signature
        // matches the entry.author and entry.consent.consentMessage.
        _authors[tokenId].push(entry);
    }

    function authors(uint256 tokenId) external view returns (AuthorEntry[] memory) {
        return _authors[tokenId];
    }

    // tokenURI returns metadata that includes the authors list as JSON.
}

using System;
using System.ComponentModel;
using Neo;
using Neo.Cryptography.ECC;
using Neo.SmartContract.Framework;
using Neo.SmartContract.Framework.Attributes;
using Neo.SmartContract.Framework.Native;
using Neo.SmartContract.Framework.Services;

namespace R3E.Examples;

[DisplayName("AuthoredNFT")]
[ContractPermission("*", "*")]
[SupportedStandards(NepStandard.Nep11)]
public class AuthoredNFT : Nep11Token<TokenState>
{
    public override string Symbol => "AUTH";

    private const byte Prefix_Authors = 0x80;
    private const byte Prefix_Admin   = 0xff;

    [DisplayName("AuthorRegistered")]
    public static event Action<ByteString, UInt160> OnAuthorRegistered;

    public static void RegisterAuthor(
        ByteString tokenId, UInt160 author, ByteString consentMessage,
        ECPoint pubKey, ByteString signature)
    {
        if (!Runtime.CheckWitness(GetAdmin())) throw new Exception("NEP11:NotAdmin");
        if (!(bool)CryptoLib.VerifyWithECDsa(consentMessage, pubKey, signature, NamedCurveHash.secp256r1SHA256))
            throw new Exception("NEP11:InvalidConsent");

        var existing = StoredAuthors(tokenId);
        var entry = new Map<string, object>
        {
            ["address"] = author,
            ["consent"] = new Map<string, object>
            {
                ["consent_message"] = consentMessage,
                ["publicKey"]       = (ByteString)pubKey.EncodePoint(true),
                ["signature"]       = signature,
            },
        };
        var updated = new object[existing.Length + 1];
        for (var i = 0; i < existing.Length; i++) updated[i] = existing[i];
        updated[existing.Length] = entry;
        Storage.Put(Storage.CurrentContext, AuthorsKey(tokenId), StdLib.Serialize(updated));
        OnAuthorRegistered(tokenId, author);
    }

    public static object[] AuthorsOf(ByteString tokenId)
        => StoredAuthors(tokenId);

    private static object[] StoredAuthors(ByteString tokenId)
    {
        var raw = Storage.Get(Storage.CurrentContext, AuthorsKey(tokenId));
        return raw is null ? new object[0] : (object[])StdLib.Deserialize((ByteString)raw);
    }

    private static byte[] AuthorsKey(ByteString tokenId)
        => new byte[] { Prefix_Authors }.Concat(tokenId);

    private static UInt160 GetAdmin()
        => (UInt160)Storage.Get(Storage.CurrentContext, new byte[] { Prefix_Admin });
}

Why On-Chain Verification Wins

Off-chain verification (the Solidity reference) means every marketplace re-runs the signature check on every NFT view — expensive at scale and opens room for verification bugs. The Neo version verifies once at registration; downstream readers trust the on-chain attestation. This is the same shift OpenSea has been moving towards with its on-chain provenance API; ERC-5375 makes it standard.