ERC-7943 — Universal Real World Asset Interface (uRWA)

Back to Token Standards

ERC-7943: Universal Real World Asset Interface

ERC-7943 (uRWA) provides a token-type-agnostic interface for real-world assets. Where ERC-3643 (T-REX) is fungible-only and shipped as a heavy framework, uRWA is the umbrella interface that any RWA token — fungible (ERC-20), non-fungible (ERC-721), semi-fungible (ERC-3525), or multi-token (ERC-1155) — can declare. Its surface is the minimum set every regulated asset needs:

• Asset capability flags (transferable, recoverable, freezable, …).
• A standardised "is this transfer compliant?" view.
• Issuer-controlled freeze / recovery operations.
• Cross-token-type asset metadata.

Adopted as the convergence layer over the fragmented RWA standards — T-REX (3643), bonds (3475 / 7092), tokenised funds (5117), regulated exchanges. Closes Last Call in late 2025.

Required Interface (abridged)

interface IERC7943 {
    enum Capability {
        Transferable,        // 0
        Recoverable,         // 1
        Freezable,           // 2
        ForcedTransferable,  // 3
        Issuable,            // 4
        Burnable             // 5
    }

    event AssetCapabilitySet(Capability cap, bool enabled);
    event ComplianceCheckFailed(address from, address to, uint256 amountOrId, string reason);

    function hasCapability(Capability cap) external view returns (bool);
    function tokenType() external view returns (string memory);  // "erc20" | "erc721" | "erc1155" | "erc3525"
    function isTransferCompliant(address from, address to, uint256 amountOrId)
        external view returns (bool, string memory);

    // Issuer ops (gated on access control)
    function freeze(address account, bool frozen) external;
    function recover(address from, address to, uint256 amountOrId) external;
    function forceTransfer(address from, address to, uint256 amountOrId) external;
}

The capability flags are read-once-at-deploy (the token tells the world what it supports); the compliance hook fires per-transfer (returning a reason string for off-chain debugging when blocked). The issuer operations are the same set ERC-3643 ships, made available across token types.

Neo Equivalent: NEP-17 / NEP-11 + Capability Flags + Compliance Hook

The Neo port composes existing pieces:

• Capability flags stored as a bitmap at deploy.
• Compliance hook — calls out to an ERC-7144-style validator contract before each transfer.
• Freeze / recover / forceTransfer as issuer-only methods (witness- checked against the issuer admin slot).

public static bool HasCapability(int cap)
    => ((BigInteger)(Storage.Get(Storage.CurrentContext, new byte[] { Prefix_Caps }) ?? ByteString.Empty) & (BigInteger.One << cap)) != 0;

public static (bool, string) IsTransferCompliant(UInt160 from, UInt160 to, BigInteger amountOrId)
{
    if (!HasCapability(0)) return (false, "non-transferable");
    if (IsFrozen(from))    return (false, "sender frozen");
    if (IsFrozen(to))      return (false, "recipient frozen");
    var validator = ValidatorAddress();
    if (validator is not null)
    {
        var ok = (bool)Contract.Call(validator, "isTransferValid", CallFlags.ReadOnly,
            new object[] { Runtime.ExecutingScriptHash, from, to, amountOrId });
        if (!ok) return (false, "validator rejected");
    }
    return (true, "");
}

ERC-7943 (Ethereum)	Neo Equivalent	Notes
hasCapability(cap)	HasCapability(int cap) reading the deploy-time bitmap	Direct port
tokenType()	Read from manifest's supportedstandards (NEP-11 / NEP-17 / NEP-24)	Same intent
isTransferCompliant(...)	IsTransferCompliant(...) returning (bool, string)	Wrapper around ERC-7144 validator + freeze list
freeze(account, bool)	Freeze(account, bool) issuer-witness-checked	Same
recover(from, to, id)	Recover(from, to, idOrAmount) issuer-witness-checked	Lost-key recovery
forceTransfer(...)	ForceTransfer(...) issuer-witness-checked, bypasses freeze + compliance	Reg-required override
Issuable capability	Tied to whether Mint is exposed	Wire convention
Burnable capability	Tied to whether Burn is exposed	Wire convention

Composition

• ERC-3643 — T-REX framework. uRWA is the umbrella interface; T-REX is the fungible specialisation. Implement both: T-REX gives you the heavy compliance machinery, uRWA gives you the cross-type vocabulary.
• ERC-7144 — transfer validation hook. uRWA's isTransferCompliant is naturally backed by an ERC-7144 validator.
• ERC-3475 + ERC-7092 — bonds. Both are uRWA-conformant when wrapped with the capability flags.
• ERC-6093 — error vocabulary. Compliance failure reasons should match the standardised codes.

Migration Notes

For existing T-REX (ERC-3643) deployments adding uRWA:

1. Implement hasCapability(cap) returning the relevant flags from your existing T-REX feature set.
2. Implement tokenType() returning "erc20".
3. Implement isTransferCompliant(from, to, amount) by wrapping your existing T-REX compliance + identity-registry checks.
4. The freeze/recover/forceTransfer methods already exist in T-REX; map the names directly.

For greenfield Neo RWA tokens, prefer uRWA over T-REX as the canonical interface unless you specifically need T-REX's identity registry. The uRWA + ERC-7144 validator combination is lighter and expresses the same capabilities without identity-claim infrastructure.

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;

interface IValidator {
    function isTransferValid(address token, address from, address to, uint256 amountOrId)
        external view returns (bool);
}

contract URWAToken {
    enum Capability { Transferable, Recoverable, Freezable, ForcedTransferable, Issuable, Burnable }

    address  public issuer;
    uint256  public capabilities;        // bitmap
    IValidator public validator;
    mapping(address => bool) public isFrozen;
    mapping(address => uint256) public balanceOf;

    event AssetCapabilitySet(Capability cap, bool enabled);
    event Frozen(address indexed account, bool frozen);
    event Recovered(address indexed from, address indexed to, uint256 amountOrId);

    modifier onlyIssuer() { require(msg.sender == issuer, "issuer only"); _; }

    constructor(address _issuer, uint256 _caps) {
        issuer       = _issuer;
        capabilities = _caps;
    }

    function hasCapability(Capability cap) public view returns (bool) {
        return (capabilities & (1 << uint8(cap))) != 0;
    }

    function tokenType() external pure returns (string memory) { return "erc20"; }

    function isTransferCompliant(address from, address to, uint256 amount)
        public view returns (bool, string memory)
    {
        if (!hasCapability(Capability.Transferable)) return (false, "non-transferable");
        if (isFrozen[from]) return (false, "sender frozen");
        if (isFrozen[to])   return (false, "recipient frozen");
        if (address(validator) != address(0)) {
            if (!validator.isTransferValid(address(this), from, to, amount)) return (false, "validator rejected");
        }
        return (true, "");
    }

    function freeze(address account, bool frozen) external onlyIssuer {
        require(hasCapability(Capability.Freezable), "no freeze capability");
        isFrozen[account] = frozen;
        emit Frozen(account, frozen);
    }

    function recover(address from, address to, uint256 amount) external onlyIssuer {
        require(hasCapability(Capability.Recoverable), "no recover capability");
        balanceOf[from] -= amount;
        balanceOf[to]   += amount;
        emit Recovered(from, to, amount);
    }

    function forceTransfer(address from, address to, uint256 amount) external onlyIssuer {
        require(hasCapability(Capability.ForcedTransferable), "no force-transfer capability");
        balanceOf[from] -= amount;
        balanceOf[to]   += amount;
    }
}

using System;
using System.ComponentModel;
using System.Numerics;
using Neo;
using Neo.SmartContract.Framework;
using Neo.SmartContract.Framework.Attributes;
using Neo.SmartContract.Framework.Native;
using Neo.SmartContract.Framework.Services;

namespace R3E.Examples;

[DisplayName("URWAToken")]
[ContractPermission("*", "*")]
[SupportedStandards(NepStandard.Nep17)]
public class URWAToken : Nep17Token
{
    public override string Symbol  => "URWA";
    public override byte   Decimals => 8;

    private const byte Prefix_Issuer    = 0x01;
    private const byte Prefix_Caps      = 0x02;
    private const byte Prefix_Validator = 0x03;
    private const byte Prefix_Frozen    = 0x10;

    [DisplayName("AssetCapabilitySet")]
    public static event Action<int, bool> OnCapabilitySet;
    [DisplayName("Frozen")]
    public static event Action<UInt160, bool> OnFrozen;
    [DisplayName("Recovered")]
    public static event Action<UInt160, UInt160, BigInteger> OnRecovered;

    [DisplayName("_deploy")]
    public static void Deploy(object data, bool update)
    {
        if (update) return;
        var args = (object[])data;
        Storage.Put(Storage.CurrentContext, new byte[] { Prefix_Issuer }, (UInt160)args[0]);
        Storage.Put(Storage.CurrentContext, new byte[] { Prefix_Caps },   (BigInteger)args[1]);
    }

    private static UInt160 Issuer()
        => (UInt160)Storage.Get(Storage.CurrentContext, new byte[] { Prefix_Issuer });

    public static bool HasCapability(int cap)
        => ((BigInteger)(Storage.Get(Storage.CurrentContext, new byte[] { Prefix_Caps }) ?? ByteString.Empty)
              & (BigInteger.One << cap)) != 0;

    [Safe]
    public static string TokenType() => "nep17";

    public static (bool, string) IsTransferCompliant(UInt160 from, UInt160 to, BigInteger amount)
    {
        if (!HasCapability(0)) return (false, "non-transferable");
        if (IsFrozenAddr(from)) return (false, "sender frozen");
        if (IsFrozenAddr(to))   return (false, "recipient frozen");

        var validator = (UInt160)Storage.Get(Storage.CurrentContext, new byte[] { Prefix_Validator });
        if (validator is not null)
        {
            var ok = (bool)Contract.Call(validator, "isTransferValid", CallFlags.ReadOnly,
                new object[] { Runtime.ExecutingScriptHash, from, to, amount });
            if (!ok) return (false, "validator rejected");
        }
        return (true, "");
    }

    public static void Freeze(UInt160 account, bool frozen)
    {
        if (!HasCapability(2))                throw new Exception("URWA:NoFreezeCapability");
        if (!Runtime.CheckWitness(Issuer())) throw new Exception("URWA:NotIssuer");
        var k = FrozenKey(account);
        if (frozen) Storage.Put   (Storage.CurrentContext, k, 1);
        else        Storage.Delete(Storage.CurrentContext, k);
        OnFrozen(account, frozen);
    }

    public static void Recover(UInt160 from, UInt160 to, BigInteger amount)
    {
        if (!HasCapability(1))                throw new Exception("URWA:NoRecoverCapability");
        if (!Runtime.CheckWitness(Issuer())) throw new Exception("URWA:NotIssuer");
        // Direct balance transfer bypassing freeze + compliance.
        Nep17Token.Transfer(from, to, amount, null);
        OnRecovered(from, to, amount);
    }

    public static void ForceTransfer(UInt160 from, UInt160 to, BigInteger amount)
    {
        if (!HasCapability(3))                throw new Exception("URWA:NoForceTransferCapability");
        if (!Runtime.CheckWitness(Issuer())) throw new Exception("URWA:NotIssuer");
        Nep17Token.Transfer(from, to, amount, null);
    }

    public new static bool Transfer(UInt160 from, UInt160 to, BigInteger amount, object data)
    {
        var (ok, reason) = IsTransferCompliant(from, to, amount);
        if (!ok) throw new Exception("URWA:" + reason);
        return Nep17Token.Transfer(from, to, amount, data);
    }

    public static bool IsFrozenAddr(UInt160 a)
        => Storage.Get(Storage.CurrentContext, FrozenKey(a)) is not null;

    private static byte[] FrozenKey(UInt160 a) => new byte[] { Prefix_Frozen }.Concat(a);
}

Why uRWA Over Per-type RWA Standards

ERC-7943 lets a single off-chain compliance / risk dashboard handle fungible RWAs (T-REX-style stablecoins), bond NFTs (ERC-3475 / 7092 wrappers), tokenised funds, and tokenised real estate uniformly. The indexer reads tokenType() + capability flags and chooses its rendering / monitoring path. Without uRWA, every dashboard has to hard-code per-standard heuristics.