Reference Solidity implementation of the CMTAT security token framework developed by CMTA to tokenize financial instruments.
CMTA Token
To use the CMTAT, we recommend the latest audited version, from the Releases page. Currently, it is the version v3.0.0.>
PDF files of README are available here: CMTATSpecificationV3.0.0.pdf, CMTATSpecificationV3.1.0.pdf
Introduction
The CMTA token (CMTAT) is a security token framework that includes various compliance features such as conditional transfer, account freeze, and token pause, as well as several technical features such as ERC-7802 for cross-chain transfer and ERC-7201 for upgradeadibility.
This repository provides CMTA's reference Solidity implementation of CMTAT, suitable for EVM chains such as Ethereum.
[TOC]
History
The CMTA token (CMTAT) is a security token framework that includes various compliance features such as conditional transfer, account freeze, and token pause. CMTAT was initially optimized for the Swiss law framework, however, these numerous features and extensions make it suitable for other jurisdictions too.
The CMTAT is an open standard from the Capital Markets and Technology Association (CMTA), which gathers organizations from the financial, legal and technology sectors. The CMTAT was first developed by a working group of CMTA's members and its development is now overseen by the Technical Committee of CMTA's Advisory Board.
Goal
CMTAT has been built with five main goals:
- Suitable for various regulatory financial assets and instruments (Equities, Structured products, Debt and Stablecoin) and adapted to any jurisdiction (international)
- Easy to modify and adapt for specific use-case (customization) through its modular architecture
- Interoperability with the Ethereum ecosystem by implementing recognized standards:
- Security by undergoing audits from trusted firms like ADBK and Halborn, and by implementing a range of industry best practices.
- Freedom of use through an open-source weak copyleft license (MPL-2.0)
By taking these five main goals, here a comparison with others known implementations to deploy financial instruments on-chain.
| | CMTAT | ERC-3643
(Tokeny implementation) | ERC-1400
(UniversalToken) | TokenF | ERC-20 Smart Coin (Cast framework) | | ----------------------------------------------------- | ------------------------------------------------------------ | ------------------------------------------------------------ | ------------------------------------------------------------ | ------------------------------------------------------------ | ------------------------------------------------------------ | | Version/Commit | v3.0.0
(09/2025) | 4.2.0-beta2
(01/2025) | 54320c6
(01/2024) | 0c1c2ac
(04/2025) | dd8bf5e
(01/2025) | | Company / Association behind | CMTA | Tokeny, ERC3643 Association | Consensys | Distributed Lab | SOCIÉTÉ GÉNÉRALE FORGE | | 1
(suitable for various financial instruments) | ✔ | Partial | ✔ | Partial | Partial | | Details | - | Lack of support for Debt product
On-chain identity management can potentially make it too complex for stablecoins
Also lacks support for adding information related to on-chain terms (hash, uri) | - | Lacks support for adding information related to on-chain terms (hash, uri) as well as Debt product but contracts could be extended. | Lacks support for adding information related to on-chain terms (hash, uri) as well as Debt product | | 2
(customizable) | ✔ | ✘ | ✘ | ✔ | ✔ | | Details | Modular architecture | Code difficult to modify because functionalities are not clearly separated and onchain identity management is required | Code difficult to modify because functionalities are not clearly separated | Customizable but uses the Diamant proxy pattern structure which makes it more complex to implement | Contracts are minimalist and easy to modify | | 3
(interoperability) | ✔ | ✔ | Partial | ✔ | ✔ | | Details | Tokenization: ERC-3643 (without on-chain identity), ERC-7943 (uRWA), ERC-1404, ERC-7551, ERC-1363,...
Technicals: ERC-20, ERC-2771, ERC-7201, ERC-7802,... | ERC-20 and ERC-3643 | While ERC-1400 is an ERC-20,
the standard ERC-1400 is not itself an official standard
It has also a dependence with ERC-1820 registry contract, which is not always available/deployed on some layer2. | ERC-20 and ERC-2535 | ERC-20 | | 4
(Security) | ✔ | ✔ | ✘ | ✘ | ✘ | | | - 1.0 and 2.3.0: audited by ABDK
3.0.0 audited by Halborn
- RBAC Access Control | - Past version audited by Hacken.
- Lack of granularity in term of Access Control (only two roles: Agent and Owner) | No official public audit for the last commits,
last audit was done in 2020 | No official audit available | No official audit available | | 5
(License - Open source & Allow Commercial use) | ✔ | Partial
(only ERC-3643 core) | ✔ | ✔ | | | | MPL-2.0
(weak copyleft) | - ERC-3643 core: GPL 3.0 (strong copyleft)
- Compliance module: CC-BY-NC-4.0(forbid commercial use) | Apache 2.0
(permissive) | MIT
(permissive) | Apache-2.0 license
(permissive) |
Who uses CMTAT and for what?
CMTAT is suitable for the digitalization of various financial assets. Below is a selection of public case studies
More details are available here: cmta.ch/faqs
Digitalization of equity securities
The CMTAT was initially designed for the digitalization of company shares. For SMEs, digitalization provides an opportunity to access new financing and investment models by selling digital shares through online exchanges. Some companies that have digitalized shares using the CMTAT include:
- Daura uses the CMTAT through their own fork to digitalize the shares of companies using its platform, deployed on zkSync.
- Taurus SA (partial list): Magic Tomato SA (2022) - an online grocery platform opened its governance and capital to its community, by issuing digital non-voting shares (bons de participation), Qoqa Brew (2022) - an online retailer opened the capital of its on-site brewery Q-Brew to its community by issuing digital non-voting shares, Cité Gestion SA (2023) - a Swiss bank and wealth manager, issued digitalized shares in 2022, using the CMTAT, CODE41 (2023) - a Swiss watchmaking company tokenized its shares for a capital increase using CMTAT.
Digitalization of debt securities
- Project Guardian - UBS (2024): CMTAT was used to issue a digital bond by UBS, as part of the first live repo transaction with a natively-issued digital bond on a public blockchain as part of the Monetary Authority of Singapore’s (MAS) Project Guardian.
- The Obligate platform Enote Protocol enables BulletBond issuances using smart contracts, deployed on Polygon PoS. For this purpose, they use a fork of CMTAT with the
SnapshotModule(replaced in CMTAT v3.0.0 by the SnapshotEngine) and the DebtModule. - SCCF (2023): trade finance firm SCCF issued short term tokenized notes to refinance a loan to a commodity trading firm active in biofuels through Taurus SA. See also SCCF and Taurus Announce Successful Tokenization of End-to-End Trade Finance Transaction on TDX Marketplace (2024)
Digitalization of structured products
- In early 2024, UBS executed a pilot transaction with OSL, a licensed professional investor in Hong Kong, to issue a tokenized warrant on Ethereum using the CMTAT smart contract framework. The tokenization arrangement for this warrant utilizes the CMTAT codebase to represent the warrant smart contract, which forms part of the tokenized register of holders. See [ubs.com - UBS expands its digital asset capabilities by launching Hong Kong’s first-ever tokenized warrant on the Ethereum network [ubs.com]](https://www.ubs.com/global/en/media/display-page-ndp/en-20240207-tokenized-warrant.html).
- Credit Suisse, Pictet and Vontobel (2022) issued tokenized investment products that were traded on BX Swiss as part of a proof-of-concept leveraging the CMTAT.
Digitalization of artwork
- Syz Group, a Swiss private bank, has successfully digitized two pieces of art using CMTAT in 2023 and 2024. See Syz Art Tokenisation
Tokenized market funds
- In 2024, UBS launched UBS USD Money Market Investment Fund Token (uMINT), a Money Market investment built on Ethereum distributed ledger technology. The tokenization arrangement for this fund utilizes CMTAT codebase to represent the fund smart contract, which forms part of the fund’s tokenized register of members. See [ubs.com - UBS Asset Management launches its first tokenized investment fund [ubs.com]](https://www.ubs.com/global/en/media/display-page-ndp/en-20241101-first-tokenized-investment-fund.html)
Tokenization platform
- Fireblocks integrates CMTAT into their tokenization platform. See also Fireblocks - Fireblocks joins CMTA to define the standards for tokenization in traditional capital markets
- Taurus SA integrates CMTAT (Solidity and Tezos version) into their tokenization platform called Taurus-CAPITAL
Wrapped Tokens
- 21.co (the original parent company of 21Shares acquired by FalconX) used CMTAT through their own fork to create Wrapped Tokens on Ethereum. See for example Wrapped Bitcoin(21BTC) on Etherscan and their announcement
Private DvP settlement
- In 2026, Seturion successfully achieved private DvP settlement of tokenized assets on a public blockchain stack while keeping all sensitive data confidential using the implementation of CMTAT on Aztec, an Ethereum Layer-2 network that employs zero-knowledge cryptography on protocol level to ensure fully programmable privacy. Read more here.
Where CMTAT is mentioned?
CMTAT is referenced in several reports. Although these reports do not reflect the most recent version, they already provide a good indication of potential use cases. The insights from these reports have also contributed to numerous improvements in CMTAT.
- University of Toronto - Blockchain Meets Securities: A Scalable Tokenization Framework / pdf (2025), page 22
- Forum - Asset Tokenization in Financial Markets: The Next Generation of Value Exchange (2025), page 38
- King's Business School/Rhys Bidder - What Is The Future Of Stablecoins, And How Do We Get There? (2025), page 33
- Nethermind - Tokenization Standards: The Missing Link for Institutional Adoption (2025): page 2, 16, 19, 33-36 & 39
- Nethermind & PwC Germany - Tokenization Standards: Taming the Regulatory Menagerie
- Project Guardian - Fixed Income Framework (2024): page 13, 39, 59 & 65
- ICMA contribution to MAS Guardian Fixed Income Framework (GFIF) publication (2024)
What Makes CMTAT Different from a Regular ERC-20 Token?
Standard ERC-20 tokens allow anyone to transfer freely. CMTAT adds compliance features required for real-world financial assets such as:
| Feature | Purpose | | -------------------------------------- | ------------------------------------------------------------ | | Pause | Freeze all transfers globally (e.g., during corporate actions) | | Account Freeze | Block specific addresses from transferring | | Transfer Validation - Custom rules | Custom rules (RuleEngine) allowing to restrict transfers based on the origin, the receiver or the amount transferred | | Forced Transfer | Admins can move tokens from frozen accounts | | Snapshots | Record balances at specific times (for dividends) | | Documents | Attach legal documents to the token |
Use case
Financial instruments
This reference implementation allows the issuance and management of tokens representing equity securities, and other forms of financial instruments such as debt securities and structured products. It can also be used for stablecoins.
Jurisdiction
CMTAT was initially optimized for the Swiss law framework, it then took a more international path with the version v3.0.0. Subsequently, its numerous compliance features, as well as the numerous configuration possibilities during deployment, make it also suitable for other jurisdictions.
Its modular structure allows it to be easily modified to suit specific cases. For example, a deployment version has been made for Germany (ERC-7551 / eWpG).
You may modify the token code by adding, removing, or modifying features. However, the core modules must remain in place for compliance with the CMTA specification.
Specific deployment version tailored to use case
Product use case (equities, stablecoins)
CMTAT comes with several different deployment versions to meet specific use cases.
| Product | Deployment version | Note | | -------------------------- | ------------------ | ------------------------------------------------------------ | | Equities | CMTAT Standard | All features, without those directly to Debt | | Equities in Germany | CMTAT ERC-7551 | The standard version with a few supplementary functions to meet the standard ERC-7551, tailored for the Germany and eWpg. | | Debt/bond | CMTAT Debt
| CMTAT Standard is also suitable but this version adds the possibility to put several on-chain information related to debt and bond product | | Stablecoin (e.g USDC/USDT) | CMTAT Light | The core features (i.e., minting, burning,address freeze / blacklisting, pause) without additional functions required by equities and debt instruments (e.g., document management, snapshot, partial freeze of balances). |
Technical use case (whitelist, upgradeable/proxy)
| Features | Deployment version supported | | ------------------------------------------------------------ | ------------------------------------------------------------ | | Restrict transfer to inside a whitelist / Allowlist | CMTAT Allowlist
Or all other deployment (except Light) version with a RuleEngine configured | | On-chain snapshot
(useful for on-chain dividend distribution) | All deployment version (except Light) with a SnapshotEngineconfigured | | Deployment through proxy (Upgradeable)
Deployment immutable (standalone / without proxy) | Each deployment version comes with a standalone (immutable) or upgradeable mode.
A specific deployment version exists for UUPS Proxy | | MetaTx/Gasless with ERC-2771 | All deployment version, except Debt & Light version |
CMTAT for stablecoins
Here is a comparison between the features present in major custodian stablecoin and the library CMTAT.
| | | Monerium | USDC | USDT | CMTAT 3.0.0 Light | CMTAT 3.0.0 Standard | | :----------------------------- | :----------------------------------------------------------- | :----------------------------------------------------------- | :----------------------------------------------------------- | :----------------------------------------------------------- | :----------------------------------------------------------- | ------------------------------------------------------------ | | Source | | ec59a36 | Ethereum USDC implementation contract | Ethereum USDT address | | | | Currency | | $, euros, pound sterling, Icelandic króna | $ | $ | - | - | | Company behind | | Monerium | Circle | Tether | CMTA | CMTA | | Standard | | | | | | | | | ERC-20 | ✔ | ✔ | ✔ | Same as standard version | ✔ | | | ERC-2612 Permit | ✔
(GitHub) | ✔ | ✘ | Same as standard version | ✘ | | | ERC-3009
(Transfer With Authorization) | ✘ | ✔ | ✘ | Same as standard version | ✘ | | | ERC-2771 (MetaTX) | ✘ | ✘ | ✘ | ✘ | ✔
(ERC2771Module / CMTATBaseERC2771) | | ERC-20 extends functionalities | | | | | | | | | Mint/issue | ✘
(see mint with allowance) | ✘
(see mint with allowance) | ✔ | Same as standard version | ✔ | | | Mint with dedicated allowance ("mintFrom") | ✔
(Github) | ✔ | ✘ | Same as standard version | ✘ | | | Batch Mint version | ✘ | ✘ | ✘ | Same as standard version | ✔ | | | burn / redeem | ✔
(Github) | ✔ | ✔
(redeem/ destroyBlackFunds | Same as standard version | ✔ | | | Set name after deployment | ✘ | ✘ | ✘ | Same as standard version | ✔
(ERC20BaseModule) | | | Set symbol after deployment | ✘ | ✘ | ✘ | Same as standard version | ✔
(ERC20BaseModule) | | Regulatory | | | | | | | | | Integrated blacklist
(inside token smart contract) | ✘ | ✔ | ✔ | Same as standard version | ✔ | | | External blacklist
(can be shared with several different tokens) | ✔
GitHub | ✘ | ✘ | ✘ | ✔
(through a dedicated smart contract RuleEngine) | | | | Monerium | USDC | USDT | CMTAT 3.0.0 Light | CMTAT 3.0 Standard | | Access Control | | | | | | | | | Ownership | ✔
(Github) | ✔ | ✔ | Same as standard version | ✘
(use Access Control instead, but ownership could be added) | | | RBAC Access control | ✔
GitHub | ✔
(Minter & Blacklister) | ✘ | Same as standard version | ✔ | | Upgradeability | | | | | | | | | Upgradable (transparent/Beacon) | ✘ | ✔ | ✘ | Same as standard version | ✔ | | | Upgradeable UUPS
| ✔
(GitHub) | ✘ | ✘ | ✘ | ✔
(through a dedicated deployment version) | | | Migrate function integrated | ✘ | ✘ | ✔
(because USDT was made before the apparition of proxy architecture) | Same as standard version | ✘ | | Standalone (immutable) | | ✘ | ✘ | ✔ | Same as standard version | ✔ (through a dedicated deployment version) | | Pause transfers | | Partial
Could use the validator contract to pause all transfers (GitHub) | ✔ | ✔ | Same as standard version | ✔
(PauseModule) | | Fee on transfer | | ✘ | ✘ | ✔
(currently set at 0) | Same as standard version | ✘ |
CMTAT for tokenized market funds
Here is a comparison between the features present in known tokenized market funds and the library CMTAT.
| | | Spiko
(EUTBL and USTBL) | Franklin Templeton
(FOBXX / Benji) | Blackrock
(BUIDL) | CMTAT 3.0.0 Standard | CMTAT 3.00 ERC-1363 | | :----------------------------------------------------------- | :----------------------------------------------------------- | :----------------------------------------------------------- | ------------------------------------------------------------ | ------------------------------------------------------------ | ------------------------------------------------------------ | ------------------------------------------------------------ | | Reference | | | Franklin OnChain U.S. Government Money Fund (FOBXX)
Avalanche - Franklin Templeton Launches Tokenized Money Market Fund BENJI On The Avalanche Network | Securitize contracts
Proxy
Implementation | - | - | | Source | | 9ef58f3 | Franklin Templeton Digital Assets - contracts
Contract proxy
Contract implementation | | - | - | | Company behind | | Spiko | Franklin Templeton | Blackrock through Securitize | CMTA | CMTA | | Standard | | | | | | | | | ERC-20 | ✔ | ✔ | ✔ | ✔ | Same as standard version | | | ERC-1363 | ✔ | ✘ | ✘ | ✘ | ✔ | | | ERC-2612 Permit | ✔
(GitHub) | ✘ | ✘ | ✘
(Could be extended to support it) | Same as standard version | | | ERC-2771 (MetaTX) | ✔
(GitHub) | ✘ | ✘ | ✔ | Same as standard version | | ERC-20 extends functionalities | | | | | | | | | Mint/issue | ✔
(GitHub) | ✔ | ✔ | ✔ | Same as standard version | | | Mint with dedicated allowance ("mintFrom") | ✘ | ✘ | ✘ | ✘ | Same as standard version | | | Batch Mint version | ✘ | ✘ | ✘ | ✔ | Same as standard version | | | burn / redeem | ✔
(Github) | ✔ | ✔
(burn & omnibusBurn) | ✔ | Same as standard version | | Regulatory | | | | | | | | | Whitelist / Allowlist | ✔ | ✔
(through external contract moduleRegistry) | ✔
(through external contract ComplianceServiceWhitelisted) | ✔
(through RuleEngine) | Same as standard version | | | On-chain country investor restriction /banned | ✘ | ✘ | ✔
(though an on-chain list of investor and the library ComplianceServiceLibrary ) | | | | | Integrated blacklist
(inside token smart contract) | ✘
(Could be implemented, but use a whitelist system currently) | ✘ | ✘ | ✔
(EnforcementModule) | Same as standard version | | | External blacklist
(can be shared with several different tokens) | ✔
GitHub | ✔
(through external contract moduleRegistry) | ✘ | ✔
(RuleEngine) | Same as standard version | | | Forced Transfer | ✘ | ✔
(called instantTransfer) | ✔
(called size) | ✔ | Same as standard version | | | Restriction on transferFrom | ✘ | ✔
(through disableERC20ThirdPartyTransfer & enableERC20ThirdPartyTransfer) | ✘ | Partial
(transfer revert if spender is frozen) | Same as standard version | | | | Spiko | Franklin Templeton
(FOBXX / Benji) | Blackrock
(BUILD) | CMTAT 3.0.0 Standard | CMTAT 3.00 ERC-1363 | | Access Control | | | | | | | | | Ownership | ✔
(Github) | ✘
(only ModuleRegistry is ownable) | ✔ | ✘
(easily adaptable to support this) | Same as standard version | | | RBAC Access control | ✔
GitHub | ✔ | ✔
(several roles: Exchange, Issuer, transfer agent and master) | ✔ | Same as standard version | | | Access Control Manager | ✔
(GitHub) | ✘ | ✘ | ✘
(Could be extended to support it) | Same as standard version | | Upgradeability | | | | | | | | | Upgradable (transparent/Beacon) | ✔ | ✔
| ✔ | ✔ | Same as standard version | | | Upgradeable UUPS
| ✔
(GitHub) | ✔
| ✘ | ✘
(Could be extended to support it) | Same as standard version | | Pause transfers | | ✔
(GitHub) | ✔
(trough enableERC20Transfer and disableERC20Transfer) | ✔ | ✔ | Same as standard version | | Lock tokens | | ✘ | ✘ | ✔ | ✘ | Same as standard version | | Specific functions for omnibus wallet | | ✘ | ✘ | ✔ | ✘
(see specific deployment version) | Same as standard version | | Dedicated function to fetch the list of token holders and their balance | | ✘ | ✔
(getAccountsBalances) | ✔
(checkWalletsForList & balanceOfInvestor) | ✘ | Same as standard version | | Price indicated on-chain | | ✘ | ✔
(lastKnownPrice) | ✘ | ✘ | Same as standard version |
Note
- Fasanara Capital Ltd has also tokenized a money market fund. Since they have worked with Tokeny and use therefore the ERC-3643 standard, a comparison with this standard is provided in other sections of this document. See also Tokeny - How Tokeny Powers Fasanara’s Tokenized Money Market Funds
- Upgradeability: a specific CMTAT deployment version allows to use UUPS proxy
Comparison of CMTAT and other tokenization frameworks
Here is a comparison between the features present in known tokenization framework and the library CMTAT.
| Label | CMTAT Solidity code | ERC-1400 | ERC-3643 | Cast Framework | | :----------------------------------------------------------: | :----------------------------------------------------------: | :----------------------------------------------------------: | ------------------------------------------------------------ | ------------------------------------------------------------ | | Version/implementation compared | CMTAT v3.1.0 | UniversalToken (Consensys) | Tokeny's T-Rex
3fcf44d
(06/02/2025) | Smart Coin (ERC-20 version)
dd8bf5e | | Company / Association behind | CMTA | Consensys | Tokeny, ERC3643 Association | SOCIÉTÉ GÉNÉRALE FORGE | |
README truncated. View on GitHub