A comparison of different security token standards 2025
by Jean-Philippe Aumasson and Ryan Sauge
We propose a comparison of CMTAT with other tokenization smart contract frameworks, namely:
- ERC-1400, as supported by the UniversalToken implementation (https://github.com/Consensys/UniversalToken/tree/54320c6f7a8ee1fd7fcb19073e9c122e1e8f96f9)
- ERC-3643, also known as “T-REX Protocol”, whose reference implementation is at https://github.com/TokenySolutions/T-REX/tree/3fcf44d4fc102fb891aaad27ee58e8936d885542 (06.02.2025*).
- Cast Framework (https://github.com/castframework/smartcoin/tree/dd8bf5e1ba24d2379b102db74bfc8326fb649b65)
We compare these with CMTAT’s Solidity version 3.0.0. Note that, unlike those frameworks, CMTAT is a blockchain-agnostic tokenization standard, of which implementations exist for other, non-EVM blockchains.
Disclaimer: The comparison points are not exhaustive. The absence of a feature is not necessarily a negative point but may just be a design choice. Each tokenization framework has its unique properties, and different use cases may call for different technology choices. We also restrict our comparison to Solidity, EVM-compatible smart contracts, and thus do not include, for example, the Polymesh network technology. This comparison was carried out as of July 2025.
*Note: At the time of our analysis (July 2025), the next version of T-REX/ERC-3643 had not yet been merged into the main branch and officially released. However, it is assumed that it would be merged soon and that it would also be audited.
Comparison of tokenization smart contract frameworks |
||||
|---|---|---|---|---|
| CMTAT Solidity code | ERC-1400 | ERC-3643 | Cast Framework | |
| Version compared | CMTAT 3.0.0 | UniversalToken (Consensys) | Tokeny's T-Rex 3fcf44d | Smart Coin (ERC-20 version) dd8bf5e |
| Company/Association behind | CMTA | Consensys | Tokeny, ERC3643 Association | Societe Generale FORGE |
| ERC-20 | ||||
| Transfer restriction (blacklist / address freeze) | ||||
| On-chain identity management | (could be added with a RuleEngine) | |||
| Document management | YES (ERC-1643) | YES (ERC-1643) | ||
| Whitelist management | YES (deployment version or RuleEngine) | YES (on-chain id) | ||
| Token contract pause | ||||
| Conditional Transfer for specific addresses | YES (integrated into the token) | |||
| Conditional Transfer for all addresses | YES (through RuleEngine) | YES (through compliance contract) | ||
| Configurable ERC-20 decimals | Set at 18 | |||
| Role-based access control | Partial (only one role Agent) | |||
| Mint & burn to any address | ||||
| Forced transfer function | Partial (Only force burn is available) | |||
| Partially fungible token support | ||||
| Contract version on-chain | ||||
| Deployable on Layer2 and other EVM blockchains | YES (requires PUSH0) | Partial (requires ERC-1820 Registry contract) | YES (requires PUSH0) | |
| License | MPL 2.0 (weak copyleft) |
Apache 2.0 (permissive) |
GPL 3.0 (strong copyleft) |
Apache 2.0 (permissive) |
| Third-party security audit | ||||
| MetaTx ("Gasless") support (ERC-2771) | ||||
| Security identifiers | ||||
| Explicit support of debt instruments | ||||
| MetaTX ("Gasless") support (ERC-2771) | ||||
| Customizable modular design | ||||
| ERC-7802 Cross-chain transfer | ||||
| ERC-20 custom errors | YES (uses OpenZeppelin v5) | (uses OpenZeppelin v4) | ||
| Upgradability with ERC-7201 | ||||
| Snapshots/checkpoints | YES (external contract) | |||