Designing a Security Token Blockchain (4): Controllable Standard
By Mels Dees

Jun 10, 2019

Jump to series 1: Permissioned vs Permissionless
Jump to series 2: Direct settlement, Fork & Pool resistance
Jump to series 3: privacy


This is the fourth article in a multi-part series where we deep-dive into the design choices behind the Dusk Network. In this article we explain why we are designing a controllable smart contract standard.

Series outline

The first article in the series talked about our choice for a public and permissionless blockchain. The second article talked about our choice for direct settlement finality, fork resistance and pool resistance. The third article describes why privacy is a requirement for security token blockchains and surmounting the technical challenges faced when creating one.

Today we discuss our smart contract (XSC). In particular, the controllable standard that grants the contract owner, or issuer, additional powers such as the ability to force transfer their XSC-based securities, even when they are in an investors’ wallet. The ability to do so comes from legal and regulatory requirements and we discuss the measures that prevent misuse.

Forced transfer

In the context of blockchain technology, forced transfer describes the ability of the issuer of XSC-based securities to control their securities wherever they are. This feature allows solely the issuer to transfer these XSC-based securities, even when they are in investor wallets, to comply with legal requirements or shareholder rights.

Controllable standard

Describes the permission to control, and thereby transfer, specific XSC-based securities by the smart contract owner.

Why Dusk Network uses a controllable-standard

To purchase a security token KYC and applicable checks must be passed in order for the investor to become eligible. Upon passing the identity verification process, and meeting the legal requirements, the investor’s public key is added to the whitelist. Thereafter, the investor is able to buy and sell security tokens belonging to this specific company.

Through the process of identity verification, the company is able to identify the investor in the Dusk Network shareholder register. This register lives on the blockchain, and is constantly fed with updates and changes whenever they occur in real-time. Even though all changes are automatically recorded, the blockchain does not replace securities law. Instead, the operational reality on the blockchain needs to comply with securities law, and to do that the issuer of security tokens needs a specific level of control. For example, if an investor permanently loses access to his private key, he is not stripped of his right to ownership, even though the actual security tokens are inaccessible to him.. After all, he is still a company shareholder by law (and part of the companies’ shareholder registry). Therefore the company must have the ability to intervene and help the investor to regain access to its security tokens.

There are a couple of methods that we considered at Dusk that can solve this situation. We could enable the issuer to mint replacement security tokens, and prevent the security tokens that are lost from moving through a blacklist or lock. Or we could enable the issuer to force transfer said security tokens to a new wallet provided by the investor. The first solution is the least suitable, as this leads to various accounting and legal issues. How do we account for the locked-away security tokens? Does the circulating or total supply change? Will shareholders understand and trust that these tokens are locked, or does this inspire fear and doubt? The latter solution is a lot cleaner, and there are more cases where this is the only solution that works.

A shareholder agreement is a document involving multiple shareholders of a company, detailing the specific outcomes and actions that will be taken in certain events. Oftentimes, there are specific clauses in shareholder agreements, such as the drag-along right that states that a majority shareholder is able to force a minority shareholder to join in the sale of a company. In this case the company needs the ability to move the minority shareholders to the purchasers’ wallet. It’s quite simple to see here that a forced transfer is the only way to do it.

Other reasons for a forced transfer option come from the legal reality that a court may rule that a transaction must be executed. An example would be a division of property after divorce. Lastly, forced transfers can be executed in the case of fraudulent activity.

Many of the companies that issue security tokens will be mature, good actors, with prudent and well-established processes to safeguard the best interests of their investors. However, we have designed several additional functionalities to remove trust from the equation altogether. Firstly, anytime a forced transfer is performed it is uniquely visible in the transaction log, forming an audit trail that can be perused by all relevant parties. Secondly, we designed a built-in functionality where a company can assign (multiple) trusted third parties to co-sign forced transfers. In practice this could be a hard requirement presented to the company by its shareholders to ensure investor confidence, and adherence to the highest compliance standards.


During the inception of the Dusk Network it’s been our priority to create an ecosystem that is accessible by anyone, truly lowering the barrier to enter the financial industry, and replace intermediaries effectively with technology. We are creating a blockchain that will become the backbone of a fairer financial industry. By designing for privacy we give (institutional) investors the tools they need to safely enter the security tokens ecosystem.

Dusk — Technology for Securities

Dusk streamlines the issuance of digital securities and automates trading compliance with the world’s first programmable and confidential securities.

Share this post

Subscribe to our newsletter

Dusk on GitHub Download Whitepaper