Reference · Permissioned Tokens
ERC-3643 / T-REX Architecture
One line: ERC-20-compatible token whose transfer reverts unless ① the receiver is a
verified eligible identity and ② the transfer passes all compliance rules; plus an
agent with freeze / forced-transfer / recovery / mint / burn powers.
The gated transfer (the whole idea)
function transfer(address to, uint256 amount) {
require(!frozen[msg.sender] && !frozen[to]);
require(identityRegistry.isVerified(to)); // ① WHO may hold
require(compliance.canTransfer(from, to, amount)); // ② WHETHER allowed
// then move tokens (ERC-20 semantics)
}
The three layers
| Layer | Question | Contracts |
|---|
| Token | the asset + agent powers | Token (ERC-20 + freeze/force/recover/mint/burn) |
| Identity | WHO may hold | Identity Registry, Identity Registry Storage, Trusted Issuers Registry, Claim Topics Registry, ONCHAINID |
| Compliance | WHETHER a transfer is allowed | Compliance + pluggable rule modules |
Identity layer, decoded
| ONCHAINID | An identity contract per holder, storing signed claims (KYC passed, accredited, country = SG). |
| Identity Registry | Maps wallet address → ONCHAINID. isVerified(addr) = has all required claims from trusted issuers. |
| Trusted Issuers Registry | Whose claims are accepted (which KYC providers). |
| Claim Topics Registry | Which claims are required (KYC? accreditation? jurisdiction?). |
Compliance modules (examples)
Max holders · max balance per investor · country allow/deny lists · lock-up periods · daily/volume caps. New rule = new module, no token rewrite. canTransfer = AND of all modules.
Roles
| Owner | Configures the token, registries, and compliance. (Issuer / platform.) |
| Agent | Operates: mint, burn, freeze (full/partial), forced transfer, recovery, register identities. (Transfer agent.) |
Agent powers & why
| Freeze | Sanctions, court order, fraud, dispute |
| Forced transfer | Court order, error correction, succession |
| Recovery | Lost key → reissue to new verified wallet |
| Mint / burn | Subscription / redemption |
Marketnode mapping
Owner = issuer/platform · Agent = transfer agent/registrar · Identity Registry = KYC'd investor whitelist ·
Trusted Issuers = accepted KYC providers · Compliance modules = offering terms (jurisdiction, caps, lock-ups).
Still off-chain: legal KYC docs, issuer authority, NAV oracle.