ERC-3643: T-REX (Token for Regulated EXchanges)
ERC-3643 is the de-facto compliance framework for tokenised securities, real-world assets, and any token that has to enforce regulatory restrictions on transfer (KYC, accreditation, jurisdiction limits, issuance caps, lock-up periods). It composes four contracts:
- Token — extends ERC-20 with
forcedTransfer,freezePartialTokens,recoveryAddress, and a compliance hook that runs on every transfer. - Identity Registry — maps holder addresses to ERC-734/735 identity contracts that hold the holder's KYC claims.
- Compliance Module(s) — pluggable contracts that enforce transfer-eligibility rules (max holders, country whitelist, per-investor balance cap, …).
- Trusted Issuers Registry — list of issuers whose claims the token accepts.
Tokeny Solutions originated T-REX; the standard now underpins regulated deployments at Société Générale, Archax, and Polymath / Polymesh's Polymath 2.0. It's the largest compliance-framework standard with real on-chain volume.
Required Interface (token side, abridged)
interface IERC3643Token {
event UpdatedTokenInformation(string newName, string newSymbol, uint8 newDecimals,
string newVersion, address newOnchainID);
event IdentityRegistryAdded(address indexed identityRegistry);
event ComplianceAdded(address indexed compliance);
event RecoverySuccess(address indexed lostWallet, address indexed newWallet, address indexed investorOnchainID);
function transfer(address to, uint256 amount) external returns (bool); // gated by compliance
function forcedTransfer(address from, address to, uint256 amount) external returns (bool);
function freezePartialTokens(address user, uint256 amount) external;
function unfreezePartialTokens(address user, uint256 amount) external;
function recoveryAddress(address lostWallet, address newWallet, address investorOnchainID) external returns (bool);
function identityRegistry() external view returns (address);
function compliance() external view returns (address);
function setIdentityRegistry(address) external;
function setCompliance(address) external;
}Neo Equivalent: NEP-17 + Identity Registry + Compliance Hooks
T-REX maps cleanly to a NEP-17 base plus a separate identity-registry contract and one or more compliance-module contracts. Neo's Runtime.CheckWitness + manifest-permission model gives the issuer unambiguous control over the privileged ops (forcedTransfer, freezePartialTokens, recoveryAddress); the compliance hook fires inside the NEP-17 transfer override before mutating balances.
| T-REX Component | Neo Equivalent | Notes |
|---|---|---|
IERC3643Token | NEP-17 with transfer override calling Compliance.CanTransfer(from, to, amount) | Compliance hook is the only override needed for the read-path |
forcedTransfer(from, to, amount) | ForcedTransfer(from, to, amount) gated by CheckWitness(issuerAdmin) | Issuer-only operation |
freezePartialTokens(user, amount) | FreezePartial(user, amount) storing per-user frozen balance | Frozen amount subtracted from BalanceOf for transfer eligibility |
recoveryAddress(lost, new, identity) | Recover(lost, new, identity) migrating balance + frozen + identity link | Issuer-attested recovery |
| Identity Registry | Separate Neo contract: (account → identityContract) mapping | Lookup before every transfer |
| Compliance Modules | Separate Neo contracts implementing CanTransfer(from, to, amount) → bool | Pluggable; Token holds the active module hash |
| Trusted Issuers Registry | Separate Neo contract listing approved issuer pubkeys | Identity contracts honour only these issuers' claims |
What Gets Easier on Neo
- Witness scopes make the issuer-admin checks one-liners (
CheckWitness(IssuerAdmin)), no role-bitmask mess. - Manifest permissions restrict which contracts the token can call out to (the active Compliance contract); reduces the attack surface.
- NEP-22 update lets the issuer hot-swap compliance modules without redeploying the token — the same pattern T-REX uses on Ethereum (compliance module is a separate address, not embedded).
What Stays Hard
- Identity provisioning — the identity registry needs trusted issuers' signatures over claims (KYC verified, accredited investor status, jurisdiction). The same off-chain attestation flow as Ethereum T-REX; the on-chain side is just signature verification via
CryptoLib.VerifyWithECDsa. - Cross-jurisdiction transfers — encoding country whitelists and allowed-pair tables is the same on-chain storage problem as Ethereum. Pluggable compliance modules carry the burden.
Migration Notes
For T-REX deployments porting to Neo:
- Token → NEP-17 contract with
transferoverride calling out to compliance. - Identity contracts (ERC-734/735) → port to Neo C# (or use a simpler claims-mapping if your issuers re-attest on Neo).
- Compliance modules → port one-by-one; each module is independent. Start with the holder-cap and country-whitelist modules.
- Trusted Issuers Registry → small contract; usually 5–20 issuer pubkeys.
The Neo port has fewer roles to maintain (no per-role bitmask — witness scopes do the gating) but the same fundamental shape. Production deployments should go through a full audit of every compliance module since these enforce regulatory requirements.