Institutional RWA tokenization platform. Authors of T-REX, the reference implementation of ERC-3643 (permissioned security-token standard) with onchain identity (ONCHAINID) and modular compliance.
- 01regulated security tokens (ERC-3643)
- 02permissioned RWA issuance
- 03onchain KYC / identity (ONCHAINID)
- 04transfer-restriction modules
- 05institutional tokenization
- pnpm add @tokenysolutions/t-rex @onchain-id/solidity
- # T-REX is a Hardhat / Foundry contract suite — no runtime JS SDK
| Variable | Scope | Description |
|---|---|---|
| TOKENY_API_KEY | Server | API key for Tokeny's hosted issuance / compliance platform (only needed if using the managed product, not for self-deploying T-REX). |
| NEXT_PUBLIC_TREX_TOKEN_ADDRESS | Client | Deployed ERC-3643 token contract address. |
| NEXT_PUBLIC_TREX_IDENTITY_REGISTRY | Client | Identity Registry contract address — gates which ONCHAINIDs may hold the token. |
Use the T-REX (ERC-3643) suite for permissioned RWA tokens. Deploy via `TREXFactory.deployTREXSuite(salt, tokenDetails, claimDetails)` which spawns a Token, IdentityRegistry, IdentityRegistryStorage, ModularCompliance, ClaimTopicsRegistry, and TrustedIssuersRegistry. Onboarding: each investor must (1) deploy an ONCHAINID via `IdFactory.createIdentity(wallet, salt)`, (2) receive KYC claims signed by a trusted issuer (`identity.addClaim(topic, scheme, issuer, signature, data, uri)`), and (3) be registered with `identityRegistry.registerIdentity(wallet, identity, country)`. Transfers go through `token.transfer(to, amount)` which calls `compliance.canTransfer` — failures throw with the specific module that rejected. Use compliance modules like `CountryAllowModule`, `MaxBalanceModule`, `TransferRestrictModule`, and `TimeTransfersLimitsModule` to encode the offering's rules.
- ⚑ERC-3643 is *not* ERC-20-with-extras — every transfer is gated by the ModularCompliance + IdentityRegistry. Wallets without a registered ONCHAINID + valid claims cannot receive the token, even from the issuer.
- ⚑Agents (admin role) must be granted via `addAgent` on both the Token *and* the IdentityRegistry — granting on only one will silently break investor onboarding.
- ⚑Claims expire — if your trusted issuer's signing key rotates or a claim topic is revoked, all holders relying on it become non-transferable until reclaimed.
- ⚑The TREX suite is upgradeable via proxies; pin the implementation version you've audited against and disable upgrades for the issuer once live, or auditors will flag centralisation risk.
- ⚑ONCHAINIDs are per-wallet, but the same human can have multiple — your KYC provider must dedupe at the human level or one investor can hold above the legal cap across two ONCHAINIDs.
- ⚑Compliance modules execute on every transfer and are gas-heavy; benchmark with realistic module stacks before committing to a chain (L2s strongly recommended).
- ⚑Tokeny's hosted SaaS and the open-source T-REX contracts are different products — clarify whether the integration is self-deployed contracts or the managed Tokeny platform.