ERC-3643 Compliance
Tenzro Ledger implements the ERC-3643 (T-REX) standard for compliant security tokens. The Compliance precompile at address 0x1007 enforces transfer rules on-chain, binding every token transfer to the holder's TDIP identity and KYC tier. This enables regulated assets — security tokens, real-world assets, and institutional stablecoins — to operate natively on Tenzro without off-chain gatekeepers.
Architecture
Every token transfer passes through the compliance layer before execution. The precompile checks three things in order: (1) neither sender nor recipient is frozen, (2) both parties have a registered TDIP identity, and (3) the transfer satisfies all registered compliance rules for the token. If any check fails, the transfer reverts with a descriptive error code.
Compliance Rules
Token issuers register compliance rules that are evaluated on every transfer. Rules are composable and evaluated in order — all must pass for a transfer to succeed.
| Rule Type | Description | Example |
|---|---|---|
| KYC Tier | Require minimum KYC verification level | Both sender and recipient must be KYC tier 2+ |
| Country Restriction | Block or allow specific jurisdictions | Block transfers to sanctioned jurisdictions |
| Transfer Limit | Maximum transfer amount per transaction or period | Max 10,000 tokens per 24h rolling window |
| Holder Limit | Maximum number of token holders | Cap at 500 holders (Reg D exemption) |
| Lock Period | Time-based transfer restriction | 12-month lock from issuance date |
| Accredited Investor | Require credential attestation | Recipient must hold AccreditedInvestor credential |
Register Compliance Rules
# Register a KYC tier requirement for a token
curl -X POST https://rpc.tenzro.network \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"method": "tenzro_addComplianceRule",
"params": [{
"token_id": "0xtoken...",
"rule_type": "kyc_tier",
"min_tier": 2,
"applies_to": "both"
}],
"id": 1
}'
# Register a transfer limit rule
curl -X POST https://rpc.tenzro.network \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"method": "tenzro_addComplianceRule",
"params": [{
"token_id": "0xtoken...",
"rule_type": "transfer_limit",
"max_amount": "10000000000000000000000",
"period_seconds": 86400
}],
"id": 2
}'Check Transfer Compliance
Before executing a transfer, you can check whether it would pass compliance rules without actually sending tokens. This is useful for pre-validating transactions in a UI.
# Check if a transfer is compliant
curl -X POST https://rpc.tenzro.network \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"method": "tenzro_checkCompliance",
"params": [{
"token_id": "0xtoken...",
"from": "0xsender...",
"to": "0xrecipient...",
"amount": "1000000000000000000"
}],
"id": 1
}'
# Response when compliant:
# { "result": { "compliant": true, "rules_checked": 3 } }
# Response when non-compliant:
# { "result": { "compliant": false, "violation": "kyc_tier",
# "message": "Recipient KYC tier 1 below required tier 2" } }Freeze and Unfreeze Accounts
Token issuers (or compliance officers with delegated authority) can freeze individual accounts. Frozen accounts cannot send or receive the regulated token. This is required for law enforcement holds and regulatory compliance.
# Freeze an account
curl -X POST https://rpc.tenzro.network \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"method": "tenzro_freezeAccount",
"params": [{
"token_id": "0xtoken...",
"account": "0xaccount...",
"reason": "Pending regulatory review"
}],
"id": 1
}'
# Unfreeze an account
curl -X POST https://rpc.tenzro.network \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"method": "tenzro_unfreezeAccount",
"params": [{
"token_id": "0xtoken...",
"account": "0xaccount..."
}],
"id": 2
}'SDK Usage
import { TenzroClient } from "@tenzro/sdk";
const client = new TenzroClient("https://rpc.tenzro.network");
// Register a compliance rule
await client.compliance.addRule({
tokenId: "0xtoken...",
ruleType: "kyc_tier",
minTier: 2,
appliesTo: "both",
});
// Check compliance before transfer
const check = await client.compliance.checkTransfer({
tokenId: "0xtoken...",
from: "0xsender...",
to: "0xrecipient...",
amount: "1000000000000000000",
});
if (!check.compliant) {
console.error("Transfer blocked:", check.violation, check.message);
return;
}
// Freeze an account
await client.compliance.freeze({
tokenId: "0xtoken...",
account: "0xsuspicious...",
reason: "AML investigation",
});
// List all frozen accounts for a token
const frozen = await client.compliance.listFrozen("0xtoken...");CLI Usage
# Add a compliance rule
tenzro-cli compliance add-rule --token 0xtoken... \
--type kyc-tier --min-tier 2
# Check transfer compliance
tenzro-cli compliance check --token 0xtoken... \
--from 0xsender... --to 0xrecipient... --amount 1000
# Freeze account
tenzro-cli compliance freeze --token 0xtoken... \
--account 0xaccount... --reason "Regulatory hold"
# Unfreeze account
tenzro-cli compliance unfreeze --token 0xtoken... \
--account 0xaccount...
# List rules for a token
tenzro-cli compliance list-rules --token 0xtoken...Identity Integration
TDIP-bound compliance — Unlike ERC-3643 implementations on Ethereum that rely on external identity registries (ONCHAINID), Tenzro's compliance layer is natively integrated with the TDIP identity system. Every address on Tenzro is linked to a DID with KYC credentials, so compliance checks resolve identity data directly from the ledger without oracle calls.