ERC-3643 Compliance

Tenzro Ledger implements the ERC-3643 (T-REX) standard for compliant security tokens. The Compliance precompile at address 0x1007 enforces transfer rules on-chain, binding every token transfer to the holder's TDIP identity and KYC tier. This enables regulated assets — security tokens, real-world assets, and institutional stablecoins — to operate natively on Tenzro without off-chain gatekeepers.

Architecture

Every token transfer passes through the compliance layer before execution. The precompile checks three things in order: (1) neither sender nor recipient is frozen, (2) both parties have a registered TDIP identity, and (3) the transfer satisfies all registered compliance rules for the token. If any check fails, the transfer reverts with a descriptive error code.

Compliance Rules

Token issuers register compliance rules that are evaluated on every transfer. Rules are composable and evaluated in order — all must pass for a transfer to succeed.

Register Compliance Rules

# Register compliance rules for a token (ERC-3643)
# Sets KYC requirement, minimum KYC tier, and a max-holder cap in one call.
curl -X POST https://rpc.tenzro.network \
  -H "Content-Type: application/json" \
  -d '{
    "jsonrpc": "2.0",
    "method": "tenzro_registerCompliance",
    "params": [{
      "token_id": "0xtoken...",
      "require_kyc": true,
      "min_kyc_tier": 2,
      "max_holders": 1000
    }],
    "id": 1
  }'

Check Transfer Compliance

Before executing a transfer, you can check whether it would pass compliance rules without actually sending tokens. This is useful for pre-validating transactions in a UI.

# Check if a transfer is compliant
curl -X POST https://rpc.tenzro.network \
  -H "Content-Type: application/json" \
  -d '{
    "jsonrpc": "2.0",
    "method": "tenzro_checkCompliance",
    "params": [{
      "token_id": "0xtoken...",
      "from": "0xsender...",
      "to": "0xrecipient...",
      "amount": "1000000000000000000"
    }],
    "id": 1
  }'

# Response when compliant:
# { "result": { "compliant": true, "rules_checked": 3 } }

# Response when non-compliant:
# { "result": { "compliant": false, "violation": "kyc_tier",
#   "message": "Recipient KYC tier 1 below required tier 2" } }

Freeze an Address

Token issuers (or compliance officers with delegated authority) can freeze individual addresses. Frozen addresses cannot send or receive the regulated token. This is required for law enforcement holds and regulatory compliance.

# Freeze an address
curl -X POST https://rpc.tenzro.network \
  -H "Content-Type: application/json" \
  -d '{
    "jsonrpc": "2.0",
    "method": "tenzro_freezeAddress",
    "params": [{
      "token_id": "0xtoken...",
      "address": "0xaccount...",
      "reason": "Pending regulatory review"
    }],
    "id": 1
  }'

SDK Usage

import { TenzroClient } from "@tenzro/sdk";

const client = new TenzroClient("https://rpc.tenzro.network");

// Register compliance rules for a token (KYC + min tier + holder cap)
await client.compliance.register({
  tokenId: "0xtoken...",
  requireKyc: true,
  minKycTier: 2,
  maxHolders: 1000,
});

// Check compliance before transfer
const check = await client.compliance.check({
  tokenId: "0xtoken...",
  from: "0xsender...",
  to: "0xrecipient...",
  amount: "1000000000000000000",
});

if (!check.compliant) {
  console.error("Transfer blocked:", check.violation, check.message);
  return;
}

// Freeze an address
await client.compliance.freeze({
  tokenId: "0xtoken...",
  address: "0xsuspicious...",
  reason: "AML investigation",
});

CLI Usage

# Register compliance rules for a token
tenzro compliance register --token 0xtoken... \
  --require-kyc --min-kyc-tier 2 --max-holders 1000

# Check transfer compliance
tenzro compliance check --token 0xtoken... \
  --from 0xsender... --to 0xrecipient... --amount 1000

# Freeze an address
tenzro compliance freeze --token 0xtoken... \
  --address 0xaccount... --reason "Regulatory hold"

Identity Integration