ERC-3643 (Security Tokens)

ERC-3643, also known as T-REX (Token for Regulated EXchanges), is a security token standard that enforces compliance on every token transfer. Unlike standard ERC-20 tokens, ERC-3643 tokens require each holder to have a verified on-chain identity with the right claims. Transfers are automatically rejected if the receiver does not meet the token's compliance requirements.

This makes ERC-3643 the standard for tokenising regulated assets such as securities, bonds, real estate, and other instruments that require investor eligibility checks.

For the full specification, see the ERC-3643 standard. For in-depth protocol documentation, see the T-REX docs.

How Averer Accounts work with ERC-3643

Averer provides two capabilities that fit directly into the ERC-3643 compliance model:

Averer Wallet (embedded account): when a user authenticates through the Averer SDK, an embedded blockchain wallet is created for them. This wallet address becomes the anchor for the user's ONCHAINID identity. The user never needs to manage keys or interact with blockchain primitives.
Identity verification: the Averer SDK supports both individual and business verification flows through privacy-preserving credentials. These verification results inform you (the Asset Issuer) which claims to issue for each user.
ONCHAINID deployment: Averer deploys an ONCHAINID identity contract for each verified user, linked to their embedded wallet address. You do not need to create user ONCHAINIDs yourself.

You are the Claim Issuer. You deploy your own ClaimIssuer contract, manage its signer keys, and sign claims that attest to user attributes (age, residency, AML compliance, etc.). Averer provides the verified user identity and wallet address; you issue claims against that identity based on verification results.

Architecture

The diagram below shows how the pieces fit together. The T-REX factory infrastructure is pre-deployed on Redbelly Network. You deploy your own ClaimIssuer and token suite, and onboard users whose wallets are created by the Averer SDK.

flowchart TB
  subgraph user [User / Investor]
    UserBrowser["Browser"]
  end

  subgraph averer [Averer]
    SDK["Averer Web SDK"]
    Wallet["Embedded Wallet"]
    Verification["Identity Verification"]
  end

  subgraph assetIssuer [Asset Issuer]
    ClaimIssuerContract["ClaimIssuer (deployed by you)"]
    Backend["Your Backend / Operator"]
  end

  subgraph redbelly ["Redbelly Network"]
    TREXFactory["TREXFactory (pre-deployed)"]
    subgraph tokenSuite [Your Token Suite]
      Token["Security Token"]
      IR["Identity Registry"]
      TIR["Trusted Issuers Registry"]
      CTR["Claim Topics Registry"]
      Compliance["Compliance Contract"]
    end
    UserOCID["User ONCHAINID"]
  end

  UserBrowser -->|"1. Authenticates"| SDK
  SDK -->|"2. Creates"| Wallet
  SDK -->|"3. Completes"| Verification
  Verification -->|"4. Deploys"| UserOCID
  Verification -->|"5. Verification results"| Backend
  Backend -->|"6. Signs & adds claims"| UserOCID
  UserOCID -->|"7. Registered in"| IR
  Token -->|"Checks on transfer"| IR
  IR -->|"Validates claims via"| TIR
  IR -->|"Required topics from"| CTR
  TIR -->|"Trusts"| ClaimIssuerContract
  TREXFactory -->|"Deploys"| Token

End-to-end flow:

The user authenticates via the Averer SDK (email or social login).
The SDK creates an embedded wallet (Averer Account) for the user.
The user completes individual or business verification through the SDK.
Averer deploys an ONCHAINID identity contract for the user, linked to their wallet address.
Your backend receives the verification results (wallet address, ONCHAINID address, eligibility status).
You sign claims and add them to the user's ONCHAINID using your ClaimIssuer.
You register the user's identity in your token's Identity Registry.
The user can now hold and transfer your security token. Every transfer is checked against the Identity Registry to verify the sender and receiver have valid claims.

Key concepts

ONCHAINID

A smart contract representing a user's on-chain identity, linked to their Averer wallet address. Claims from trusted issuers are stored on this contract. Averer deploys an ONCHAINID for each verified user automatically. You register it in your token's Identity Registry.

ClaimIssuer

A contract that you deploy and control. It holds signer keys whose signatures are used to produce valid claims. You register this contract in your token's Trusted Issuers Registry so the token accepts claims signed by your keys.

A ClaimIssuer can have multiple signer keys at the same time. A common pattern is for the owner to be an admin or treasury wallet, while separate backend or service wallets are added as claim signers.

Claim topics

Numeric IDs representing categories of claims. You define what each topic means for your token. For example:

Topic ID	Typical meaning
`1`	Age verification
`2`	Residency verification

These IDs are conventions, not standardised values. You choose what each number means, but your ClaimIssuer, token configuration, and claim issuance logic must use the same IDs consistently. You can define additional topics as your compliance requirements evolve (e.g. AML, accredited investor status).

Identity Registry

Maps user wallet addresses to their ONCHAINID contracts. The token checks this registry on every transfer to verify that both the sender and receiver have valid claims from trusted issuers.

Trusted Issuers Registry

Lists which ClaimIssuer contracts the token trusts, and for which claim topics. When you add your ClaimIssuer here, the token will accept claims signed by your signer keys.

Compliance Contract

Enforces additional transfer rules independently of the identity and claims layer. Examples include maximum investors per country, maximum token holdings per investor, or transfer volume limits.

Roles and responsibilities

	Redbelly Network	Averer	You (Asset Issuer)
T-REX factory infrastructure	Deploys and maintains TREXFactory, Identity Factory
User authentication		Handles email/social login via SDK
Embedded wallet creation		Creates and manages wallets for users
Identity verification		Verifies users via individual or business verification flows
ONCHAINID deployment		Deploys an ONCHAINID contract for each verified user
ClaimIssuer deployment			Deploy your own ClaimIssuer contract
Claim signer key management			Add/remove/rotate signer keys
Token suite deployment			Deploy via TREXFactory
Claim topic definitions			Define what each topic ID means
Trusted issuer registration			Register your ClaimIssuer in the TIR
User identity registration			Register ONCHAINID in Identity Registry
Claim issuance			Sign and add claims to user ONCHAINIDs
Token minting & distribution			Mint tokens to verified users
Compliance rules			Configure the Compliance Contract

Next steps

Follow the Integration Guide for a step-by-step walkthrough of deploying your ClaimIssuer, token suite, and onboarding users
Learn about Averer Wallet to understand how embedded wallets are created
See Verify with Averer for details on individual and business verification flows