Last updated: 13 May 2026
What You Will Build by the End of This Tutorial
By the end of this tutorial, you will have a deployed ERC-3643 smart contract on a public testnet representing fractional ownership of a real-world asset, with on-chain identity checks enforced at the token level. The contract will be functional, inspectable, and ready to extend.
ERC-20 tokens transfer freely between any two addresses, fine for fungible crypto assets but a compliance problem for regulated instruments like real estate shares or private credit. ERC-3643 embeds a permissioned transfer layer: every recipient must hold a verified on-chain identity credential before a transfer settles. That architecture is why the standard has become the reference point for institutional tokenization projects.
Tokenized real-world assets reached roughly $19 billion in on-chain value by early 2025, with compliant token frameworks driving the bulk of institutional adoption (as Medium's 2026 RWA tokenization guide documents, the process spans legal structuring, custody, and blockchain deployment together).
This guide covers smart contract setup, identity registry configuration, and testnet deployment. It deliberately skips the legal wrapper, structuring the SPV or trust that holds the underlying asset is jurisdiction-specific work for a securities lawyer, not a code tutorial.
Prerequisites Before You Start
You need three things in place before writing any Solidity: a working local environment running Node.js 20+ and Hardhat 2.22+, a funded testnet wallet, and a legal wrapper around the asset you plan to tokenize.
Technical Stack
You also need three external accounts active on day one:
A Polygon Mumbai testnet wallet funded via the Polygon faucet (0.5 MATIC is enough to deploy and run basic tests)
An Alchemy RPC endpoint for reliable node access
A KYC provider API key (Sumsub or Synaps), since transfer restrictions in ERC-3643 tokens depend on verified identity data at the contract level
Mumbai testnet state is periodically reset by Polygon, so build your deployment scripts to be idempotent from the start.
Legal and Compliance Baseline
At minimum, you need a Special Purpose Vehicle formed around the asset before token issuance. The SPV isolates liability and gives the token a clean legal counterparty. A signed operating agreement must define how token holders relate to the underlying asset, covering distributions, voting rights (if any), and redemption mechanics.
Tokenizing real-world assets involves creating a regulated digital representation of an underlying asset and managing its lifecycle on a shared digital ledger (Investax). That lifecycle management obligation starts at the SPV level. If your operating agreement does not map to your on-chain transfer logic, you have a compliance gap no audit will close after the fact.
A Delaware LLC SPV works cleanly for US-based issuers targeting accredited investors under Reg D, but creates friction for EU investors under MiCA. Know your target investor geography before you file.
Step 1: Structure the Asset Legally Before Writing a Single Line of Code
The underlying asset needs a clean legal wrapper before any smart contract is deployed. Without an SPV, tokens represent nothing enforceable. The SPV connects on-chain units to real-world property rights, and getting that structure wrong is the most common reason tokenization projects stall at regulatory review.
Forming the SPV: Delaware LLC vs. Cayman Islands Exempted Company
A Delaware LLC works well for U.S.-based assets and U.S.-facing investor pools. Formation costs run $500 to $2,000, the operating agreement is flexible enough to map token units directly to membership interests, and pass-through tax treatment is straightforward for most real estate and private credit deals. The 4irelabs RWA tokenization guide identifies SPV formation as the first concrete action in any asset structuring process.
A Cayman Islands exempted company fits cross-border investor pools or offerings that need to avoid U.S. securities registration. Setup costs are higher ($8,000 to $15,000 in legal and filing fees), with ongoing compliance requiring a registered office and annual returns. The trade-off is access to a broader non-U.S. investor base without triggering SEC registration requirements under Regulation S.
Mapping Ownership Rights to Token Units
The operating agreement must define exactly what one token represents. Example: if the SPV holds a $2 million commercial property and issues 100,000 tokens, each token equals 0.001% of SPV equity, or $20 in underlying asset value at issuance. That ratio gets written into the legal document first, then mirrored in the token contract's metadata. Any mismatch creates an enforcement gap, courts recognize the legal document, not the smart contract.
Generating the Legal Document Hash
After SPV documents are finalized and signed, generate a SHA-256 hash of those documents, record the 64-character hex output, and store it in the token's on-chain metadata at deployment. This creates a tamper-evident link between the legal agreement and the token, giving auditors and regulators a way to verify the document on file matches what was recorded at issuance.
One limitation: the hash proves the document existed in that form at that moment but does not validate legal enforceability. Legal review and hash generation are sequential steps, not substitutes for each other.
Step 2: Deploy the ERC-3643 Token Contract on Polygon Testnet
Deploying an ERC-3643 token on Mumbai requires three components: the T-REX protocol suite installed in your Hardhat project, a deployment script configured with your token parameters and compliance module address, and a verified contract on Polygonscan.
For a deeper comparison of the two standards, see ERC-3643 vs ERC-20 for regulated assets.
Installing T-REX and Configuring Hardhat
The T-REX protocol, maintained as an open-source suite at erc3643.org, ships with a factory contract that handles token deployment, identity registry setup, and compliance module wiring in a single transaction sequence.
In hardhat.config.js, add Mumbai as a named network:
Store all three environment variables in .env and never commit that file.
Setting Token Parameters
Your deploy script passes five arguments to the T-REX factory: token name, symbol, decimals (18 for most RWA use cases), compliance module address, and identity registry address:
Deploy the compliance module separately first, then pass its address here. Using a zero address will let the token deploy but cause every transfer to revert at runtime.
Running the Deployment and Verifying on Polygonscan
Fund your deployer wallet from the Polygon faucet (faucet.polygon.technology dispenses 0.2 MATIC per request), then run:
Verify with:
Once Polygonscan confirms the source match, the contract ABI becomes publicly readable. An unverified contract is often a hard stop in institutional legal review. Note that Mumbai state is periodically reset, treat it strictly as a functional test environment and redeploy to Polygon mainnet or Amoy before any investor-facing demonstration.
Step 3: Configure the On-Chain Identity Registry and KYC Whitelist
The on-chain identity registry ties a verified investor address to a structured identity claim so the token contract can check compliance at transfer time. ERC-3643 uses ONCHAINID as its identity layer, every whitelisted investor gets a dedicated identity smart contract, not just a slot in a mapping.
For a full breakdown of the claim structure, see how ONCHAINID identity claims work.
Why ONCHAINID Replaces a Simple Mapping
A plain mapping(address => bool) whitelist stores a binary yes/no with no expiry, no claim type, and no issuer attribution. If a KYC provider revokes a credential off-chain, the mapping stays green until manually updated. ONCHAINID stores structured claims on a per-investor identity contract. Each claim carries a topic (e.g., topic 1 for KYC), an issuer address, a signature, and an optional expiry. The token contract checks the claim at transfer time.
Deploying an Investor Identity Contract
The investorSalt is a unique string per investor (an email hash works, as long as you store the mapping off-chain).
Registering the Identity and Adding KYC Claims
Then add the KYC claim, signed off-chain by your KYC provider:
Once live, the token contract allows transfers to this address. Remove or expire the claim and transfers revert automatically. Build the revocation webhook before you go live, claim expiry is only as reliable as your KYC provider's revocation pipeline.
Step 4: Mint Tokens and Assign Them to Verified Investors
Assigning the Agent Role
Keep the agent wallet separate from the deployer wallet so you can revoke agent access without redeploying the entire contract if the deployer key is compromised.
Minting to Verified Addresses
tokenAmount is in the smallest unit. For 100 tokens, pass ethers.utils.parseUnits("100", 18). The contract checks the identity registry internally, if the investor address is unregistered or the KYC claim is missing, the transaction reverts with a descriptive error.
Batch Minting for Multiple Investors
Gas costs on Polygon mainnet are typically under $0.01 per mint as of early 2025, so batching into a multicall is optional. On Ethereum mainnet, a multicall wrapper becomes worth the added complexity.
Step 5: Enable Secondary Market Transfers with Compliance Guardrails
The ERC-3643 canTransfer() check runs automatically on every transfer() and transferFrom() call, but you need to configure the compliance module rules first.
For a worked example integrating this into a liquidity pool, see KYC-gated Uniswap v3 pool setup.
Configuring Country Restrictions
These are ISO 3166-1 numeric codes. A transfer to an investor registered in a restricted country reverts before it settles.
Setting Investor Limits
Once the holder count hits 500, any transfer to a new address reverts. Transfers between existing holders still settle normally. (Reg D 506(b) limits non-accredited investors to 35, for example, enforce such caps here.)
Testing a Transfer End-to-End
Run a full transfer test between two verified addresses on testnet, then test a negative case by attempting a transfer to an unregistered address and confirming the revert message. Documenting both passing and failing cases gives compliance reviewers something concrete to evaluate.
Step 6: Verify the Contract and Prepare Investor Documentation
What the Investor Package Should Include
At minimum, prepare four documents before opening any investor onboarding flow:
The signed SPV operating agreement (with SHA-256 hash matching the on-chain metadata)
A plain-language token summary explaining what one token represents, how distributions work, and how redemption is handled
The verified Polygonscan contract link, with a brief annotation of key functions (mint, transfer, addClaim, removeAgent)
The KYC/AML process description, including provider, data collected, and credential validity period
The plain-language summary matters more than most technical teams expect, institutional LPs often have investment committees with no blockchain background.
Ongoing Compliance Obligations
After launch, recurring obligations include annual re-KYC for expiring credentials, cap table updates when transfers occur, distribution calculations tied to on-chain holder snapshots, and regulatory reporting if your offering crosses disclosure thresholds. Build a monitoring script that queries the identity registry weekly and flags any investor whose KYC claim expiry is within 30 days.
What You Built and Where to Take It Next
You now have a working ERC-3643 token on testnet, backed by a legal SPV, with on-chain identity checks enforced at the transfer level. The architecture covers the main technical requirements for compliant RWA tokenization: legal wrapper, permissioned token standard, identity registry, and compliance module.
The natural next step is mainnet deployment. For a detailed walkthrough of production configuration, gas optimization, and the differences between Polygon PoS and zkEVM for RWA use cases, see deploying your RWA token to Polygon mainnet.
Before going live, you will also need: a formal smart contract audit (budget $15,000 to $50,000 depending on scope), a transfer agent agreement if required under applicable securities law, and an investor portal that abstracts the wallet and transaction layer for non-technical LPs.
Frequently Asked Questions
What is the minimum viable legal structure to tokenize a real-world asset?
At minimum, a formed SPV (Delaware LLC or equivalent) with a signed operating agreement that explicitly maps token units to ownership interests. Without that mapping, the token has no enforceable legal backing. Some jurisdictions also require a licensed transfer agent or broker-dealer depending on offering size and investor type.
Can I use ERC-20 instead of ERC-3643 for a tokenized asset?
You can, but you will not have transfer-level compliance enforcement built into the standard. You would need a custom whitelist and transfer hook, maintained manually, with the risk that any bug could allow non-compliant transfers. ERC-3643 handles this at the protocol level. The trade-off is added deployment complexity and a smaller tooling ecosystem.
How much does it cost to tokenize a real-world asset end-to-end?
A realistic range for a U.S.-based offering is $15,000 to $80,000 all-in. SPV formation: $500 to $15,000 depending on jurisdiction. Legal drafting for operating agreement and offering documents: $10,000 to $40,000. Smart contract audit: $15,000 to $50,000. On-chain deployment on Polygon is negligible by comparison, usually under $50 in gas.
How do I handle investor redemptions on-chain?
The most common pattern is a redemption request function that locks the investor's tokens, triggers an off-chain issuer review, then either burns the tokens and initiates a fiat wire or settles in a stablecoin. Fully automated on-chain redemption requires a price oracle and stablecoin treasury. Most early-stage issuers handle redemption semi-manually and automate it later.
What happens if a KYC claim expires after a token is already held?
The investor keeps their existing balance, ERC-3643 only checks claims at transfer time, not at holding time. If their claim expires, they cannot send or receive tokens until the claim is renewed, effectively locking them in place until re-verification completes.
Is Polygon the right blockchain for RWA tokenization?
Polygon PoS is a reasonable default: low gas costs, EVM compatibility, and reasonable institutional familiarity. Limitations include sidechain security assumptions and incomplete support from some institutional custodians. Ethereum mainnet offers stronger security but higher gas costs. Polygon zkEVM and other ZK rollups are emerging as a middle path, but tooling maturity as of early 2025 still lags behind Polygon PoS for production RWA deployments.
Ready to Build on This Foundation
If you are working through a real tokenization project and want technical or structuring support, the team at Blocsys works with issuers at every stage of the process. Visit us to learn more about how we can help you move from testnet to a compliant, investor-ready deployment.