Supply Cap & Collateral
CappedComplianceModule and CollateralComplianceModule — simple circulating supply cap enforcement and ERC-735 claim-based collateral requirements for minting.
Purpose: Reference for supply cap and collateral enforcement compliance modules.
- Doc type: Reference
- What you'll find here:
- CappedComplianceModule — circulating supply cap for minting
- CollateralComplianceModule — ERC-735 claim-based collateral enforcement
- Interface tables showing on-chain capabilities
- Key invariants and operational signals for both modules
- Related: Compliance Overview, Supply & Investor Limits, Transfer Approval, Asset Contracts
Where these modules apply
| Concern | CappedComplianceModule | CollateralComplianceModule |
|---|---|---|
| Minting | Enforces circulating supply cap | Checks collateral ratio |
| Transfers | — | — |
| Burns | Frees up capacity (live totalSupply() read) | — |
| Forced transfers | — | — |
CappedComplianceModule
Enforces a maximum circulating supply cap for minting operations.
Interface (capabilities)
| Capability | Who can call | Inputs | On-chain effect | Emits | Notes |
|---|---|---|---|---|---|
setModuleParameters | Token admin (via compliance) | maxSupply (uint256) | Stores supply cap; validateParameters reverts if maxSupply = 0 | — | Cap must be a positive value |
canTransfer (mint path) | Compliance engine | Sender, recipient, amount | Checks totalSupply() + mintAmount <= maxSupply | — | Only enforced on mints; reads live totalSupply() so burns free up capacity |
Configuration
| Parameter | Type | Description |
|---|---|---|
maxSupply | uint256 | Maximum circulating supply in raw token units |
Use cases
- Bond issuance caps — limit total outstanding bonds to a fixed amount
- Fixed supply instruments — real estate tokens representing a property valuation
- Regulatory caps — jurisdiction-specific maximum issuance limits
Key invariants
- Burns free up capacity — the cap tracks live circulating supply via
totalSupply(), not lifetime minted - Calling
setModuleParameterswithmaxSupply = 0reverts; the cap must be a positive value - Mint-only enforcement: transfers between existing holders are unaffected
- Forced transfers do not affect the cap (supply unchanged)
Operational signals
No events emitted by this module. Monitor for ComplianceCheckFailed revert errors in failed transactions when minting exceeds the cap.
Failure modes & edge cases
- Concurrent mint transactions may both pass the
totalSupply()check if submitted in the same block — final state depends on execution order - Reducing
maxSupplybelow currenttotalSupply()does not burn tokens — it prevents further minting until supply decreases via burns
CollateralComplianceModule
Enforces collateral requirements for minting via on-chain identity claims (ERC-735).
Interface (capabilities)
| Capability | Who can call | Inputs | On-chain effect | Emits | Notes |
|---|---|---|---|---|---|
setModuleParameters | Token admin (via compliance) | proofTopic, ratioBps, trustedIssuers[] | Stores collateral config; ratioBps = 0 disables enforcement | — | proofTopic is an ERC-735 claim topic |
canTransfer (mint path) | Compliance engine | Sender, recipient, amount | Checks that post-mint supply does not exceed collateral x ratio | — | Collateral amount read from identity claims; expired claims are rejected |
Configuration
| Parameter | Type | Description |
|---|---|---|
proofTopic | uint256 | ERC-735 claim topic representing collateral proof |
ratioBps | uint16 | Ratio in basis points (10,000 = 100%, 20,000 = 200%; 0 disables enforcement) |
trustedIssuers | address[] | Optional additional trusted issuers for collateral claims |
Use cases
- StableCoin collateral backing — ensure minting cannot exceed on-chain proof of reserves (100% collateral ratio)
- Over-collateralized tokens — set ratio above 10,000 (e.g., 15,000 = 150% collateral requirement)
- Deposit tokens — collateral-backed tokenized deposits with proof-of-reserves
Key invariants
- Collateral claims carry an expiry timestamp — claims at or past expiry are rejected
- Issuers must renew claims proactively or minting halts
- Mint-only enforcement: transfers between existing holders are unaffected
- Setting
ratioBps = 0disables collateral checking entirely
Operational signals
No events emitted by this module. Monitor for ComplianceCheckFailed revert errors in failed transactions when minting exceeds the collateral ratio.
Monitor claim expiry timestamps — approaching expiry requires issuer renewal to avoid minting disruption.
Failure modes & edge cases
- Collateral claim expires without renewal — all minting halts until a new claim is issued by a trusted issuer
- Multiple trusted issuers with conflicting collateral amounts — the module uses the first valid (non-expired) claim found
See also
- Compliance Overview — module architecture and regulatory templates
- Identity Verification — ERC-735 claim system also used for on-chain proof-of-reserves claims
- Legacy-Equivalent Presets — Bond and StableCoin presets reference these modules
Transfer Approval
TransferApproval module — pre-authorization workflow with expiry, one-time use, and identity-based exemptions for regulated transfer control.
TimeLock
TimeLock module enforces minimum holding periods using FIFO batch tracking. Covers configuration, identity-based exemptions, and integration with regulatory templates like MAS Singapore.