ArchitectureSecurityCompliance Modules
Transfer Approval
TransferApproval module — pre-authorization workflow with expiry, one-time use, and identity-based exemptions for regulated transfer control.
Purpose: Reference for the TransferApproval compliance module.
- Doc type: Reference
- What you'll find here:
- TransferApproval — pre-authorization workflow with expiry and exemptions
- Interface table showing on-chain capabilities
- Configuration options and regulatory use cases
- Key invariants and operational signals
- Related: Compliance Overview, Supply & Investor Limits, Supply Cap & Collateral, Identity Verification, Asset Contracts
TransferApproval
Requires pre-authorization before transfers. Approvals are identity-bound, one-time use, and expire after a configured duration.
Interface (capabilities)
| Capability | Who can call | Inputs | On-chain effect | Emits | Notes |
|---|---|---|---|---|---|
setModuleParameters | Token admin (via compliance) | approvalAuthorities[], oneTimeUse, approvalExpiry, allowExemptions, exemptionExpression | Stores approval config; approvalExpiry is a config-time duration applied to all approvals | — | exemptionExpression uses the same RPN system as identity verification |
approveTransfer | Approval authority | Token, sender identity, recipient identity, value | Records approval keyed on (fromIdentity, toIdentity, value) with expiry timestamp | TransferApproved | Only addresses in approvalAuthorities can issue approvals |
revokeApproval | Original approver | Token, sender identity, recipient identity, value | Removes active approval for the specific tuple | TransferApprovalRevoked | Only the address that issued the original approval can revoke it |
canTransfer | Compliance engine | Sender, recipient, amount | Checks for valid (non-expired, unused) approval keyed on (fromIdentity, toIdentity, value) | — | Marks used if oneTimeUse is true; emits TransferApprovalConsumed |
How pre-approval works
- Compliance manager issues an approval for a specific (sender identity, recipient identity, value) tuple
- Investor attempts a transfer matching the approved tuple
- Module checks: is there a valid (non-expired, unused) approval for this (sender, recipient, amount)?
- If yes: transfer proceeds and approval is consumed (if
oneTimeUseis true), emittingTransferApprovalConsumed - If no: transfer blocked. If
allowExemptionsis true, the recipient's identity is checked against theexemptionExpression— qualifying recipients bypass the approval requirement
Configuration
| Option | Description |
|---|---|
approvalAuthorities | Addresses authorized to issue approvals |
oneTimeUse | If true, each approval can only be used once |
approvalExpiry | Duration in seconds (must be > 0 and ≤ 365 days); set at configuration time, applies to all approvals |
allowExemptions | If true, recipients matching the exemption expression bypass the approval requirement |
exemptionExpression | RPN expression identifying exempt investors (e.g., QII exemption) |
Regulatory use cases
| Regulation | Expiry | Exemption |
|---|---|---|
| Reg D 506(c) — Accredited Only | 24 hours | None (all purchasers must be accredited) |
| Japan FSA | 7 days | [CONTRACT] — QII investors (corporate entities) exempt |
Key invariants
- Approval is keyed on (sender identity, recipient identity, value) — not a blanket approval for any transfer
- An investor with multiple wallets uses the same identity, so the approval applies across wallets
approvalExpiryis a config-time duration — all approvals use the same expiry window, not per-approval overridesoneTimeUse = trueis the default for most regulatory use cases- Expired approvals cannot be used; the compliance manager must reissue
Operational signals
TransferApproved— emitted when an approval authority grants a transfer approvalTransferApprovalConsumed— emitted when a one-time approval is used during transferTransferApprovalRevoked— emitted when the original approver revokes an approval- Monitor for
ComplianceCheckFailedrevert errors in failed transactions when transfers lack valid approvals
Failure modes & edge cases
- Revoking an approval requires the original approver's address — a different authority cannot revoke another's approval
- Approval issued just before expiry window change — the original expiry applies (config changes are not retroactive)
- Exemption expression change does not affect already-issued approvals
See also
- Compliance Overview — module architecture and regulatory templates
- Identity Verification — RPN expression system used in exemptionExpression
- TimeLock — time-based restrictions that complement pre-approval patterns
Supply & Investor Limits
TokenSupplyLimit and InvestorCount modules — time-based and rolling supply caps with currency conversion, and unique holder limits with per-country granularity.
Supply Cap & Collateral
CappedComplianceModule and CollateralComplianceModule — simple circulating supply cap enforcement and ERC-735 claim-based collateral requirements for minting.