Skip to main content
NexusERC20 is an upgradeable ERC20 token designed for Tokenized RWAs OFT. Unlike ERC20Plus which embeds allowlist and pause logic directly, NexusERC20 delegates these checks to a shared NexusERC20Guard contract — one guard serving multiple tokens.

Comparison with ERC20Plus

FeatureERC20PlusNexusERC20
Allowlist (3-mode)InlineDelegated to NexusERC20Guard
PauseGlobal (inline)Per-token via guard (PauseByID, keyed by uint160(token))
Fund recoveryYesYes
ERC20Permit (EIP-2612)YesYes
RBAC mint/burnYesYes
Guard contractN/AShared across tokens
UpgradeableYes (EIP-7201)Yes (EIP-7201)

NexusERC20

Roles

bytes32 public constant MINTER_ROLE = keccak256("MINTER_ROLE");
bytes32 public constant BURNER_ROLE = keccak256("BURNER_ROLE");
When used with Tokenized RWAs OFT, the burner-minter address (which can be the NexusERC20 itself or a separate contract) must be granted both roles. Nexus calls mint/burn via configurable function selectors.

Guard Checks

Every transfer, transferFrom, and burn call goes through the guard: 
guard.checkTransfer(address(this), msg.sender, _from, _to, _amount);
The guard enforces:
  1. Pause_assertNotPaused(uint160(_token)), keyed by the token’s address
  2. Allowlist_assertAllowlisted() for caller, sender, and recipient (non-zero addresses)
mint does not enforce checks — funds cannot be debited from a non-allowlisted address or when the contract is paused, so restricting inflows is unnecessary.

Fund Recovery

Same as ERC20Plus — addresses holding DEFAULT_ADMIN_ROLE can transfer tokens from non-allowlisted addresses: 
function recoverFunds(address _from, address _to, uint256 _amount) public;
Reverts with CannotRecoverFromAllowlisted if _from is allowlisted.

ERC20Permit (EIP-2612)

Built-in gasless approvals, identical to ERC20Plus.

NexusERC20Guard

A single upgradeable guard shared by all NexusERC20 tokens on the same chain.

What It Does

The guard combines two concerns:
  • AllowlistRBACUpgradeable — Three-mode allowlist (Open / Blacklist / Whitelist) with the same behavior as Stablecoin OFT’s allowlist
  • PauseByIDRBACUpgradeable — Per-token pause using uint160(tokenAddress) as the pause ID

Initialization

function initialize(address _initialAdmin) public initializer;
Initializes with AllowlistMode.Open (no transfer restrictions).

Roles

RoleSourceUsed For
DEFAULT_ADMIN_ROLEAccessControl2StepUpgradeableAdmin transfer, set allowlist mode
BLACKLISTER_ROLEAllowlistRBACUpgradeableBlacklist addresses
WHITELISTER_ROLEAllowlistRBACUpgradeableWhitelist addresses
PAUSER_ROLEPauseByIDRBACUpgradeablesetDefaultPaused (when pausing), setPaused (when effectively pausing by token address as ID)
UNPAUSER_ROLEPauseByIDRBACUpgradeablesetDefaultPaused (when unpausing), setPaused (when effectively unpausing or no-op)

Allowlist Modes

ModeBehavior
OpenNo restrictions
BlacklistBlock specific addresses
WhitelistAllow only specific addresses
Mode transitions do not clear existing lists. Both lists support paginated enumeration via getBlacklist(offset, limit) and getWhitelist(offset, limit).

Next Steps