NexusOFT wrapper that exposes the standard IOFT interface, so integrators and UIs interact with it the same way they would with any OFT.
The core contracts are named
Nexus, NexusOFT, NexusERC20, and NexusERC20Guard in the codebase. Throughout these docs, “Nexus” refers to the on-chain contract, while “Tokenized RWAs OFT” refers to the product.How It Differs from Stablecoin OFT
Stablecoin OFT deploys one full OFT contract per token with security modules (fee, pause, rate limiter) embedded in the contract’s inheritance tree. Tokenized RWAs OFT centralizes messaging in a hub and makes security modules independently deployable and swappable.| Aspect | Stablecoin OFT | Tokenized RWAs OFT |
|---|---|---|
| Deployment model | One OFT contract per token | One hub + one NexusOFT per token |
| Cross-chain messaging | Inside each OFT | Centralized in Nexus OApp |
| Multi-token per chain | Multiple full OFT deployments | Single hub, multiple registered tokens |
| Security modules | Embedded in OFT inheritance | External, swappable contracts |
| Fee/pause granularity | Per-destination EID | 4-level priority: global, destination, token, composite (fee and pause); per-destination (rate limiter) |
| Rate limiting | Per-destination, single token | Per-destination, shared across tokens with scaling |
| Token standard | ERC20Plus (inline allowlist + pause) | NexusERC20 + shared NexusERC20Guard |
What It Does
Tokenized RWAs OFT gives token issuers the same enterprise controls as Stablecoin OFT — who can transfer, where tokens can move, how much can move, and what it costs — but for multiple tokens through a single hub:- Token registry — Register and deregister tokens dynamically via
TOKEN_REGISTRAR_ROLE - Per-destination + per-token policies — Fee and pause modules resolve configs across four priority levels (global, destination-only, token-only, and composite). Rate limiting is per-destination, shared across tokens with scaling.
- Shared guard — A single
NexusERC20Guardenforces allowlist and pause for allNexusERC20tokens - Standard IOFT interface — Each
NexusOFTlooks like a standard OFT to UIs, bridges, and aggregators - Pluggable modules — Swap fee, pause, or rate limiter modules without redeploying the hub
Supported Transfer Model
Tokenized RWAs OFT uses burn/mint exclusively. It burns tokens on the source chain and mints on the destination chain using configurable function selectors (immutable per deployment):- Default mint:
mint(address,uint256)— selector0x40c10f19 - Default burn:
burn(address,uint256)— selector0x9dc29fac
(address,uint256) signature is supported (e.g., issue(address,uint256), redeem(address,uint256)).
Security Posture
All contracts use EIP-7201 namespaced storage and OpenZeppelin’s audited upgradeable libraries. Tokenized RWAs OFT contracts are independently audited. Roles are managed throughAccessControl2StepUpgradeable with two-step admin transfer. Module addresses are mutable (admin-only) so security modules can be upgraded independently. Fee settlement is push-based — fees are minted to a configured feeDeposit address during sends, with no withdrawal function.
Next Steps
- Technical leaders: Continue to Architecture for system design and message flow
- Security teams: See Security and Compliance for the threat model
- Integration engineers: See Modules for fee, pause, and rate limiting, and
NexusERC20for the token layer