Attribute

ERC-3643 (T-REX / Ethereum)

ST22 (CEDEX / Solana)

Market adoption

$32B+ tokenized assets · 8+ years

Emerging · Category 1 Model B pioneer

Token standard

ERC-20 + compliance overlay contracts

SPL Token-2022 native Transfer Hooks

Compliance enforcement

ONCHAINID + external claim registries

42 controls inside Transfer Hook — atomic

Bypass risk

Possible via direct EVM call bypassing overlay

Impossible — hooks are runtime-enforced

Transaction speed

12–15s (L1) · seconds on L2

~400ms finality

Transaction cost

$1–$50+ (L1) · ~$0.01 (L2)

~$0.00025

Liquidity model

External DEX or ATS · issuer-deployed pools

Global Unified CEDEX Liquidity Pool — permanent

Target market

Institutional-grade tokenization at scale

Illiquid OTC microcap Digital Securities

Regulatory posture

EU MiCA compatible · SEC varying

SEC Category 1 Model B · Release No. 33-11412

Upgrade path

Upgradeable proxy contracts

Immutable Transfer Hook controls

Multi-chain

Native EVM · ERC-3643 on Polygon/Arbitrum/Base

Solana primary · cross-chain roadmap (Section 13)

ERC-3643 (T-REX) Transfer Execution — 5-step flow:

1. Sender calls token.transfer(recipient, amount)

2. Token contract queries IdentityRegistry:

   → Is recipient's wallet mapped to an ONCHAINID?

3. Token contract queries ComplianceContract:

   → Does recipient's ONCHAINID hold valid claims?

   → Claims checked: KYC status · accreditation · jurisdiction

4. If all checks pass — transfer executes (ERC-20 balanceOf update)

5. If any check fails — transaction reverts

CRITICAL VULNERABILITY:

Step 2–3 are application-layer calls — not Ethereum runtime enforcement.

A caller with direct EVM access can call the underlying ERC-20

transfer() function directly, bypassing the T-REX compliance wrapper.

This requires specific permissions but represents a structural

bypass path that does not exist in SPL Token-2022 Transfer Hooks.

ERC-3643 Compliance Bypass Risk

ERC-3643 compliance is enforced at the smart contract application layer, not at the Ethereum runtime. A wallet that holds upgrade authority, proxy admin rights, or direct transfer permissions can bypass the ONCHAINID compliance layer. While Tokeny and institutional deployers implement access controls to prevent this, the structural bypass path exists. SPL Token-2022 Transfer Hooks execute inside the Solana runtime — there is no bypass path. The hook is not a smart contract call — it is a runtime instruction that cannot be omitted.

SPL Token-2022 Transfer Hook — execution flow:

1. Any caller initiates token.transfer(from, to, amount)

   (can be a DEX, a wallet, a smart contract — any caller at all)

2. Solana runtime intercepts the transfer instruction

3. Runtime AUTOMATICALLY invokes the hook program

   (cannot be skipped — this is enforced by the runtime, not application code)

4. Hook program executes ALL 42 controls sequentially:

   Controls 1–15:  Identity, KYC, AML, OFAC, wallet whitelist

   Controls 16–20: Concentration limits

   Controls 21–26: Circuit breakers, price impact, velocity, holding period

   Controls 27–30: 1:1 custody attestation oracle

   Controls 31–42: Governance, regulatory freeze, admin controls

5. If ALL controls pass — transfer executes atomically

6. If ANY control fails — entire transaction reverts

   (specific error code returned identifying which control failed)

NO BYPASS PATH EXISTS:

The hook is part of the token mint account metadata.

The Solana runtime enforces hook invocation on every CPI and direct call.

There is no direct transfer() equivalent that skips the hook.

Runtime Enforcement vs. Application Enforcement

This is the foundational architectural difference between ERC-3643 and ST22. ERC-3643 compliance is an application-layer wrapper around ERC-20 — a set of smart contract calls that precede the transfer. ST22 compliance is runtime-enforced by the Solana validator before the transfer executes. You cannot call the SPL token transfer instruction without triggering the hook, in the same way that you cannot call a Solana system program instruction without paying the transaction fee. It is not a policy — it is a protocol invariant.

Dimension

ERC-3643 (T-REX)

ST22 (CEDEX)

Compliance layer

Application-layer smart contract overlay

Runtime-enforced Transfer Hook

Enforcement point

Before token.transfer() call in T-REX contract

Inside Solana runtime — every CPI and direct call

Bypass risk

Possible via direct ERC-20 call with elevated permissions

Impossible — runtime always invokes hook

Identity system

ONCHAINID (ERC-734/735) — on-chain verifiable credentials

Empire Stock Transfer Master Securityholder File

Control count

Variable — issuer-configured modular rules

42 fixed controls — immutable

Immutability

Upgradeable proxy pattern — rules can be changed

Immutable — 42 controls cannot be altered by any party

Upgrade authority

Compliance contract owner (varies by deployer)

3-of-5 multi-sig (params) · 5-of-9 multi-sig (upgrades) · immutable controls unchanged

Custody link

Third-party custodian relationship (varies)

Empire Stock Transfer — 1:1 oracle every ~400ms

Failure behavior

Transaction reverts with generic EVM revert

Transaction reverts with specific error code per control

Formal verification

Kaspersky + Hacken audited

Certora formal verification (pre-mainnet)

Metric

ERC-3643 (Ethereum L1)

ST22 (Solana)

Transaction finality

12–15 seconds

~400ms (one slot)

Transaction cost (typical)

$1–$50+ depending on gas

~$0.00025

Cost per compliance check

Included in $1–$50 gas

~$0.00025 for all 42 controls combined

L2 cost (Polygon/Arbitrum)

~$0.01–$0.05

N/A — Solana is already fast and cheap

Throughput capacity

~15 TPS (L1) · higher on L2

65,000+ TPS theoretical · 3,000–5,000 TPS sustained

Settlement finality

~12s (probabilistic) · ~13 min (economic)

~400ms (Proof of History + Tower BFT)

Oracle update frequency

Block-by-block · ~12s cadence

~400ms — every Solana slot

Exchange Attribute

ERC-3643 Ecosystem

CEDEX (OTCM Protocol)

Exchange model

External ATS / broker-dealer / DEX listing

Purpose-built compliance-native exchange

Compliance at trade

Application-layer check before trade

Runtime Transfer Hook — same operation as trade

Liquidity model

Issuer-deployed pools or external market makers

Global Unified CEDEX Liquidity Pool — shared, permanent

Liquidity permanence

Market makers can withdraw · liquidity pools removable

LP tokens burned — withdrawal mathematically impossible

MEV protection

Varies by venue

Jito bundle integration — private submission

AMM design

External DEX (Uniswap, Curve, etc.)

Custom CPMM with u128 arithmetic · rounding toward pool

Issuer cost to list

ATS fees + broker-dealer fees + legal

$1,000–$25,000 one-time ST22 minting fee

Secondary fee structure

Varies by venue · typically 0.1–1%

5% on all transactions — 0.44% to Global Pool permanently

Trading hours

ATS: market hours · DEX: 24/7

24/7/365 — Solana runs continuously

ERC-3643 (T-REX) — Strengths · Weaknesses · Opportunities · Threats

Category

Detail

STRENGTH — Market adoption

$32B+ in tokenized assets · 8+ years of production deployment · institutional familiarity (BlackRock, Hamilton Lane)

STRENGTH — EIP Final status

Only security token standard with EIP ‘Final’ designation (December 2023) · official Ethereum standards process endorsement

STRENGTH — EVM compatibility

Native multi-chain deployment on Polygon, Arbitrum, Base, and any EVM chain · enormous developer and liquidity ecosystem

STRENGTH — ONCHAINID

Decentralized verifiable credential system · portability across issuers without re-verification

STRENGTH — MiCA compatibility

Designed with EU MiCA regulatory framework in mind · institutional regulatory familiarity in European markets

STRENGTH — Upgradeable compliance

Modular Compliance contract allows updating rules without token contract changes · adaptable to evolving regulation

WEAKNESS — Gas costs

$1–$50+ per transfer on Ethereum L1 makes compliance-verified trading uneconomical for mid-market issuers

WEAKNESS — Bypass risk

Application-layer compliance can be bypassed by callers with direct ERC-20 transfer access or upgrade authority

WEAKNESS — Complexity

Five-component architecture (T-REX + ONCHAINID + IdentityRegistry + Compliance + TrustedIssuers) requires specialized expertise

WEAKNESS — No built-in exchange

Standard defines token compliance · not trading venue · liquidity fragmented across ATS / broker-dealers / DEXs

OPPORTUNITY — Institutional scale

Optimal for institutional-grade transactions where gas cost is immaterial and regulatory familiarity matters most

OPPORTUNITY — OTCM cross-chain

OTCM Protocol Phase 4 cross-chain roadmap evaluates ERC-3643 compatibility layer for EVM representation tokens

THREAT — Gas barrier

Ethereum L1 economics exclude mid-market and retail-accessible securities tokenization permanently

THREAT — Competing L1s

Solana, Avalanche, and emerging L1s threaten EVM lock-in as institutional custody infrastructure expands beyond Ethereum

ST22 (CEDEX) — Strengths · Weaknesses · Opportunities · Threats

Category

Detail

STRENGTH — Runtime enforcement

Transfer Hook executes inside Solana runtime — no application-layer bypass path exists for any caller

STRENGTH — 42 immutable controls

Fixed, immutable, formally-verified security controls — cannot be weakened by upgrade, governance, or admin action

STRENGTH — Transaction economics

~$0.00025 per transfer enables compliance-verified trading for mid-market and even small-cap issuers

STRENGTH — Speed

~400ms finality enables real-time settlement and intraday 1:1 attestation oracle updates every slot

STRENGTH — Integrated exchange

CEDEX provides token standard + exchange + permanent liquidity in a single architecture

STRENGTH — Permanent liquidity

Global Unified CEDEX Liquidity Pool — LP tokens burned · liquidity cannot be withdrawn or rugpulled

STRENGTH — SEC Category 1 Model B

Built for compliance with the January 28, 2026 Joint Staff Statement and Release No. 33-11412 from inception

STRENGTH — Empire custody integration

Direct SEC-registered transfer agent custody with 1:1 oracle attestation on every Solana slot

WEAKNESS — Newer standard

Significantly less institutional track record than ERC-3643’s 8+ years and $32B+ in deployments

WEAKNESS — Solana-only initially

Cross-chain expansion requires Phase 2–4 roadmap execution (Section 13) · EVM investors must bridge

WEAKNESS — DEX incompatibility

Major Solana DEXs (Raydium, Orca, Meteora) don’t support Token-2022 Transfer Hooks · requires CEDEX as exclusive venue

WEAKNESS — Single exchange dependency

All secondary trading routes through CEDEX — concentration of exchange risk until multi-venue expansion

OPPORTUNITY — $50B trapped market

Entire addressable market is underserved by ERC-3643 due to gas economics · ST22/CEDEX is purpose-built for this gap

OPPORTUNITY — SEC regulatory clarity

Release No. 33-11412 and Category 1 Model B provide strong U.S. regulatory foundation that ERC-3643 cannot match

THREAT — ERC-3643 institutional dominance

Institutional investors, custodians (Fireblocks, BitGo), and regulators know ERC-3643 · ST22 requires market education

THREAT — Solana network risk

Historical Solana outages (pre-2023) remain a reputation factor · Firedancer reduces but doesn’t eliminate concern

Use Case

ERC-3643 Fit

ST22/CEDEX Fit

Institutional RWA tokenization ($100M+)

Optimal — institutional familiarity · gas cost immaterial

Capable but not differentiated at this scale

Mid-market issuer tokenization ($1M–$50M)

Feasible on L2 · legal/compliance overhead still high

Optimal — cost-effective · SEC Category 1 compliant

OTC microcap liquidity restoration

Uneconomical — gas + ATS fees exceed company revenue

Purpose-built — entire OTCM value proposition

EU MiCA-regulated offerings

Optimal — MiCA-compatible by design

Phase 3–4 cross-chain evaluation (2027–2028)

24/7 secondary market trading

Possible on DEX · compliance enforcement varies

Native — CEDEX trades 24/7/365 with full compliance

Retail investor access (non-accredited)

Reg A+ possible via ATS

Reg A+ pathway on OTCM Phase 3 roadmap (2027)

High-frequency institutional trading

Possible on L2 · latency acceptable

~400ms · superior latency at lower cost

Cross-chain liquidity (EVM ≠ Solana)

Native — deployed on multiple EVM chains

Phase 2+ roadmap · Wormhole NTT bridge

Why OTCM Protocol Chose ST22 Over ERC-3643

The $50B trapped shareholder value problem is concentrated in companies with 500–10,000 shareholders, $1M–50M in underlying share value, and zero ability to pay Ethereum L1 gas costs or ATS registration fees. ERC-3643 on Ethereum L1 is structurally incompatible with this market segment regardless of compliance quality. ST22 on Solana with CEDEX is the only architecture that delivers: (1) institutional-grade compliance enforcement; (2) cost economics viable for mid-market issuers; (3) a built-in exchange with permanent liquidity; and (4) SEC Category 1 Model B compliance from day one. This is not a technology preference — it is a market access requirement.

Consideration

Assessment

Institutional familiarity

High — $32B deployed · BlackRock, Hamilton Lane, Société Générale familiar with the standard

Compliance enforcement depth

Lower than SPL Transfer Hooks on EVM — application layer not runtime enforcement

Development cost

Medium — wrapper contract + ONCHAINID integration + ongoing maintenance

Time to market

Faster than building custom EVM compliance infrastructure from scratch

Strategic dependency risk

Creates dependency on Tokeny ecosystem and ERC-3643 Association governance

Regulatory treatment

CLO review required — whether ERC-3643 wrapper satisfies Category 1 Model B on EVM chains

Phase 4 decision gate

Q2 2027: CTO + CLO publish governance proposal before Phase 4 development begins

Critical Cross-Chain Compliance Disclosure

Any EVM-chain representation of ST22 Digital Securities tokens (Phase 2+) will NOT carry equivalent compliance enforcement to native Solana ST22 tokens until Phase 3 EVM compliance layer is complete. EVM-side wrapped tokens do not invoke OTCM Protocol’s 42 Transfer Hook controls — OFAC screening, AML risk scoring, and wallet whitelist enforcement must be implemented at the application layer on EVM chains. This limitation is disclosed in all investor materials for cross-chain products. Solana remains the authoritative compliance and settlement layer for all ST22 Digital Securities.

Groovy Company, Inc. dba OTCM Protocol  |  CIK: 1499275  |  Version 7.0  |  March 2026  |  Confidential