RaylsErc721Handler

RaylsErc721Handler is the abstract base contract for ERC721 (NFT) tokens on a Rayls Privacy Node. Extend it to create a non-fungible token that can be minted, burned, and teleported cross-chain.

Inheritance: RaylsApp, ERC721, ERC721Holder, Initializable, ReentrancyGuard, RaylsAccessManaged

Minimal implementation

// SPDX-License-Identifier: MIT
pragma solidity 0.8.24;

import "@rayls/contracts/tokens/RaylsErc721Handler.sol";

contract MyNFT is RaylsErc721Handler {
    constructor(
        string memory _uri,
        string memory _name,
        string memory _symbol,
        address _endpoint,
        address _raylsNodeEndpoint,
        address _userGovernance,
        address _owner
    )
        RaylsErc721Handler(
            _uri,
            _name,
            _symbol,
            _endpoint,
            _raylsNodeEndpoint,
            _userGovernance,
            _owner,
            false
        )
    {}
}

Constructor parameters

Parameter	Description
`_uri`	Base URI for token metadata
`_name`	ERC721 collection name
`_symbol`	ERC721 collection symbol
`_endpoint`	Privacy Node endpoint — routes messages to other Privacy Nodes via the Private Network Hub
`_raylsNodeEndpoint`	Privacy Node endpoint for the Rayls Public Chain
`_userGovernance`	RBAC contract that manages user roles and permissions within the Privacy Node
`_owner`	Address granted the Owner role (mint, burn, submitTokenUpdate)

The last parameter (false) marks this as a standard token. Pass true only if you are overriding the default transfer behavior.

Token registration lifecycle

After deploying your token, call registerToken on the Privacy Node's TokenRegistryReplica system contract:

TokenRegistryReplica.registerToken(tokenAddress, ErcStandard.ERC721, false)

Once the Private Hub operator approves the registration, the relayer calls receiveResourceId() on your contract automatically:

// Called by the relayer (MESSAGE_EXECUTOR role) after approval — do NOT call manually
function receiveResourceId(bytes32 _resourceId) public virtual restricted

After this, your token has a resourceId and is ready for cross-chain teleports.

Mint and burn

// Owner role only
function mint(address to, uint256 id) public virtual restricted nonReentrant

// Owner role only
function burn(uint256 id) public virtual restricted nonReentrant

Both functions automatically report the change to the Private Hub's TokenRegistry via _submitTokenUpdate.

Balance updates

// Owner role only
function submitTokenUpdate(
    SharedObjects.BalanceUpdateType updateType,
    uint256 tokenId
) public virtual restricted

BalanceUpdateType is an enum: MINT or BURN. You rarely need to call this directly — mint and burn call it internally.

Teleport functions

Vanilla teleport

Simple burn-and-mint with no revert mechanism.

// Burn from msg.sender, mint on destination
function teleport(address to, uint256 id, uint256 chainId) public virtual nonReentrant returns (bool)

Atomic teleport

Token is locked on the destination until confirmed. If the destination fails, the relayer reverts the operation.

function teleportAtomic(address to, uint256 id, uint256 chainId) public virtual nonReentrant returns (bool)

Teleport to Public Chain

Sends an NFT from a Privacy Node to an address on the Rayls Public Chain. Requires the caller to be a registered user.

function teleportToPublicChain(address to, uint256 id, uint256 destinationChainId)
    public virtual onlyRegisteredUsers nonReentrant returns (bool)

Token locking

ERC721 tokens use per-token locking (a token is either locked or not, unlike ERC20 which locks amounts):

mapping(address => mapping(uint256 => bool)) lockedTokens

// Read-only helper
function isTokenLocked(address account, uint256 id) public view returns (bool)

Receive functions (called by the relayer)

Function	Trigger
`receiveTeleport(address to, uint256 id)`	Vanilla teleport arrived — mints token
`receiveTeleportAtomic(address to, uint256 id)`	Atomic teleport arrived — mints and locks
`receiveTeleportFromPublicChain(address to, uint256 id)`	Public Chain → Privacy Node — unlocks token
`revertTeleportMint(address to, uint256 id)`	Atomic teleport reverted on source — re-mints
`revertTeleportBurn(address to, uint256 id)`	Atomic teleport reverted on destination — unlocks and burns
`revertTeleportToPublicChain(address from, uint256 id)`	Public Chain mint failed — unlocks token
`unlock(address to, uint256 id)`	Confirms atomic teleport — releases locked token

All are restricted to MESSAGE_EXECUTOR.

Access control summary

Role	Functions
Owner	`mint`, `burn`, `submitTokenUpdate`
MESSAGE_EXECUTOR	`receiveTeleport`, `receiveTeleportAtomic`, `receiveTeleportFromPublicChain`, `revertTeleportMint`, `revertTeleportBurn`, `revertTeleportToPublicChain`, `unlock`, `receiveResourceId`
Any address	`teleport`, `teleportAtomic`, `teleportToPublicChain`*

teleportToPublicChain additionally requires onlyRegisteredUsers.