> For the complete documentation index, see [llms.txt](https://docs.uniocean.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.uniocean.io/protocol-and-infrastructure/protocol/core-modules/tokenfactory.md).

# TokenFactory Module

The TokenFactory module provides native, chain-level asset issuance for Uniocean, enabling any account to create custom fungible tokens without deploying smart contracts. Each issued asset follows a deterministic denom namespace:

```
factory/{creator}/{subdenom}
```

This scheme makes provenance explicit while preserving compatibility with Cosmos SDK bank and metadata standards.

## Denom Construction and Validation

Token creation is executed through `MsgCreateDenom`, which enforces strict denom-shape constraints and uniqueness checks:

* **Deterministic Namespace:** New denoms are derived as `factory/{creator}/{subdenom}`.
* **Bounded Inputs:** `subdenom` length and nested path components are validated; creator must be a valid Bech32 account.
* **Collision Prevention:** Creation fails if bank metadata already exists for the resulting denom.
* **Safety Guard:** The module rejects subdenoms that collide with existing native supply names (temporary IBC-safety check in keeper logic).

## Creation Fees and Community Pool Funding

Denom creation is economically gated by a parameterized `DenomCreationFee`. On successful validation, this fee is transferred from the creator to the community pool before denom registration. The default parameter set initializes this fee to 10 native tokens (10 OCEANX-equivalent base units), while governance can update it via `MsgUpdateParams`.

## Authority Model and Admin Metadata

For every created denom, the module persists `DenomAuthorityMetadata`, including:

* **Admin:** Initially the creator, mutable through `MsgChangeAdmin`.
* **AdminBurnAllowed:** Configurable at creation (`allow_admin_burn`).

## Minting and Burning Semantics

Supply control is exposed through `MsgMint` and `MsgBurn`, with dual-mode authorization:

* **Non-permissioned Denoms:** Admin-only minting; self-burn allowed; burn-from-other-address requires admin and `AdminBurnAllowed=true`.
* **Permissioned Denoms:** If a permissions namespace exists, action checks are delegated to the permissions module:
  * `MINT` for minting
  * `BURN` for self-burn
  * `SUPER_BURN` for burning from another address

## Bank Metadata and Decimals Invariants

Metadata can be updated using `MsgSetDenomMetadata`, but with strict invariants:

* **Access Control:** Current denom admin may update metadata; if admin is empty, governance authority can do so.
* **Decimals Stability:** Existing non-zero decimals cannot be changed.
* **Admin Burn Toggle:** Admin burn can be disabled, but cannot be re-enabled once disabled (one-way hardening).

## Query and Indexing Surfaces

The module exposes gRPC/REST query surfaces for: Params, Denom Authority Metadata, Denoms From Creator, and Full Module State. It also emits typed events for `CreateDenom`, `Mint`, `Burn`, `ChangeAdmin`, and `SetDenomMetadata`, enabling deterministic off-chain indexing.
