RWA Risk Checklist

How to evaluate tokenized real-world assets before you invest

12 min read
Due Diligence
Intermediate

The 3 Gateway Questions

Before looking at yield, marketing materials, or TVL numbers, answer these three questions about any tokenized real-world asset product:

  1. What do I actually own? A token can represent direct ownership, a claim on a pool, exposure to an index, or nothing legally enforceable at all. The word "tokenized" does not tell you which one.
  2. Who holds the real asset? Somewhere offchain, a real asset exists (a treasury bill, a piece of real estate, a loan agreement). Someone is custodying it. Who? Under what jurisdiction? With what insurance?
  3. How do I get my money back? What is the redemption process? Is it instant, daily, monthly, or subject to gates and windows? What happens if the issuer goes insolvent?
The Hard Rule

If you cannot answer all three questions clearly, stop. Do not proceed to yield analysis, do not compare APYs, do not deposit capital. The answers to these three questions determine whether anything else matters.

Yield Red Flags

Yield on tokenized real-world assets should be explainable. If you cannot trace the yield back to a specific economic source, something is wrong.

  • High yield with no source explanation. If a protocol advertises 15%+ on tokenized treasuries and does not explain where the extra yield comes from, you are likely the yield. Someone is being paid with your principal or with new depositor money.
  • Yields too good for the risk class. Tokenized U.S. treasuries yield 4-5% because that is what the underlying asset pays. If a product wrapping the same asset offers 20%, the excess must come from somewhere: leverage, lending out your deposit, token emissions, or hidden risk layers.
  • "Sustainable yield" from token emissions. Token rewards are inflation, not income. They dilute existing holders and are only valuable if someone else buys the token at a stable price. This is not yield from a real-world asset. It is a subsidy that will end.
The Yield Source Test

For any RWA yield product, ask: "If token emissions stopped tomorrow, what would the yield be?" If the answer is close to zero, the yield is synthetic, not real.

Custody Red Flags

Real-world assets exist in the physical world. They require custodians, legal agreements, and regulated infrastructure. Custody is the bridge between the token and the asset it represents, and it is the most common point of failure.

  • No named custodian. If a protocol does not disclose who holds the underlying assets, that is disqualifying. Legitimate RWA products name their custodian, the jurisdiction, and the regulatory framework.
  • "Decentralized custody" for real-world assets. This does not exist. A building, a treasury bill, or a loan agreement cannot be held by a smart contract. Someone offchain is responsible. If the protocol claims otherwise, they are obscuring who that someone is.
  • "Onchain custody" for offchain assets. A token on a blockchain is a record, not custody. Holding a token that represents a treasury bill is not the same as holding a treasury bill. The token is a claim, and that claim is only as strong as the legal and operational infrastructure behind it.
  • No proof of reserves. For RWA products, proof of reserves means verifiable evidence that the offchain assets exist and match the onchain token supply. Attestations from reputable auditors, not just self-reported numbers.

Tokenized real-world assets sit at the intersection of crypto and securities law. The legal structure determines whether your token gives you actual rights or just exposure with no recourse.

  • No SPV or legal wrapper. Properly structured RWA products use a Special Purpose Vehicle (SPV) or similar legal entity to isolate the assets. Without one, the assets may be commingled with the issuer's other obligations, meaning you are an unsecured creditor if things go wrong.
  • Vague token holder rights. There is a critical difference between "exposure to" and "ownership of" an asset. Many RWA tokens provide economic exposure without any legal claim on the underlying. Read the fine print: if the documentation says "exposure" rather than "ownership," understand what that means for recovery in a default.
  • No legal documents available. Legitimate RWA products provide an offering memorandum, subscription agreement, and terms of service. If none of these are available, or if they are vague one-pagers, the product has not been structured with legal rigor.
Jurisdiction Matters

The legal enforceability of your token holder rights depends on the jurisdiction of the SPV, the custodian, and the issuer. A token issued by a BVI entity with assets held in an unregulated jurisdiction gives you very different legal standing than one issued under U.S. or EU securities frameworks.

Liquidity Red Flags

Tokenization is often marketed as making illiquid assets liquid. This is misleading. Putting a building onchain does not make the building liquid. It makes the record of the building transferable, which is not the same thing.

  • "Liquid" but actually not. Tokenization creates transferability, not liquidity. A tokenized building is still a building. If there are no buyers for the token, you cannot exit. Liquidity requires active markets with depth, not just a blockchain address.
  • No secondary market. If the only way to exit is through the issuer's redemption process, you are dependent on their solvency and willingness to honor redemptions. Check whether there is an active secondary market (DEX pools, OTC desks) and what the typical spread is.
  • Redemption windows and gates. Many RWA products have redemption restrictions: monthly windows, notice periods, maximum redemption amounts per period. These are normal in traditional finance but catch DeFi-native users off guard. If you cannot exit when you want to, the product is less liquid than its marketing suggests.

Smart Contract & Protocol Red Flags

RWA protocols still run on smart contracts. The onchain layer introduces its own set of risks independent of the underlying real-world asset.

  • No audits. Smart contracts handling real-world asset tokens should be audited by reputable firms. No audit means no independent verification that the code does what the documentation claims. Multiple audits from different firms are better than one.
  • Upgradeable contracts with no transparency. Upgradeable smart contracts are common in RWA protocols because regulations and product features evolve. But upgradability means someone can change the rules. Check: Is there a timelock? A multisig? A governance process? Or can a single admin key rewrite the contract overnight?
  • Single points of failure (admin keys). If one private key can pause the contract, freeze tokens, or change fee structures, that is a centralization risk. It may be acceptable for regulated products (where the admin is a regulated entity), but it should be disclosed and understood.

Lending-Specific Red Flags

Onchain lending against real-world assets introduces additional risks that do not exist in standard DeFi lending against crypto collateral.

  • Under-collateralized loans with no legal recourse. In DeFi, under-collateralized lending only works if there is a legal mechanism to pursue defaulting borrowers. If borrowers are anonymous or in jurisdictions without enforceable agreements, the protocol has no way to recover losses beyond whatever collateral was posted.
  • No borrower identity disclosure. For under-collateralized or partially collateralized RWA lending, knowing who the borrowers are matters. Anonymity is a feature in permissionless DeFi but a risk in credit markets. If the protocol does not disclose borrower identities (or at least borrower categories), you cannot evaluate credit risk.
  • "Zero defaults" as a selling point. Every lending platform starts with zero defaults. That number tells you nothing about credit quality. It tells you the platform has not existed long enough, or the market has not stressed enough, for defaults to occur. The absence of defaults is not evidence of good underwriting. It is evidence of insufficient history.

General Red Flags

These apply across all RWA products regardless of the specific asset class or protocol structure.

  • Big promises, no paperwork. If a project has a polished website, active social media, and partnership announcements but no legal documentation, no named custodian, and no audit reports, the marketing budget exceeds the legal budget. That is a red flag.
  • Anonymous teams building regulated products. Anonymity and regulation are contradictions. If a team is building a product that involves securities, lending, or custody of real-world assets, they need to operate within a legal framework. Anonymous teams cannot do this. If the team is anonymous and the product is regulated, something does not add up.
  • No clarity on fees. Where are the fees? How are they calculated? Who receives them? If this is not clearly documented, you do not know the true cost of the product, and you cannot calculate your real yield.
  • Pressure to invest quickly. Limited-time offers, countdown timers, "early depositor" bonuses, or social pressure from influencer marketing are not features of well-structured financial products. They are features of products that benefit from capital inflows more than capital retention.

The 10-Point Checklist

Before depositing capital into any tokenized real-world asset product, confirm you can check every item on this list.

RWA Due Diligence Checklist

1
I know what the underlying asset is
2
I know who holds it (named custodian)
3
I know what rights I have as a token holder
4
I know where the yield comes from
5
I know how and when I can get my money back
6
I've seen legal documentation (not just a website)
7
I know who the team is (not anonymous for regulated products)
8
I know what the fees are
9
I've checked if smart contracts are audited
10
I understand the risks -- not just the returns
The Bottom Line

If you can check all ten, you are ahead of 95% of people in this space. If you cannot check more than half, slow down and ask more questions.

Disclaimer: This is educational content about risk frameworks, not investment advice. Tokenized real-world assets carry risks including legal, custody, liquidity, and smart contract risks. Always do your own research and consult qualified professionals before making investment decisions.

Continue Learning

R

Real-World Assets (RWA) Explained

What tokenized real-world assets are and how they work
Y

Understanding DeFi Yield and Risk

Why every basis point of yield is a risk premium in disguise
S

DeFi Security Deep Dive

Smart contract risks, audit standards, and protocol security