Due Diligence for RWA Protocols
[Real World Asset (RWA)](/insights/learn/what-are-real-world-assets-rwa) investments require a different approach to due diligence than pure DeFi protocols. You're evaluating not just smart contracts, but legal structures, counterparty relationships, regulatory compliance, and real-world operational capabilities.
This guide provides a systematic framework for evaluating RWA protocols and products, helping you identify quality opportunities and avoid potential disasters.
The RWA Due Diligence Framework
Effective RWA evaluation examines five critical dimensions:
- Legal & Structural Analysis
- Technical & Smart Contract Review
- Counterparty Evaluation
- Operational Assessment
- Risk-Return Analysis
Each dimension contains specific questions and verification methods.
Dimension 1: Legal & Structural Analysis
What Am I Actually Buying?
This is the most fundamental question. RWA tokens can represent:
- Fund shares: Ownership interest in an investment vehicle
- Debt instruments: Loans or notes with repayment obligations
- Direct asset claims: Title to underlying assets
- Revenue participations: Rights to cash flows without ownership
Each structure has different rights, risks, and recovery mechanisms.
Key Documents to Review:- Private Placement Memorandum (PPM)
- Subscription Agreement
- Operating Agreement/Trust Documents
- Token Terms and Conditions
Where Is the Legal Entity?
Jurisdiction matters significantly:
| Jurisdiction | Pros | Cons |
|---|---|---|
| Delaware (US) | Strong legal system, familiar structure | SEC oversight, transfer restrictions |
| Cayman Islands | Tax neutral, institutional familiarity | Limited local courts, offshore perception |
| BVI | Flexible, privacy-friendly | Similar to Cayman |
| Switzerland | Regulatory clarity, stable | Complex compliance |
| Singapore | Business-friendly, clear rules | Geographic restrictions |
- Why was this jurisdiction chosen?
- What are my legal rights if things go wrong?
- Can I pursue claims effectively?
Regulatory Status
Verify the offering's regulatory positioning:
For U.S. Investors:- Is this a Regulation D offering? Which rule (506(b) or 506(c))?
- Is Form D filed with the SEC? (Searchable at sec.gov)
- Are there state blue sky filings?
- Is this a Regulation S offering?
- Are there EU prospectus requirements?
- What local regulations apply?
Investor Protections
Essential Provisions to Verify:- Bankruptcy remoteness (assets in SPV, not issuer)
- Asset segregation from custodian
- Clear redemption procedures and timelines
- Dispute resolution mechanisms
- Voting or governance rights
Dimension 2: Technical & Smart Contract Review
Smart Contract Audits
- Have contracts been audited? By whom?
- Were audit findings addressed?
- When was the last audit? (Outdated audits may miss new code)
- Is there a bug bounty program?
- Trail of Bits
- OpenZeppelin
- Consensys Diligence
- Certik (though reputation varies)
- Halborn
Administrative Controls
Critical Questions:- Who can pause the contract?
- Who can blocklist addresses?
- What upgrade mechanisms exist?
- Are there timelock delays on sensitive functions?
- Is admin control multi-sig? How many signers? Who are they?
A single admin key controlling the contract is a significant red flag.
Token Mechanics
Understand:- How are new tokens minted? (Should align with asset purchases)
- How are tokens burned on redemption?
- How is yield distributed? (Rebasing vs. accumulating vs. separate)
- What happens if oracle fails?
Integration and Dependencies
- What oracles are used for pricing?
- Are there external dependencies that could fail?
- What chains is the token deployed on?
- Are there bridges, and what are their security models?
Dimension 3: Counterparty Evaluation
Issuer Assessment
Team Background:- Who are the key individuals?
- What's their track record in traditional finance/crypto?
- Have they been involved in failures or legal issues?
- Are identities public and verifiable?
- How long has the company operated?
- What's their funding history?
- What's their AUM (assets under management)?
- Are they profitable or burning venture capital?
- LinkedIn profiles of team members
- Crunchbase for funding history
- News searches for any controversies
- SEC EDGAR for any filings or enforcement actions
Custodian Verification
Essential Checks:- Is the custodian a qualified custodian (bank, broker-dealer)?
- What's their regulatory status?
- What insurance coverage exists?
- Are assets segregated from custodian assets?
- What's their track record with similar assets?
Service Provider Review
For Auditors/Attestors:- Are they recognized accounting firms?
- What's the scope of their attestation?
- How frequently do they verify?
- Experience with similar products?
- Independent from issuer?
- Regulatory status?
Dimension 4: Operational Assessment
Proof of Reserves
What to Look For:- Real-time dashboards showing underlying holdings
- Regular third-party attestations
- Transaction-level transparency
- Verifiable custody addresses
- How current is the proof?
- What exactly is being proven?
- Who provides attestation?
Track Record
For Established Protocols:- Historical returns vs. stated returns
- Any defaults or losses?
- How were problems handled?
- User reviews and community feedback
- Team track record in prior roles
- Advisory board quality
- Initial backing and validators
Liquidity and Redemption
Critical Questions:- What's the typical redemption timeline?
- Have redemptions been delayed historically?
- Are there gate provisions?
- Is there secondary market liquidity?
- What happens during market stress?
Communication and Transparency
Positive Signals:- Regular, substantive updates
- Responsive support
- Clear documentation
- Active community engagement
- Transparent incident handling
- Radio silence on issues
- Deleted or hidden Discord messages
- Vague or evasive responses
- Marketing-heavy, substance-light communications
Dimension 5: Risk-Return Analysis
Yield Decomposition
Understand where the yield comes from:
| Product Type | Typical Yield | Source |
|---|---|---|
| Tokenized Treasuries | 4-5% | U.S. government interest |
| Investment Grade Credit | 5-7% | Corporate bond interest |
| Private Credit (Senior) | 8-12% | Loan interest, risk premium |
| Private Credit (Junior) | 15-25% | Loan interest, first-loss premium |
| Real Estate | 6-12% | Rental income, appreciation |
If yields seem unusually high, understand why. Higher yield = higher risk (or unsustainable incentives).
Comparative Analysis
Compare the product to:
- Similar on-chain products
- Traditional equivalents (what would a bank or fund offer?)
- Risk-free rates (Treasury yields)
A 15% yield on "investment grade credit" should raise questions—actual investment grade yields are much lower.
Scenario Planning
Consider:
- What happens if interest rates spike?
- What if there's a major default?
- What if the protocol is hacked?
- What if regulators take action?
- What's the worst realistic case?
Red Flags Checklist
Immediate Disqualifiers
- Anonymous or unverifiable team
- No audit or outdated audit
- No legal documentation available
- Yields that don't make mathematical sense
- Pressure to invest quickly
- No clear redemption process
Serious Concerns
- Single admin key control
- Unlicensed or unknown custodian
- Vague or missing proof of reserves
- History of delayed redemptions
- Poor incident response history
- Aggressive or unrealistic marketing
Yellow Flags (Proceed with Caution)
- Relatively new protocol (< 1 year track record)
- Complex or unusual structure
- Limited secondary liquidity
- Concentration in few borrowers/assets
- Regulatory ambiguity
Practical Due Diligence Process
Step 1: Initial Screening (30 minutes)
- Review website and documentation
- Check team backgrounds
- Verify basic audit existence
- Look for obvious red flags
- Assess yield plausibility
Step 2: Deep Dive (2-4 hours)
- Read PPM and legal documents
- Review audit reports
- Verify custody arrangements
- Research counterparties
- Check regulatory filings
Step 3: Community and External Research (1-2 hours)
- Search Twitter/Discord for user experiences
- Look for independent reviews or analyses
- Check for news coverage or controversies
- Review any available performance data
Step 4: Test with Small Amount (Optional)
- Invest a minimal amount
- Test onboarding process
- Evaluate responsiveness and communication
- Monitor before committing larger capital
Documentation to Request
Before investing significant capital, request:
- Private Placement Memorandum or equivalent
- Recent audit report(s)
- Proof of reserves attestation
- Custody agreement summary
- Historical performance data
- Investor communications/reports
Legitimate protocols provide these readily. Resistance to transparency is a red flag.
Conclusion
Due diligence for RWA requires combining traditional investment analysis with crypto-native technical review. The extra effort is worthwhile—RWA investments carry unique [risks](/insights/learn/risks-of-rwa-investments) that require careful evaluation before committing capital.
No due diligence process guarantees success, but systematic evaluation dramatically improves your odds of identifying quality opportunities and avoiding costly mistakes. The best RWA investments reveal their quality through transparent structures, verifiable claims, and professional operations that welcome scrutiny.