Talk to us

All services Tokenization

RWA Tokenization Audit

Operational assessment of RWA tokenization workflows: the seam between off-chain custody of the underlying asset, on-chain issuance, and ongoing reconciliation.

Real-world asset (RWA) tokenization sits on top of a chain of custody that spans traditional custody (for the underlying asset), crypto custody (for the token), on-chain issuance infrastructure, and an ongoing reconciliation process that keeps the two sides honest. Each step has its own audit regime. The end-to-end workflow does not. We audit the seam. The category has moved from experiment to active institutional product. BlackRock’s BUIDL tokenized treasuries fund crossed approximately $500 million in assets within months of its March 2024 launch and continues to expand. Franklin Templeton’s BENJI on-chain money market fund, Ondo Finance’s tokenized USD treasury products, and KKR’s tokenized private equity fund on Avalanche followed similar institutional adoption curves. Total tokenized US Treasuries crossed $1 billion in 2024 (per RWA.xyz tracking) and continued to grow into 2025. Boston Consulting Group and ADDX project tokenized illiquid assets reaching $16 trillion by 2030, and Singapore’s Monetary Authority of Singapore (MAS) Project Guardian had moved well past 20 institutional pilots across tokenized assets, FX, and bonds by 2025. Regulatory frameworks (MiCA in force since 2024, MAS Project Guardian, evolving SEC guidance) are catching up to product reality. The failure incidents are starting to show the operational seam: Zoth, an RWA DeFi platform, lost $8.3 million in March 2025 to a private-key compromise that allowed a malicious smart-contract upgrade; Centrifuge’s tokenized credit pools have, in earlier cycles, written down losses on underlying off-chain originations (including a 2023 BlockTower-originated credit pool default that the on-chain accounting absorbed) where the on-chain token did not protect against off-chain credit risk. The losses on this asset class are operational and credit-related, not cryptographic, and the audit regime has not yet caught up to the product complexity.

The operational surface

  • Underlying-asset custody. Where the real-world asset lives, who holds it, how segregation and beneficial ownership are documented.
  • Issuance mechanics. The process by which the underlying asset becomes an on-chain token, and the controls that prevent mismatch between off-chain title and on-chain supply.
  • Ongoing reconciliation. How the off-chain asset and the on-chain token stay aligned: at what frequency, with what evidence, under what failure modes.
  • Redemption workflows. The path from on-chain burn to delivery of the underlying asset, including every party that must execute correctly for it to complete.
  • Transfer restrictions. Whitelisting, KYC/AML enforcement on-chain, and how the token contract enforces (or fails to enforce) the regulatory constraints attached to the underlying asset.
  • Oracle and price-feed dependencies. Where NAV or price data comes from, who could manipulate it, what happens to the program if the feed halts.
  • Issuer key custody. The keys that authorize mint, burn, and upgrade authority. Same standard we apply to custody platforms and stablecoin issuers (see CCSS Audit & Readiness and Stablecoin Operations).

What we assess

We map the full chain from underlying asset to on-chain representation, identify every party and every control at every step, and produce a report that names where the assurance regime breaks down. Traditional controls audits cover the custody and transfer-agent side. Smart contract audits cover the token contract. Our work covers the seam in the middle, which is where end-to-end reconciliation either works or quietly does not.

What you get

A report structured around the full lifecycle (issuance, reconciliation, redemption, transfer enforcement, oracle integrity), with severity-graded findings and a remediation roadmap. Specific recommendations on which assurance gaps to close first, and which audits or attestations the program needs to commission alongside our work.

Who this is for

  • Issuance platforms tokenizing real-world assets, securities, commodities, or funds.
  • Banks and asset managers integrating tokenized products into their own workflows.
  • Allocators considering tokenized exposure and needing a view on operational integrity. Where tokenized assets are used as collateral in lending or credit programs, see also On-Chain Credit.
  • Regulators and their advisors evaluating a tokenization program before approval.

When to engage

  • Before launching a tokenization product.
  • Before adopting or distributing a tokenized asset through your own infrastructure.
  • When an existing tokenization operation has scaled past its original reconciliation design.
  • When a regulator or counterparty has asked a question that existing audit reports do not answer.

Frequently asked questions

What does a RWA tokenization audit cover?

A RWA tokenization audit covers the full chain from underlying-asset custody to on-chain token to redemption. We assess where the real-world asset lives, how segregation is documented, how the asset becomes an on-chain token and the controls that prevent mismatch, how on-chain supply and off-chain custody stay aligned over time, the redemption workflow, and how transfer restrictions (whitelisting, KYC enforcement) are actually enforced on-chain. Smart contract audits cover the token contract; we cover the seam in the middle.

How do you verify on-chain supply matches off-chain custody?

We verify off-chain custody records against on-chain supply at multiple points and check the reconciliation process's frequency, evidence trail, and behavior under failure modes. We test whether the documented procedure has been exercised under stress (asset transfer, custodian outage, chain congestion). The Network Firm, Stout, and other firms specialized in tokenized assets have published criteria; we apply them as a baseline.

Who audits tokenized real-world assets?

CPA firms specialized in tokenization (Stout, The Network Firm, LedgerLens), the Big Four where the issuer has a relationship, smart contract auditors for the contract code, and increasingly, regulator-mandated independent assurance. None of these individually covers the full operational surface; we cover the seam between them.

How does a tokenization audit add to a smart contract audit?

A smart contract audit reviews the token contract's code. A tokenization operational audit picks up where that ends, assessing the off-chain custody of the underlying, the issuance and redemption workflows, the reconciliation between on-chain and off-chain books, and the operational controls around any party that can mint, burn, or upgrade. The two are complementary; neither alone covers the chain. Most institutional buyers now require both for any tokenization program that holds real assets.

Does my tokenization platform need a SOC 2 in addition to a smart contract audit?

Typically yes. SOC 2 covers the platform's IT controls generically. Smart contract audits cover the token contract. Neither covers the operational seam where off-chain custody, issuance authority, on-chain transfer enforcement, and oracle dependencies interact. Tokenization platforms generally need a SOC 2 baseline, a smart contract audit on the token, and an operational audit on the seam.

Which regulatory frameworks apply when I tokenize an asset?

The applicable framework depends on jurisdiction and asset class: the SEC framework for tokenized securities in the US (with the SEC's Office of the Chief Accountant having published direct guidance on operational risk for digital assets), Singapore MAS Project Guardian materials (with more than 20 institutional pilots run since 2022), the EU MiCA regulation (in force since 2024 and the first comprehensive crypto-asset framework in a major jurisdiction), and various national frameworks for tokenized funds. The BIS has published several papers on tokenization risk shaping supervisory expectations. None of these prescribes operational audit methodology directly; the standards bodies are still catching up.

How are tokenized funds operationally different from traditional funds?

Tokenized funds add an operational layer to traditional fund mechanics: subscription and redemption execute on-chain, transfer restrictions are enforced by smart contracts, and the reconciliation between on-chain ownership and off-chain register is continuous rather than periodic. Each requires operational controls that traditional fund administrators were not designed to provide. The interesting failure modes happen at the seam.

Scope a Tokenization engagement

Every engagement starts with a scoping call about what you're trying to assure and who you need to assure it to.

Prefer to schedule directly? Book a call