Exploring the Security Issues of Real World Assets (RWA)
Pages 31 - 40
Abstract
Having real-world assets (RWA) tokenized on blockchains has recently been intensively discussed and recognized by DeFi ecosystem and traditional financial institutions as the next growth frontier, with its total value locked (TVL) surpassing \2.5 billion as of September 30, 2023. However, the operational mechanics and security issues of RWA remain largely uncharted. To fill this gap, we propose the ever-first research on its anatomy and security issues. We initially outline two strategies for tokenizing real-world assets, and then we analyze the potential security risks within six associated entities (e.g., investors and smart contracts). Furthermore, we conduct a measurement of 39 mainstream RWA projects and reveal that RWA projects are facing risk deficiencies in areas of on-chain investors, stablecoins, blockchain oracles, project teams, and off-chain assets. Our research proves potential risks and threats in the RWA area and offers guidance for the burgeoning RWA market.
References
[1]
2023. Agatobwe. https://www.agatobwe.eco/.
[2]
2023. Backed finance. https://backed.fi/.
[3]
2023. Bloom Garden. https://www.bloom.garden/.
[4]
2023. CACHE.Gold. https://cache.gold/.
[5]
2023. CitaDao. https://citadao.io/.
[6]
2023. Clearpool. https://clearpool.finance/.
[7]
2023. Dai (cryptocurrency). https://en.wikipedia.org/wiki/Dai_ (cryptocurrency).
[8]
2023. Elyfi. https://www.elyfi.world/.
[9]
2023. Jia. https://www.jia.xyz/.
[10]
2023. Lofty.Ai. https://www.lofty.ai/.
[11]
2023. Matrixdock. https://www.matrixdock.com/.
[12]
2023. Meld Gold. https://meld.gold/.
[13]
2023. OpenEden TBills. https://openeden.com/.
[14]
2023. PolyTrade. https://www.polytrade.finance/.
[15]
2023. Solid World. https://www.solid.world/.
[16]
2023. Stream Finance. https://streamprotocol.money/.
[17]
2023. stUSDT. https://stusdt.io.
[18]
2023. Tprotocol. https://www.tprotocol.io/.
[19]
2023. Yieldteq. https://www.yieldteq.io/.
[20]
Hong Kong Monetary Authority. 2023. Bond Tokenisation in Hong Kong. https://www.hkma.gov.hk/media/eng/doc/key-information/pressrelease/ 2023/20230824e3a1.pdf, Last accessed on 2023--10--10.
[21]
Markuss Baltais, Evita Sondore, Talis J Putnin, ?a, and Jonathan R Karlsen. [n. d.]. Economic impact potential of real-world asset tokenization. ([n. d.]).
[22]
Justin Banon. 2023. The Trillion Dollar Crypto Opportunity: Real World Asset Tokenization. https://www.coindesk.com/consensus-magazine/2023/08/ 31/the-trillion-dollar-crypto-opportunity-real-world-asset-tokenization/, Last accessed on 2023--10--10.
[23]
Toe Bautista. 2023. Goldfinch Default: The Double-Edged Sword of RWAs. https: //messari.io/report/goldfinch-default-the-double-edged-sword-of-rwas, Last accessed on 2023--10--10.
[24]
Abdeljalil Beniiche. 2020. A study of blockchain oracles. arXiv preprint arXiv:2004.07140 (2020).
[25]
THE BLOCK. 2023. Synthetix suffers oracle attack, more than 37 million synthetic ether exposed. https://www.theblock.co/linked/28748/synthetix-suffersoracle- attack-potentially-looting-37-million-synthetic-ether, Last accessed on 2023--10--10.
[26]
Antonio Briola, David Vidal-Tomás, Yuanrong Wang, and Tomaso Aste. 2023. Anatomy of a Stablecoin's failure: The Terra-Luna case. Finance Research Letters 51 (2023), 103358.
[27]
Giulio Caldarelli. 2020. Understanding the blockchain oracle problem: A call for action. Information 11, 11 (2020), 509.
[28]
IOBC Capital. 2023. Understanding the Development of the RWA. https: //foresightnews.pro/article/detail/29971, Last accessed on 2023--10--10.
[29]
TKX CAPITAL. 2023. Revolutionizing DeFi: The Role of $STBT in Onboarding Real World Assets | TKX Weekly. https://tkxcapital.medium.com/ revolutionizing-defi-the-role-of-stbt-in-onboarding-real-world-assets-tkxweekly- 4970f4a5c197, Last accessed on 2023--10--10.
[30]
Ashley Capoot. 2023. Stablecoin USDC breaks dollar peg after firm reveals it has $3.3 billion in SVB exposure. https://www.cnbc.com/2023/03/11/stablecoinusdc- breaks-dollar-peg-after-firm-reveals-it-has-3point3-billion-in-svbexposure. html, Last accessed on 2023--10--10.
[31]
Francesca Carapella, Grace Chuan, Jacob Gerszten, Chelsea Hunter, and Nathan Swem. 2023. Tokenization: Overview and Financial Stability Implications. (2023).
[32]
Certik. 2023. Lofty AI audit is in progress. https://skynet.certik.com/projects/ lofty-ai, Last accessed on 2023--10--10.
[33]
Certik. 2023. stUSDT audit is in progress. https://skynet.certik.com/projects/ stusdt, Last accessed on 2023--10--10.
[34]
Certik. 2023. TProtocol audit is in progress. https://skynet.certik.com/projects/ tprotocol, Last accessed on 2023--10--10.
[35]
Chainlink. 2023. Market Manipulation vs. Oracle Exploits. https://chain. link/education-hub/market-manipulation-vs-oracle-exploits, Last accessed on 2023--10--10.
[36]
Chainlink. 2023. What Are Proof of Reserves? https://chain.link/educationhub/ proof-of-reserves, Last accessed on 2023--10--10.
[37]
Chainlink. 2023. What Is a Blockchain Oracle? https://chain.link/education/ blockchain-oracles, Last accessed on 2023--10--10.
[38]
Circle. 2023. USDC: Always-on dollars, internet speed. https://www.circle.com/ en/usdc, Last accessed on 2023--10--10.
[39]
CitaDao. 2023. Risk Disclosure Statement. https://docs.citadao.io/intro/risk, Last accessed on 2023--10--10.
[40]
CoinMarketCap. 2023. Top Stablecoin Tokens by Market Capitalization. https: //coinmarketcap.com/view/stablecoin/, Last accessed on 2023--10--10.
[41]
Dipanjan Das, Priyanka Bose, Nicola Ruaro, Christopher Kruegel, and Giovanni Vigna. 2022. Understanding security issues in the NFT ecosystem. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. 667--681.
[42]
DefiLlama. 2023. A DeFi TVL aggregator. https://defillama.com/protocols/RWA, Last accessed on 2023--10--10.
[43]
Ethereum developers. 2023. ERC-20 TOKEN STANDARD. https://ethereum. org/en/developers/docs/standards/tokens/erc-20/.
[44]
Barry Eichengreen, My T Nguyen, and Ganesh Viswanath-Natraj. 2023. Stablecoin Devaluation Risk. WBS Finance Group Research Paper (2023).
[45]
Elyfi. 2023. Real Assets, The Oracle Issue. https://docs-v1.elyfi.world/v/eng/realasset, Last accessed on 2023--10--10.
[46]
Shayan Eskandari, Mehdi Salehi,Wanyun Catherine Gu, and Jeremy Clark. 2021. Sok: Oracles from the ground truth to market manipulation. In Proceedings of the 3rd ACM Conference on Advances in Financial Technologies. 127--141.
[47]
Etherscan. 2023. Understanding Ethereum Accounts. https://info.etherscan. com/understanding-ethereum-accounts/.
[48]
Chen Feng, Nan Li, MH Wong, and Mingyue Zhang. 2019. Initial coin offerings, blockchain technology, and white paper disclosures. Mingyue, Initial Coin Offerings, Blockchain Technology, and White Paper Disclosures (March 25, 2019) (2019).
[49]
Ondo Finance. 2023. How It Works Ondo I LP. https://docs.ondo.finance/ qualified-access-products/ousg/how-it-works, Last accessed on 2023--10--10.
[50]
Ondo Finance. 2023. Institutional-Grade Finance, Now On-Chain. https: //ondo.finance/, Last accessed on 2023--10--10.
[51]
Ondo Finance. 2023. Smart Contract Audits. https://docs.ondo.finance/audits, Last accessed on 2023--10--10.
[52]
geeksforgeeks. 2023. Reentrancy Attack in Smart Contracts. https://www. geeksforgeeks.org/reentrancy-attack-in-smart-contracts/, Last accessed on 2023--10--10.
[53]
Goldfinch. 2023. Goldfinch: Real yields, from real companies. Really. https: //goldfinch.finance/, Last accessed on 2023--10--10.
[54]
ADAM HAYES. 2023. What Is a Special Purpose Vehicle (SPV) and Why Companies Form Them. https://www.investopedia.com/terms/s/spv.asp, Last accessed on 2023--10--10.
[55]
WILL KENTON. 2023. Anti Money Laundering (AML) Definition: Its History and How It Works. https://www.investopedia.com/terms/a/aml.asp, Last accessed on 2023--10--10.
[56]
WILL KENTON. 2023. What Is Two-Factor Authentication (2FA)? How ItWorks and Example. https://www.investopedia.com/terms/t/twofactor-authentication- 2fa.asp, Last accessed on 2023--10--10.
[57]
Sumit Kumar, R Suresh, D Liu, B Kronfellner, and A Kaul. 2022. Relevance of On-Chain Asset Tokenization in 'Crypto Winter'. ADDX, BCG (2022).
[58]
LBMA. 2023. LBMA Precious Metal Prices. https://www.lbma.org.uk/pricesand- data/precious-metal-prices, Last accessed on 2023--10--10.
[59]
Kevin Lee, Benjamin Kaiser, Jonathan Mayer, and Arvind Narayanan. 2020. An empirical study of wireless carrier authentication for {SIM} swaps. In Sixteenth symposium on usable privacy and security (soups 2020). 61--79.
[60]
Dun Li, Dezhi Han, Tien-Hsiung Weng, Zibin Zheng, Hongzhi Li, and Kuan- Ching Li. 2024. On Stablecoin: Ecosystem, architecture, mechanism and applicability as payment method. Computer Standards & Interfaces 87 (2024), 103747.
[61]
Iuon-Chang Lin and Tzu-Chun Liao. 2017. A survey of blockchain security issues and challenges. Int. J. Netw. Secur. 19, 5 (2017), 653--659.
[62]
MakerDAO. 2023. MakerDAO RWA Assets Reach $3.1 Billion as Stablecoins Shift to Traditional Assets. https://www.binance.com/en/feed/post/2023-09--27- makerdao-rwa-assets-reach-3--1-billion-as-stablecoins-shift-to-traditionalassets- 1218987, Last accessed on 2023--10--10.
[63]
Matrixdock. 2023. Matrixdock Short-term Treasury Bill Token. https://stbt. matrixdock.com/, Last accessed on 2023--10--10.
[64]
Alexander Mense and Markus Flatscher. 2018. Security vulnerabilities in ethereum smart contracts. In Proceedings of the 20th international conference on information integration and web-based applications & services. 375--380.
[65]
Yifan Mo, Jiachi Chen, YanlinWang, and Zibin Zheng. 2023. Toward Automated Detecting Unanticipated Price Feed in Smart Contract. In Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis. 1257--1268.
[66]
Vijay Mohan. 2022. Automated market makers and decentralized exchanges: a DeFi primer. Financial Innovation 8, 1 (2022), 20.
[67]
Zack Pokorny. 2023. Overview of On-Chain RWAs and the Forces Propelling their Growth. https://www.galaxy.com/insights/research/overview-of-onchain- rwas/, Last accessed on 2023--10--10.
[68]
VALERIO PUGGIONI. 2023. Crypto rug pulls: What is a rug pull in crypto and 6 ways to spot it. https://cointelegraph.com/explained/crypto-rug-pulls-whatis-a-rug-pull-in-crypto-and-6-ways-to-spot-it, Last accessed on 2023--10--10.
[69]
RealT. 2023. 4437 Lillibridge St, Detroit, MI 48214. https://realt.co/product/4437- lillibridge-st-detroit-mi-48214/, Last accessed on 2023--10--10.
[70]
RealT. 2023. Financial details of 4437 Lillibridge St, Detroit, MI 48214. https://realt.co/product/4437-lillibridge-st-detroit-mi-48214/, Last accessed on 2023--10--10.
[71]
RealT. 2023. How do I receive my rental income? https://faq.realt.co/en/articles/ 4885623-how-do-i-receive-my-rental-income, Last accessed on 2023--10--10.
[72]
RealT. 2023. Private Placement Memorandum Amendment No. 2 Real Token Primary V1 (Final). https://realt.co/wp-content/uploads/2019/09/REALTOKENLLC- SERIES-1--9943-MARLOWE-1.pdf, Last accessed on 2023--10--10.
[73]
RealT. 2023. RealT Token. https://realt.co/, Last accessed on 2023--10--10.
[74]
Binance Research. 2023. Real World Assets: The Bridge Between TradFi and DeFi. https://research.binance.com/static/pdf/real-world-asset-report.pdf, Last accessed on 2023--10--10.
[75]
RWA.xyz. 2023. The leading analytics company for tokenized real-world assets. https://app.rwa.xyz/, Last accessed on 2023--10--10.
[76]
Krisztian Sandor. 2023. MakerDAO Votes to Halt Lending to Tokenized Credit Pool After $2M Loan Default. https://www.coindesk.com/markets/2023/07/ 20/makerdao-votes-to-halt-lending-to-tokenized-credit-pool-after-2m-loandefault/, Last accessed on 2023--10--10.
[77]
Sarwar Sayeed, Hector Marco-Gisbert, and Tom Caira. 2020. Smart contract: Attacks and protections. IEEE Access 8 (2020), 24416--24427.
[78]
Sidhartha Shukla. 2023. TrueFi says Korea's Blockwater defaults on $3.4 million loan. https://www.bloomberg.com/news/articles/2022--10--10/defi-platformtruefi- says-korea-s-blockwater-technologies-defaults-on-loan, Last accessed on 2023--10--10.
[79]
SWC. 2023. Smart ContractWeakness Classification (SWC). https://swcregistry. io/, Last accessed on 2023--10--10.
[80]
SWC. 2023. Unexpected Ether balance. https://swcregistry.io/docs/SWC-132/, Last accessed on 2023--10--10.
[81]
TokenInsight. 2023. MakerDAO Face $1.84M Loan Default From a RWA Borrower. https://www.binance.com/hu/feed/post/1043662, Last accessed on 2023--10--10.
[82]
TreasuryDirect. 2023. Treasury Bonds. https://treasurydirect.gov/marketablesecurities/ treasury-bonds/, Last accessed on 2023--10--10.
[83]
TreasuryDirect. 2023. TreasuryDirect: Laws & Regulations. https:// treasurydirect.gov/laws-and-regulations/, Last accessed on 2023--10--10.
[84]
Harald Uhlig. 2022. A luna-tic stablecoin crash. Technical Report. National Bureau of Economic Research.
[85]
USDT. 2023. Tether token. https://tether.to/en/, Last accessed on 2023--10--10.
[86]
OpenEden TBILL Vault. 2023. Smart Contract Risk. https://docs.openeden.com/ risks/smart-contract-risk, Last accessed on 2023--10--10.
[87]
OpenEden TBILL Vault. 2023. TBILL Monthly NAV Report August 2023. https:// drive.google.com/file/d/1NR1G9UyThPDXnMEU8hhIGTNDGMO2bf49/view, Last accessed on 2023--10--10.
[88]
Qin Wang, Rujia Li, Qi Wang, and Shiping Chen. 2021. Non-fungible token (NFT): Overview, evaluation, opportunities and challenges. arXiv preprint arXiv:2105.07447 (2021).
[89]
ShuaiWang,Wenwen Ding, Juanjuan Li, Yong Yuan, Liwei Ouyang, and Fei-Yue Wang. 2019. Decentralized autonomous organizations: Concept, model, and applications. IEEE Transactions on Computational Social Systems 6, 5 (2019), 870--878.
[90]
Sam M Werner, Daniel Perez, Lewis Gudgeon, Ariah Klages-Mundt, Dominik Harz, and William J Knottenbelt. 2021. Sok: Decentralized finance (defi). arXiv preprint arXiv:2101.08778 (2021).
[91]
Wikipedia. 2023. Bitcoin. https://en.wikipedia.org/wiki/Bitcoin, Last accessed on 2023--10--1.
[92]
Wikipedia. 2023. Blockchain. https://en.wikipedia.org/wiki/Blockchain, Last accessed on 2023--10--1.
[93]
Wikipedia. 2023. Ethereum. https://en.wikipedia.org/wiki/Ethereum, Last accessed on 2023--10--1.
[94]
Wikipedia. 2023. Know your customer. https://en.wikipedia.org/wiki/Know_ your_customer, Last accessed on 2023--10--10.
[95]
Rui Zhang, Rui Xue, and Ling Liu. 2019. Security and privacy on blockchain. ACM Computing Surveys (CSUR) 52, 3 (2019), 1--34.
[96]
Peilin Zheng, Zibin Zheng, Jiajing Wu, and Hong-Ning Dai. 2020. Xblock-eth: Extracting and exploring blockchain data from ethereum. IEEE Open Journal of the Computer Society 1 (2020), 95--106.
[97]
Zibin Zheng, Shaoan Xie, Hong-Ning Dai, Weili Chen, Xiangping Chen, Jian Weng, and Muhammad Imran. 2020. An overviewon smart contracts: Challenges, advances and platforms. Future Generation Computer Systems 105 (2020), 475-- 491.
[98]
Liyi Zhou, Xihan Xiong, Jens Ernstberger, Stefanos Chaliasos, Zhipeng Wang, YeWang, Kaihua Qin, RogerWattenhofer, Dawn Song, and Arthur Gervais. 2023. Sok: Decentralized finance (defi) attacks. In 2023 IEEE Symposium on Security and Privacy (SP). IEEE, 2444--2461.
[99]
Zillow. 2023. Zillow: Real Estate, Apartments, Mortgages & Home Values. https://www.zillow.com/, Last accessed on 2023--10--10.
[100]
Zokyo. 2023. Protect your innovations and investments by partnering with a Web3 cybersecurity leader. https://www.zokyo.io/, Last accessed on 2023--10--10.
Index Terms
- Exploring the Security Issues of Real World Assets (RWA)
Recommendations
Tokenization of Real Estate Assets Using Blockchain
Blockchain technology is one of the key technologies that have revolutionized various facets of society, such as the banking, healthcare, and other critical ecosystems. One area that can harness the usage of blockchain is the real estate sector. The most ...
Tokenization of Real Estate Using Blockchain Technology
Applied Cryptography and Network Security WorkshopsAbstractReal estate is by far one of the most trusted investments that people have preferred, being a lucrative investment it provides a steady source of income in the form of lease and rents. Although there are numerous advantages, one of the key ...
Portfolio Choice with Illiquid Assets
We present a model of optimal allocation to liquid and illiquid assets, where illiquidity risk results from the restriction that an asset cannot be traded for intervals of uncertain duration. Illiquidity risk leads to increased and state-dependent risk ...
Comments
Information & Contributors
Information
Published In
Copyright © 2024 Owner/Author.
This work is licensed under a Creative Commons Attribution International 4.0 License.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 19 November 2024
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
CCS '24
Sponsor:
CCS '24: ACM SIGSAC Conference on Computer and Communications Security
October 14 - 18, 2024
UT, Salt Lake City, USA
Upcoming Conference
CCS '25
- Sponsor:
- sigsac
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 336Total Downloads
- Downloads (Last 12 months)336
- Downloads (Last 6 weeks)147
Reflects downloads up to 19 Feb 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in