Non-EVM Standards

Kadena RWA Token Standard

Learn how the Kadena RWA token standard enables compliant real-world asset tokenization using Pact smart contracts.

Last updated: 12/29/2025
Improve this page

Kadena RWA Token Standard, the compliant token framework on Kadena's hybrid blockchain, defines a Pact-based implementation of EIP-3643 for permissioned security tokens representing claims on underlying real-world assets. For Real World Asset (RWA) protocols, this standard is especially valuable, as tokens can express fractional ownership in tokenized private credit, invoices, treasuries, or other off-chain collateral while maintaining a compliant, interoperable interface for minting, transfers, redemptions, and role-based access with built-in regulatory checks.

Before the Kadena RWA Token Standard, RWA projects on non-EVM chains built custom compliance layers, leading to fragmented auditability, inconsistent KYC logic, and scalability bottlenecks in institutional settlements. The standard resolved this by porting ERC-3643 to Pact, introducing modules for identity registry, compliance rules, and roles, leveraging Kadena's Chainweb for 480,000 TPS and gasless user operations. For RWA builders, the standard provides a secure abstraction layer supporting off-chain KYC/AML via registries, oracle-fed validations, and asynchronous redemptions, while fostering interoperability with EVM chains for cross-chain RWAs.

A key design principle is embedded compliance, where tokens expose standardized Pact interfaces augmented by role hooks without revealing internal registry logic. This is well suited to RWA tokens where transfers may depend on off-chain identity data or regulatory halts, yet integrators like wallets or aggregators still need reliable, auditable operations.

Use of Kadena RWA Token Standard in RWA Contexts

Kadena RWA Token Standard is the foundational standard for compliant RWA tokens on Kadena because it abstracts the complexity of tokenizing and managing real-world assets into a Pact-based, ERC-3643-compatible framework. While traditional DeFi tokens wrap liquid assets like KDA for simple transfers, RWA tokens adapt the model to illiquid, regulated assets, tokenized private credit, invoices, treasuries, or bond portfolios, where on-chain tokens represent legally backed off-chain value held by custodians or SPVs.

Key Applications in RWA Development

Fractional Ownership and Liquidity Provision

Many RWAs are high-value and indivisible (for example, a ten-million-dollar invoice or a portfolio of private credit). The Kadena RWA Token Standard allows developers to mint fungible tokens proportional to deposits, unlocking fractional ownership and secondary-market liquidity under compliance rules.

  • Implement mint via issuer role with identity checks to assign to verified addresses.
  • Tokens can trade freely within allowed roles on DEXs, offering liquidity for assets that would otherwise be locked for years.
  • Example: A private credit token where compliance module restricts ownership to accredited investors, with fractional shares for diversified portfolios.

Yield Accrual and NAV Management

Compliance and role modules automate revenue distribution (e.g., interest from credit tokens), with audit trails querying oracles (e.g., Pyth) for real-time NAV updates. This supports auto-compounding without manual interventions, ideal for tokenized bonds or funds.

Using trusted sources (Pyth, Switchboard) ensures accurate reporting, critical for compliance and for investor redemptions. Regulators increasingly expect transparent auditability, and the standard provides this without exposing internal registry state.

Redemption and Settlement Mechanics

RWA redemptions are inherently asynchronous, as physical settlement layers (banks, custodians, transfer agents) cannot finalize instantly.

Patterns include:

  • burn with redeemer role for queued claims.
  • Compliance hooks for invalid transfers.
  • Memo-required events for signed proofs.
  • Proof-of-reserve checks before fulfillment

Composability Across the RWA Stack

Kadena RWA tokens plug directly into Kadena DeFi:

  • Marmalade accepts tokens as collateral within role restrictions.
  • DEXs can provide deep secondary liquidity for permitted transfers.
  • Aggregators route into the standard natively.

For regulated RWAs:

  • Pair with identity registry for investor eligibility gating.
  • Combine with compliance module for modular rules.
  • Integrate identity proofs via roles.

This drastically reduces integration complexity, for example, a tokenized invoice token can list across lending markets without custom adapters.

Developer Advantages in RWA Builds

  • Regulatory Alignment: Built-in registry and compliance hide off-chain custodian processes while preserving accurate roles for MiFID II/MiCA-aligned disclosures.
  • Extensibility: Pact modules (e.g., roles, compliance) allow injecting RWA-specific logic i.e., pricing oracles, geofencing, or IPFS-pinned compliance policies.
  • Risk Isolation: Tokens remain fully Pact compliant, halts do not freeze wallet-held balances outside rules.
  • Upgrade Path: Kadena's safe upgradeable contracts migrate via modules, preserving TVL and simplifying audits.

To visualize the end-to-end flow in an RWA token, the following sequence diagram captures the typical mint - transfer - burn cycle. It illustrates how users interact with the Pact modules, how compliance interacts with registries and oracles, and how off-chain compliance updates flow back on-chain through validations or memos. This representation is especially important for understanding asynchronous transfers, delayed settlements, and rule-driven compliance in RWA systems.

kadena.svg

This diagram highlights how the Kadena RWA Token Standard acts as the connective tissue between on-chain token operations and off-chain asset realities. Mints enforce identity proportional to contributed value, compliance captures real-world rules as transfers execute, and role functions help manage redemptions during claims. For illiquid RWA portfolios, the model can be extended with explicit compliance modules between the token (T) and the custodian or SPV (Cust) to handle delayed settlement cycles.

Core Specification

A Kadena RWA token must implement the EIP-3643 interfaces in Pact for its permissioned structure, the compliant representation of a user’s fractional claim on the underlying asset. Optional modules enable advanced features like role-based access, a valuable enhancement for RWA use cases where institutions manage permissions without needing full custom contracts.

In the Kadena RWA Token Standard, the token behaves like any Pact module (balance queries, total supply via views, transfers), while modules refer to appended logic for asset management. The specification enforces a clean separation between base tokens and compliance params, ensuring predictable operations and seamless integration across Kadena and RWA systems.

Key Definitions

  • Token: The Pact module with compliance data, e.g., a tokenized private credit or invoice.
  • Ledger: The table storage for balances, extensible for confidential proofs or fees.
  • Total Supply: The aggregate token value managed by the module, equal to the sum of principal, redeemed amounts, and adjustments for fees or losses.
  • Modules: (e.g., Identity Registry, Compliance) Provide idealized, rule-agnostic behaviors for UI, analytics, and oracle integrations. They represent the regulatory relationship between base tokens and enforced logic.
  • Function Calls: (e.g., transfer, mint) Provide near-exact estimates of expected outcomes, reflecting rules, rounding, or NAV changes, without executing state updates. These enable accurate transaction planning.
  • Rounding Rules: The standard mandates rounding in favor of the token:
    • Round down when issuing tokens or deductions, preventing dilution.
    • Round up when applying restrictions or requirements, protecting existing participants. These rules ensure fair distribution and discourage precision-based attacks.

The Kadena RWA Token Standard defines core Pact modules with 20+ functions, organized by their roles in token logic, roles, compliance, and registry. Every module is deployed as upgradeable Pact code, ensuring a single source of truth for behavior and movements. Below is the Pact-equivalent interface, accompanied by developer notes covering edge cases, rounding behavior, and considerations specific to RWA tokens such as asynchronous rules and oracle-driven updates.

1(module rwa-token GOV
2  @doc "Kadena RWA Token Standard - ERC-3643 Implementation"
3
4  (use coin)
5  (use util.guards)
6
7  (defcap GOV () true) ; Governance cap
8
9  (defschema token-schema
10    balance:decimal
11    owner:keyset
12    roles:object{roles-schema}
13  )
14
15  (defschema roles-schema
16    admin:bool
17    issuer:bool
18    redeemer:bool
19  )
20
21  (deftable tokens:{token-schema})
22
23  (defschema identity-schema
24    kyc-verified:bool
25    jurisdiction:string
26  )
27
28  (deftable registry:{identity-schema})
29
30  (defcap MINT (account:string amount:decimal)
31    @doc "Mint tokens to account"
32    (enforce-guard (at 'guard (read registry account)))
33    true
34  )
35
36  (defun mint:bool (account:string amount:decimal)
37    (enforce (> amount 0.0) "Invalid amount")
38    (with-capability (MINT account amount)
39      (update tokens account { "balance" : (+ (at 'balance (read tokens account)) amount) })
40    )
41  )
42
43  (defcap TRANSFER (from:string to:string amount:decimal)
44    @doc "Transfer with compliance"
45    (enforce (is-transfer-valid from to amount) "Compliance failed")
46    true
47  )
48
49  (defun transfer:bool (from:string to:string amount:decimal)
50    (enforce (> amount 0.0) "Invalid amount")
51    (with-capability (TRANSFER from to amount)
52      (update tokens from { "balance" : (- (at 'balance (read tokens from)) amount) })
53      (update tokens to { "balance" : (+ (at 'balance (read tokens to)) amount) })
54    )
55  )
56
57  (defcap BURN (account:string amount:decimal)
58    @doc "Burn tokens"
59    (enforce-guard (at 'redeemer (at 'roles (read tokens account))))
60    true
61  )
62
63  (defun burn:bool (account:string amount:decimal)
64    (with-capability (BURN account amount)
65      (update tokens account { "balance" : (- (at 'balance (read tokens account)) amount) })
66    )
67  )
68
69  (defun is-transfer-valid:bool (from:string to:string amount:decimal)
70    (let ((from-kyc (at 'kyc-verified (read registry from)))
71          (to-kyc (at 'kyc-verified (read registry to))))
72      (and from-kyc to-kyc)
73    )
74  )
75
76  (defun assign-role (account:string role:string value:bool)
77    (enforce-guard (at 'admin (at 'roles (read tokens account))))
78    (update tokens account { "roles" : { role : value } })
79  )
80)

Detailed Function Breakdown (with RWA Developer Notes)

Below is a module-by-module explanation of the Kadena RWA Token Standard interface, including edge cases, rounding behavior, and RWA-specific implementation guidance for regulated assets, off-chain settlement, and rule-driven validation.

mint

Issuer-only supply increase for account, checked against registry.

  • RWA Integration: For compliance-based assets, tie to oracle-fed KYC (Pyth / Switchboard).
  • Edge Case: Must handle zero amounts or unregistered accounts (error: INVALID_ACCOUNT).

transfer

Moves amount from to to, with is-transfer-valid hook.

  • Formula: Decimal math with rounding down.
  • Usage: UI quoting, risk dashboards.
  • RWA Note: Reflects pure regulatory transfer, does not account for settlement delays or custody fees.

burn

Redeemer-only supply decrease for account.

  • Ensures no precision-based arbitrage.
  • RWA Note: Useful for redemptions in regulated markets.

is-transfer-valid

Compliance hook querying registry and roles.

  • Return false for “invalid.”
  • RWA Note: Enforce investor caps, jurisdiction restrictions, or temporary pauses due to regulatory flags.

assign-role

Admin-only role updates (admin, issuer, redeemer).

  • Discrepancies vs initial reveal role impact.
  • RWA Note: Useful for dynamic governance in vaults or those with evolving fees.

Registry Functions (e.g., register-identity)

Adds KYC data to registry for account.

  • Requires prior admin check.
  • Includes errors for duplicate (e.g., ALREADY_REGISTERED).
  • RWA Note:
    • For illiquid assets (such as private credit and invoices): pair with burn asynchronous resolutions.
    • Trigger oracle checks for sanctions/residency validation.

Reference Implementation

Kadena-io's RWA-token repo offers a mature, audited foundation for building compliant tokens via Pact. The implementation ports ERC-3643, providing a clean module surface for RWA-specific logic. Its design encourages minimal overrides while still supporting custom role models, registry tables, compliance hooks, and oracle integration.

Key capabilities include:

  • Inflation Attack Protection: The implementation prevents dilution by enforcing role mints and registry invariants. Early issuers cannot exploit low-supply corner cases to extract excess value.
  • Rounding Compliance: All operations use decimal arithmetic for precise, deterministic handling that adheres to the standard's requirements of rounding in favor of the token. This eliminates subtle precision-drift exploits.
  • Extensible Hooks: Lifecycle functions such as is-transfer-valid allow developers to embed RWA-specific functionality, NAV oracle checks, compliance gating, settlement status validation, or fee accounting, without modifying core logic.
  • Flexible Structure: The standard builds on Pact’s base, with optional guards or access controls for regulated administration. This makes it straightforward to integrate custodial controls, upgrade pathways, or role-gated operations required in regulated RWA environments.
1(module rwa-registry GOV
2  @doc "Identity Registry for RWA"
3
4  (defschema identity-schema
5    verified:bool
6    jurisdiction:string
7    kyc-level:integer
8  )
9
10  (deftable identities:{identity-schema})
11
12  (defcap REGISTER (account:string)
13    @doc "Register identity"
14    true
15  )
16
17  (defun register-identity (account:string jurisdiction:string kyc-level:integer)
18    (with-capability (REGISTER account)
19      (insert identities account { "verified" : true, "jurisdiction" : jurisdiction, "kyc-level" : kyc-level })
20    )
21  )
22
23  (defun is-verified:bool (account:string)
24    (at 'verified (read identities account))
25  )
26)
  • The mint pins roles at call. For RWA tokens, prefer gasless wrappers and link metadata to IPFS for provenance.
  • Registry can be extended for audit in UIs.

Mint Flow (Issuer-Facing)

Issuer-level calls enforce roles with compliance.

1(defun mint-rwa (account:string amount:decimal)
2  (enforce (is-verified account) "KYC required")
3  (with-capability (MINT account amount)
4    (update tokens account { "balance" : (+ (at 'balance (read tokens account)) amount) })
5  )
6)
  • Use guards for safe minting.
  • Override pre-mint to add compliance checks (KYC, caps) and revert early if registry fails.
  • For illiquid or async-backed assets, combine mint with provisional issuance and oracle finalization to avoid over-minting.

Transfer Flow

Symmetric to mint, transfer invokes compliance then updates ledger.

1(defun transfer-rwa (from:string to:string amount:decimal)
2  (enforce (is-transfer-valid from to amount) "Compliance failed")
3  (with-capability (TRANSFER from to amount)
4    (update tokens from { "balance" : (- (at 'balance (read tokens from)) amount) })
5    (update tokens to { "balance" : (+ (at 'balance (read tokens to)) amount) })
6  )
7)
  • Compliance-first follows checks-effects-interactions and reduces reentrancy risk.
  • For queued transfers, implement hook to check status and push into a compliance queue.
  • Add transfer rate limits or liquidity buffers to defend against sudden runs.

Burn Flow

Default burns are role-gated; RWA overrides query reasons.

1(defun burn-rwa (account:string amount:decimal)
2  (enforce-guard (at 'redeemer (at 'roles (read tokens account))))
3  (with-capability (BURN account amount)
4    (update tokens account { "balance" : (- (at 'balance (read tokens account)) amount) })
5  )
6)
  • Burn uses ledger for precision.
  • Consider a time-bound policy for redemptions.

Adding Compliance Hook (Example: Jurisdiction Check)

Hook handling keeps execution consistent.

1(defun is-transfer-valid:bool (from:string to:string amount:decimal)
2  (let ((from-jur (at 'jurisdiction (read registry from)))
3        (to-jur (at 'jurisdiction (read registry to))))
4    (and (is-verified from) (is-verified to) (= from-jur to-jur)) ; Same jurisdiction
5  )
6)
  • Keep compliance accounting transparent: Emit events via Pact logs and track via explorer.
  • For RWA products, hooks may fund legal overhead, document in on-chain constants.
Previous

Cmd

arrow
Tezos CMTAT

Cmd

arrow
Next
Hedera Token Service

WE SECURE EVERYTHING YOU BUILD.

From day-zero risk mapping to exchange-ready audits — QuillAudits helps projects grow with confidence. Smart contracts, dApps, infrastructure, compliance — secured end-to-end.

QuillAudits Logo
[email protected]

Office 104/105 Level 1, Emaar Square, Building 4 Sheikh Mohammed Bin Rashid Boulevard Downtown Dubai, United Arab Emirates P.O box: 416654

Privacy Policy

All Rights Reserved. © 2026. QuillAudits - LLC

ALL SERVICES
LANGUAGES
CHAINS
RESOURCES
PROGRAMS
COMPANY
DeFi SecurityplumeUniswap FoundationAethiropt-collectivePolygon SPNBNB Chain Kickstart

Office 104/105 Level 1, Emaar Square, Building 4 Sheikh Mohammed Bin Rashid Boulevard Downtown Dubai, United Arab Emirates P.O box: 416654

[email protected]

All Rights Reserved. © 2026. QuillAudits - LLC

Privacy Policy