Non-EVM Standards

Stellar Assets Native Issuance Protocol

Learn how Stellar’s native asset issuance protocol enables secure asset creation, trustlines, and compliant token transfers.

Last updated: 12/29/2025
Improve this page

Stellar Assets, the Native Issuance Protocol on Stellar's federated consensus blockchain, defines a built-in system for creating and managing custom assets via simple transactions, enabling 1:1 backed representations of real-world value without smart contracts for core issuance. For Real World Asset (RWA) protocols, this standard is especially valuable, as assets can express fractional claims on tokenized treasuries, stablebonds, commodities, or other off-chain collateral while maintaining a compliant, interoperable interface for trustlines, payments, clawbacks, and authorizations enhanced by OpenZeppelin's RWA Token suite on Soroban.

Before Stellar Assets, RWA projects on other chains faced high costs and complexity for issuance; Stellar's protocol natively supports low-fee (<$0.00001), cross-border assets with built-in compliance flags like authorization-required and clawback, achieving 3-5s finality at scale. For RWA builders, the standard provides a lightweight abstraction layer supporting off-chain KYC/AML via trustline auth, oracle-fed reserves, and asynchronous revocations, while enabling seamless composability with DeFi protocols like Blend or StellarX. As of late 2025, it powers $1B+ in tokenized value, including Mercado Bitcoin's $200M issuance and BENJI fund shares.

A key design principle is issuer-centric control, where assets expose standardized transaction ops augmented by optional flags without exposing internal trustline logic. This is well suited to RWA assets where holdings may depend on off-chain verification or regulatory revokes, yet integrators like wallets or aggregators still need reliable, auditable flows.

Use of Stellar Assets in RWA Contexts

Stellar Assets is the foundational standard for RWA tokens on Stellar because it abstracts the complexity of tokenizing and managing real-world assets into a native, transaction-based framework. While traditional DeFi assets use Stellar for unrestricted payments, RWA assets adapt the model to illiquid, regulated collateral, tokenized private credit, commercial bonds, commodities, or stablebonds, where on-chain assets represent legally backed off-chain value held by custodians or SPVs, with built-in flags for securities laws like Reg S or MiCA.

Key Applications in RWA Development

Fractional Ownership and Liquidity Provision

Stellar Assets allows issuers to create fixed-supply assets proportional to deposits, unlocking fractional ownership and secondary-market liquidity under compliance rules.

  • Implement issuance via Payment txn with an auth-required flag to cap holders via trustlines.
  • Assets can trade freely on DEXs like StellarX, offering liquidity for assets that would otherwise be locked for years.
  • Example: A stablebond asset where clawback restricts unauthorized trustlines, with issuer controls for concentration limits.

Yield Accrual and NAV Management

Issuer and distribution accounts automate revenue handling (e.g., interest from treasury assets), with path payments querying oracles (e.g., Chainlink) for real-time NAV updates. This supports auto-distribution without manual interventions, ideal for tokenized funds or securities.

Using trusted sources (Chainlink, Pyth) ensures accurate reserves, critical for compliance and for investor payments. Regulators increasingly expect transparent backing reporting, and the protocol provides this without exposing internal flag state.

Redemption and Settlement Mechanics

RWA redemptions are inherently asynchronous, as physical settlement layers (banks, custodians, transfer agents) cannot finalize instantly.

Patterns include:

  • Burn via clawback to reserve for queued releases.
  • Revoke trustlines for invalid holdings.
  • Transaction memos for signed claims.
  • Proof-of-reserve checks before fulfillment.

Composability Across the RWA Stack

Stellar Assets plug directly into Stellar DeFi:

  • Blend accepts assets as collateral within auth restrictions.
  • StellarX pairs can provide deep secondary liquidity for permitted payments.
  • Aggregators (e.g., Ultrastellar) route into native assets.

For regulated RWAs:

  • Pair with auth-required for investor eligibility gating.
  • Combine with clawback for modular compliance via OpenZeppelin suite.
  • Integrate identity proofs via trustline memos.

This drastically reduces integration complexity, for example, a tokenized treasury asset can list across lending markets without custom adapters.

Developer Advantages in RWA Builds

  • Regulatory Alignment: Native flags hide off-chain custodian processes while preserving accurate auth for MiFID II/MiCA-aligned disclosures.
  • Extensibility: Clawback/auth allow injecting RWA-specific logic i.e., pricing oracles, geofencing, or IPFS-pinned compliance policies.
  • Risk Isolation: Assets remain fully protocol compliant, revokes do not impact wallet-held balances outside flags.
  • Upgrade Path: Existing assets can reconfigure via SetOptions, preserving TVL and simplifying audits.

To visualize the end-to-end flow in an RWA asset, the following sequence diagram captures the typical issuance - payment - clawback cycle. It illustrates how users interact with the Stellar ledger, how flags interact with issuers and oracles, and how off-chain compliance updates flow back on-ledger through transactions or memos. This representation is especially important for understanding asynchronous payments, delayed settlements, and flag-driven compliance in RWA systems.

Stellar.svg

This diagram highlights how Stellar Assets acts as the connective tissue between on-ledger asset operations and off-chain asset realities. Issuances embed flags proportional to supply, issuers capture real-world compliance as payments execute, and clawback functions help manage revocations during disputes. For illiquid RWA portfolios, the model can be extended with explicit auth rules between the ledger (L) and the custodian or SPV (C) to handle delayed settlement cycles.

Core Specification

A Stellar Asset must implement the native protocol interface for its custom structure, the controlled representation of a user’s proportional claim on the underlying value. Optional flags enable advanced features like clawback, a valuable enhancement for RWA use cases where institutions manage access without needing full smart contracts.

In Stellar Assets, the asset behaves like any ledger token (balance queries, total supply, payments), while flags refer to issuer-set controls for collateral management. The specification enforces a clean separation between base assets and trustline params, ensuring predictable operations and seamless integration across Stellar and RWA systems.

Key Definitions

  • Asset Code: The alphanumeric identifier (4/12 chars) paired with issuer for uniqueness, e.g., a tokenized treasury or bond.
  • Issuer: The issuing account address, extensible for flag states or memos.
  • Total Supply: The aggregate asset value managed by the issuer, equal to the sum of principal, clawed amounts, and adjustments for fees or losses.
  • Control Flags: (e.g., Auth Required, Clawback Enabled) Provide idealized, rule-agnostic behaviors for UI, analytics, and oracle integrations. They represent the regulatory relationship between base assets and enforced logic.
  • Transaction Ops: (e.g., Payment, Clawback) Provide near-exact estimates of expected outcomes, reflecting flags, rounding, or NAV changes, without executing state updates. These enable accurate transaction planning.
  • Rounding Rules: Stellar Assets mandates rounding in favor of the asset:
    • Round down when issuing units or deductions, preventing dilution.
    • Round up when applying revokes or requirements, protecting existing participants. These rules ensure fair distribution and discourage precision-based attacks.

The Native Issuance Protocol defines core operations with 10+ params, organized by their roles in issuance, trustlines, and payments. Every asset is issued via a single Payment txn, ensuring a single source of truth for behavior and movements. Below is the JavaScript-equivalent interface via stellar-sdk, accompanied by developer notes covering edge cases, rounding behavior, and considerations specific to RWA assets such as asynchronous flags and oracle-driven updates.

1const StellarSdk = require('stellar-sdk');
2const server = new StellarSdk.Server('https://horizon-testnet.stellar.org'); // Or mainnet
3
4// Core Asset Issuance
5function issueAsset(code, issuerSecret, reserveAddress) {
6  const issuerKeypair = StellarSdk.Keypair.fromSecret(issuerSecret);
7  const reserveKeypair = StellarSdk.Keypair.fromSecret(reserveSecret); // Optional
8
9  const account = await server.loadAccount(issuerKeypair.publicKey());
10  const asset = new StellarSdk.Asset(code, issuerKeypair.publicKey());
11
12  const transaction = new StellarSdk.TransactionBuilder(account, {
13    fee: StellarSdk.BASE_FEE,
14    networkPassphrase: StellarSdk.Networks.TESTNET
15  })
16    .addOperation(StellarSdk.Operation.payment({
17      destination: reserveAddress,
18      asset: asset,
19      amount: '1000000' // Initial supply
20    }))
21    .addOperation(StellarSdk.Operation.setOptions({
22      setFlags: StellarSdk.AuthRequiredFlag | StellarSdk.AuthRevocableFlag | StellarSdk.ClawbackEnabledFlag
23    })) // Enable RWA flags
24    .setTimeout(30)
25    .build();
26
27  transaction.sign(issuerKeypair);
28  return server.submitTransaction(transaction);
29}
30
31// Trustline Creation
32async function createTrustline(userSecret, issuerPubkey, code, limit = '922337203685.4775807') {
33  const userKeypair = StellarSdk.Keypair.fromSecret(userSecret);
34  const asset = new StellarSdk.Asset(code, issuerPubkey);
35
36  const account = await server.loadAccount(userKeypair.publicKey());
37  const transaction = new StellarSdk.TransactionBuilder(account, {
38    fee: StellarSdk.BASE_FEE,
39    networkPassphrase: StellarSdk.Networks.TESTNET
40  })
41    .addOperation(StellarSdk.Operation.changeTrust({
42      asset: asset,
43      limit: limit
44    }))
45    .setTimeout(30)
46    .build();
47
48  transaction.sign(userKeypair);
49  return server.submitTransaction(transaction);
50}
51
52// Payment (Transfer)
53async function transferAsset(senderSecret, receiverPubkey, amount, code, issuerPubkey) {
54  const senderKeypair = StellarSdk.Keypair.fromSecret(senderSecret);
55  const asset = new StellarSdk.Asset(code, issuerPubkey);
56
57  const account = await server.loadAccount(senderKeypair.publicKey());
58  const transaction = new StellarSdk.TransactionBuilder(account, {
59    fee: StellarSdk.BASE_FEE,
60    networkPassphrase: StellarSdk.Networks.TESTNET
61  })
62    .addOperation(StellarSdk.Operation.payment({
63      destination: receiverPubkey,
64      asset: asset,
65      amount: amount.toString()
66    }))
67    .setTimeout(30)
68    .build();
69
70  transaction.sign(senderKeypair);
71  return server.submitTransaction(transaction);
72}
73
74// Clawback
75async function clawbackAsset(issuerSecret, holderPubkey, reservePubkey, amount, code) {
76  const issuerKeypair = StellarSdk.Keypair.fromSecret(issuerSecret);
77  const asset = new StellarSdk.Asset(code, issuerKeypair.publicKey());
78
79  const account = await server.loadAccount(issuerKeypair.publicKey());
80  const transaction = new StellarSdk.TransactionBuilder(account, {
81    fee: StellarSdk.BASE_FEE,
82    networkPassphrase: StellarSdk.Networks.TESTNET
83  })
84    .addOperation(StellarSdk.Operation.pathPaymentStrictSend({ // Or clawback op if enabled
85      sendAsset: asset,
86      sendMax: '0', // Clawback specific
87      destAsset: asset,
88      destAmount: amount.toString(),
89      destination: reservePubkey,
90      source: holderPubkey // Revoke from holder
91    }))
92    .setTimeout(30)
93    .build();
94
95  transaction.sign(issuerKeypair);
96  return server.submitTransaction(transaction);
97}

Detailed Function Breakdown (with RWA Developer Notes)

Below is an operation-by-operation explanation of the Stellar Assets interface, including edge cases, rounding behavior, and RWA-specific implementation guidance for regulated assets, off-chain settlement, and flag-driven validation.

issueAsset()

Issues the base asset via Payment to reserve with SetOptions for flags. In RWA assets, this pins the initial configuration for tokenized treasuries, USDC wrappers, or bond notes.

  • This value is partially immutable; flags can reconfigure via issuer.

createTrustline()

Establishes holder opt-in with limit, requiring AllowTrust if auth-req.

  • RWA Integration: For compliance-based assets, prepend oracle check (Chainlink / Pyth).
  • Edge Case: Must handle limit=0 (close trustline) or frozen-like revokes.

transferAsset()

Executes payment between trustlines, emitting ledger memo.

  • Formula: Direct asset transfer post-auth.
  • Usage: UI quoting, risk dashboards.
  • RWA Note: Reflects pure regulatory flow, does not account for settlement delays or custody fees.

clawbackAsset()

Revokes from holder to reserve with clawback flag.

  • Ensures no precision-based arbitrage on revokes.
  • RWA Note: Useful for KYC violations or compliance halts in regulated markets.

AllowTrust (Issuer Txn)

Authorizes trustline creation with optional limit.

  • Return max for “no limit” on holdings.
  • RWA Note: Enforce investor caps, jurisdiction restrictions, or temporary pauses due to regulatory flags.

SetOptions (Issuer Txn)

Updates flags (e.g., enable clawback).

  • Discrepancies vs issuance reveal flag impact.
  • RWA Note: Useful for quote generation in dynamic assets or those with evolving fees.

Revoke Trustline (Issuer Txn)

Closes unauthorized trustlines, burning holdings.

  • Requires prior flag check.
  • Includes memos for AML evaluation.
  • RWA Note:
    • For illiquid assets (such as bonds and private credit): pair with clawback asynchronous resolutions.
    • Trigger oracle checks for sanctions/residency validation.

Reference Implementation

Stellar Development Foundation’s protocol offers a mature, security-audited foundation for building native assets via SDKs. The framework integrates with the ledger, providing a clean operation surface for RWA-specific logic. Its design encourages minimal txns while still supporting custom flag models, metadata memos, control layers, and oracle integration, enhanced by OpenZeppelin's Soroban RWA suite for ERC-3643 compliance.

Key capabilities include:

  • Inflation Attack Protection: The implementation prevents dilution by enforcing issuer-only issuance and flag checks. Early issuers cannot exploit low-supply corner cases to extract excess value.
  • Rounding Compliance: All payments use ledger arithmetic for precise, deterministic operations that adhere to protocol requirements of rounding in favor of the asset. This eliminates subtle precision-drift exploits.
  • Extensible Flags: Lifecycle ops such as clawback allow developers to embed RWA-specific functionality, NAV oracle checks, compliance gating, settlement status validation, or fee accounting, without modifying core logic.
  • Flexible Structure: Assets build on the ledger’s base, with optional Soroban wrappers for regulated administration. This makes it straightforward to integrate custodial controls, upgrade pathways, or flag-gated operations required in regulated RWA environments.
1const StellarSdk = require("stellar-sdk");
2const server = new StellarSdk.Server("https://horizon-stellar.org"); // Mainnet
3
4async function createRwaAsset() {
5  // Accounts
6  const issuerSecret = "SCRET..."; // Multi-sig recommended
7  const issuerKeypair = StellarSdk.Keypair.fromSecret(issuerSecret);
8  const reserveAddress = "G..."; // Reserve pubkey
9
10  // Load account
11  const account = await server.loadAccount(issuerKeypair.publicKey());
12
13  // Build txn
14  const transaction = new StellarSdk.TransactionBuilder(account, {
15    fee: StellarSdk.BASE_FEE,
16    networkPassphrase: StellarSdk.Networks.PUBLIC,
17  })
18    .addOperation(
19      StellarSdk.Operation.payment({
20        destination: reserveAddress,
21        asset: new StellarSdk.Asset("RWA-TREASURY", issuerKeypair.publicKey()),
22        amount: "1000000.000000", // 1M units, 6 decimals
23      })
24    )
25    .addOperation(
26      StellarSdk.Operation.setOptions({
27        setFlags: 1 | 2 | 4, // Auth-req | Revocable | Clawback
28      })
29    )
30    .addMemo(StellarSdk.Memo.text("RWA Issuance - Treasury Backed"))
31    .setTimeout(30)
32    .build();
33
34  transaction.sign(issuerKeypair);
35  const result = await server.submitTransaction(transaction);
36  return result; // Includes asset details
37}
38
39// Trustline Flow
40async function optInRwa(userSecret, issuerPubkey, code) {
41  const userKeypair = StellarSdk.Keypair.fromSecret(userSecret);
42  const asset = new StellarSdk.Asset(code, issuerPubkey);
43
44  const account = await server.loadAccount(userKeypair.publicKey());
45  const transaction = new StellarSdk.TransactionBuilder(account, {
46    fee: StellarSdk.BASE_FEE,
47    networkPassphrase: StellarSdk.Networks.PUBLIC,
48  })
49    .addOperation(StellarSdk.Operation.changeTrust({ asset }))
50    .setTimeout(30)
51    .build();
52
53  transaction.sign(userKeypair);
54  return server.submitTransaction(transaction);
55}
56
57// Payment Flow
58async function payRwa(
59  senderSecret,
60  receiverPubkey,
61  amount,
62  code,
63  issuerPubkey
64) {
65  // Assume trustlines exist
66  const senderKeypair = StellarSdk.Keypair.fromSecret(senderSecret);
67  const asset = new StellarSdk.Asset(code, issuerPubkey);
68
69  const account = await server.loadAccount(senderKeypair.publicKey());
70  const transaction = new StellarSdk.TransactionBuilder(account, {
71    fee: StellarSdk.BASE_FEE,
72    networkPassphrase: StellarSdk.Networks.PUBLIC,
73  })
74    .addOperation(
75      StellarSdk.Operation.payment({
76        destination: receiverPubkey,
77        asset,
78        amount,
79      })
80    )
81    .addMemo(StellarSdk.Memo.text("RWA Payment"))
82    .setTimeout(30)
83    .build();
84
85  transaction.sign(senderKeypair);
86  return server.submitTransaction(transaction);
87}
88
89// Clawback Flow
90async function clawbackRwa(
91  issuerSecret,
92  holderPubkey,
93  reservePubkey,
94  amount,
95  code
96) {
97  const issuerKeypair = StellarSdk.Keypair.fromSecret(issuerSecret);
98  const asset = new StellarSdk.Asset(code, issuerKeypair.publicKey());
99
100  const account = await server.loadAccount(issuerKeypair.publicKey());
101  const transaction = new StellarSdk.TransactionBuilder(account, {
102    fee: StellarSdk.BASE_FEE,
103    networkPassphrase: StellarSdk.Networks.PUBLIC,
104  })
105    .addOperation(
106      StellarSdk.Operation.pathPaymentStrictReceive({
107        // Clawback via path
108        sendAsset: asset,
109        sendMax: "0", // Issuer clawback
110        destAsset: asset,
111        destAmount: amount,
112        destination: reservePubkey,
113        sourceAccount: holderPubkey,
114      })
115    )
116    .addMemo(StellarSdk.Memo.text("RWA Clawback - Compliance"))
117    .setTimeout(30)
118    .build();
119
120  transaction.sign(issuerKeypair);
121  return server.submitTransaction(transaction);
122}
  • The issuance pins flags at txn time. For RWA assets, prefer multi-sig issuers and link metadata via URL for provenance.
  • Memos can be extended for custom fields in explorers.

Issuance Flow (Issuer-Facing)

Issuer-level txns call ledger with flags.

1// As above in createRwaAsset()
2// Post-issuance: Query asset via server.assets().forIssuer(issuerPubkey).call()
  • Use BASE_FEE for optimization.
  • Override with oracle pre-checks (KYC, reserve proof) and revert early if verification fails.
  • For illiquid or async-backed assets, combine issuance with provisional supply and oracle finalization to avoid over-issuance.

Payment Flow

Symmetric to issuance, payment requires trustlines then updates balances.

1// As in payRwa()
2// Pre-payment: Check auth via server.loadAccount(receiverPubkey).then(acc => acc.balances)
  • Trustline-first follows checks-effects-interactions and ensures atomicity.
  • For queued payments, implement Soroban wrapper to check status and push into a compliance queue.
  • Add payment limits via clawback post-hoc.

Clawback Flow

Default clawbacks are flag-gated; RWA overrides query reasons.

1// As in clawbackRwa()
2// Pre-clawback: Oracle query for justification
3// e.g., via Chainlink for compliance flag
  • Clawback uses holder as source for precision.
  • Consider a time-bound policy for revocations.

Adding Auth-Required (Example: KYC Gating)

Flag handling keeps execution consistent.

1// In SetOptions: setFlags: StellarSdk.AuthRequiredFlag
2// Issuer must call AllowTrust post-user ChangeTrust
3async function allowTrust(
4  issuerSecret,
5  trustorPubkey,
6  code,
7  authorized = true
8) {
9  const issuerKeypair = StellarSdk.Keypair.fromSecret(issuerSecret);
10  const asset = new StellarSdk.Asset(code, issuerKeypair.publicKey());
11
12  const account = await server.loadAccount(issuerKeypair.publicKey());
13  const transaction = new StellarSdk.TransactionBuilder(account, {
14    fee: StellarSdk.BASE_FEE,
15    networkPassphrase: StellarSdk.Networks.PUBLIC,
16  })
17    .addOperation(
18      StellarSdk.Operation.allowTrust({
19        trustor: trustorPubkey,
20        asset,
21        isAuthorized: authorized,
22        authorizeToMaintainLiabilitiesWeight: false,
23      })
24    )
25    .setTimeout(30)
26    .build();
27
28  transaction.sign(issuerKeypair);
29  return server.submitTransaction(transaction);
30}
  • Keep auth accounting transparent: Use memos for events and track via Horizon API.
  • For RWA products, auth may address regulatory events, document in asset URL.
Previous

Cmd

arrow
Algorand Standard Assets

Cmd

arrow
Next
Tezos FA2 (TZIP-012)

WE SECURE EVERYTHING YOU BUILD.

From day-zero risk mapping to exchange-ready audits — QuillAudits helps projects grow with confidence. Smart contracts, dApps, infrastructure, compliance — secured end-to-end.

QuillAudits Logo
[email protected]

Office 104/105 Level 1, Emaar Square, Building 4 Sheikh Mohammed Bin Rashid Boulevard Downtown Dubai, United Arab Emirates P.O box: 416654

Privacy Policy

All Rights Reserved. © 2026. QuillAudits - LLC

ALL SERVICES
LANGUAGES
CHAINS
RESOURCES
PROGRAMS
COMPANY
DeFi SecurityplumeUniswap FoundationAethiropt-collectivePolygon SPNBNB Chain Kickstart

Office 104/105 Level 1, Emaar Square, Building 4 Sheikh Mohammed Bin Rashid Boulevard Downtown Dubai, United Arab Emirates P.O box: 416654

[email protected]

All Rights Reserved. © 2026. QuillAudits - LLC

Privacy Policy