JW-RWA-Platform

Real World Asset tokenization, trading, and KYC compliance.

The Problem

Real-world assets -- real estate, commodities, private equity, infrastructure -- represent an estimated $300 trillion in global value, yet the vast majority remain illiquid and inaccessible to most investors. Traditional asset markets are fragmented across jurisdictions, burdened by intermediaries, and gated behind high minimum investments that exclude all but institutional participants.

Tokenization offers a path forward: representing fractional ownership of real-world assets as on-chain tokens enables 24/7 trading, programmable compliance, and dramatically lower barriers to entry. But the gap between the DeFi promise and institutional requirements is significant. Institutions demand regulatory compliance, KYC/AML verification, audit trails, and custodial guarantees that most Web3 platforms do not provide.

The challenge is building a platform that bridges both worlds -- the programmability and liquidity of blockchain with the regulatory rigor and user experience that institutional participants require.

Our Solution

JW-RWA-Platform is a full-stack tokenization and trading platform designed for institutional-grade real-world asset management on-chain. The platform handles the complete asset lifecycle: from tokenization and compliance verification through trading and settlement.

Asset owners can tokenize holdings by deploying compliant smart contracts that represent fractional ownership. Each token is backed by legally binding off-chain documentation, and the platform enforces transfer restrictions based on investor accreditation and jurisdictional rules directly at the smart contract level.

The integrated trading engine supports order book matching for tokenized assets, with settlement finality on-chain. KYC/AML verification is built into the platform, not bolted on -- unverified wallets cannot hold or trade regulated tokens. The result is a platform that regulators can audit and institutions can trust.

Architecture

The platform is structured around three core layers: the smart contract layer (on-chain), the compliance layer (hybrid), and the application layer (off-chain).

The smart contract layer consists of ERC-20 tokens for fungible asset fractions and ERC-721 tokens for unique asset representations (individual property deeds, specific art pieces). All token contracts extend a compliance module that checks transfer eligibility against an on-chain whitelist before allowing any transfer. The whitelist is managed by the compliance layer.

The compliance layer bridges on-chain and off-chain worlds. When a user completes KYC verification, the platform updates the on-chain whitelist via a privileged admin transaction. This ensures that transfer restrictions are enforced at the protocol level, not just the UI level -- even if a user interacts with the contract directly, compliance rules are enforced.

The application layer provides the user-facing trading interface, portfolio management dashboard, asset tokenization wizard, and admin panel. It communicates with the blockchain via Ethers.js and with the PostgreSQL backend for off-chain data (user profiles, KYC status, order history, asset documentation).

Key Design Decisions

On-chain compliance enforcement: Transfer restrictions live in the smart contract, not just the application. This is a regulatory requirement for security token offerings.
ERC-20 for fungible fractions, ERC-721 for unique assets: Different asset types require different token standards. The platform supports both with a unified trading interface.
Separation of KYC data from blockchain: Personally identifiable information never touches the blockchain. Only verification status (whitelisted/not) is recorded on-chain, with full KYC data encrypted and stored off-chain.
Order book model over AMM: Institutional traders expect order book mechanics with limit orders, not automated market maker pools. The order book model also provides better price discovery for less liquid RWA tokens.

Tech Stack

Layer	Technology	Rationale
Frontend	Next.js, TypeScript	SSR for SEO on asset listings, type safety for financial data
Backend	Node.js, Express	API orchestration, order management, KYC workflow coordination
Smart Contracts	Solidity, Hardhat	ERC-20/721 token contracts with built-in compliance modules
Blockchain Integration	Ethers.js	Contract interaction, transaction signing, event listening
Database	PostgreSQL	User data, order history, asset metadata, KYC records
KYC/AML	Third-party provider integration	Identity verification, sanctions screening, accreditation checks
Infrastructure	Docker, AWS	Containerized deployment with managed services

Code Patterns

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.19;

import "@openzeppelin/contracts/token/ERC20/ERC20.sol";
import "@openzeppelin/contracts/access/Ownable.sol";

/// @title Compliant RWA Token with transfer restrictions
/// @notice ERC-20 token representing fractional ownership of a real-world asset
contract RWAToken is ERC20, Ownable {
    mapping(address => bool) private _whitelist;
    string public assetDocumentHash; // IPFS hash of legal documentation

    event InvestorWhitelisted(address indexed investor);
    event InvestorRemoved(address indexed investor);

    error TransferNotCompliant(address from, address to);

    constructor(
        string memory name,
        string memory symbol,
        string memory _docHash,
        uint256 initialSupply
    ) ERC20(name, symbol) Ownable(msg.sender) {
        assetDocumentHash = _docHash;
        _whitelist[msg.sender] = true;
        _mint(msg.sender, initialSupply);
    }

    function whitelistInvestor(address investor) external onlyOwner {
        _whitelist[investor] = true;
        emit InvestorWhitelisted(investor);
    }

    function removeInvestor(address investor) external onlyOwner {
        _whitelist[investor] = false;
        emit InvestorRemoved(investor);
    }

    function _update(
        address from,
        address to,
        uint256 amount
    ) internal override {
        // Allow minting and burning without whitelist check
        if (from != address(0) && to != address(0)) {
            if (!_whitelist[from] || !_whitelist[to]) {
                revert TransferNotCompliant(from, to);
            }
        }
        super._update(from, to, amount);
    }

    function isWhitelisted(address account) external view returns (bool) {
        return _whitelist[account];
    }
}

// Tokenization flow — creating a new RWA token
interface TokenizationRequest {
  assetName: string;
  symbol: string;
  totalSupply: number;
  documentHash: string;
  ownerAddress: string;
  fractionDecimals: number;
}

async function tokenizeAsset(
  request: TokenizationRequest
): Promise<{ contractAddress: string; txHash: string }> {
  // Verify asset owner has completed KYC
  const kycStatus = await db.kycRecords.findUnique({
    where: { walletAddress: request.ownerAddress },
  });

  if (kycStatus?.status !== "verified") {
    throw new KYCRequiredError(request.ownerAddress);
  }

  // Deploy compliant ERC-20 token contract
  const factory = new ethers.ContractFactory(
    RWAToken.abi,
    RWAToken.bytecode,
    deployerWallet
  );

  const contract = await factory.deploy(
    request.assetName,
    request.symbol,
    request.documentHash,
    ethers.parseUnits(String(request.totalSupply), request.fractionDecimals)
  );

  await contract.waitForDeployment();
  const contractAddress = await contract.getAddress();

  // Whitelist the asset owner on-chain
  const tx = await contract.whitelistInvestor(request.ownerAddress);
  await tx.wait();

  // Record asset in off-chain database
  await db.assets.create({
    data: {
      name: request.assetName,
      symbol: request.symbol,
      contractAddress,
      ownerAddress: request.ownerAddress,
      totalSupply: request.totalSupply,
      documentHash: request.documentHash,
      status: "active",
    },
  });

  return { contractAddress, txHash: contract.deploymentTransaction()!.hash };
}

KYC Integration

The KYC/AML verification pipeline is a critical compliance component. The platform integrates with third-party identity verification providers to perform multi-step checks:

Identity verification: Document upload (passport, national ID) with liveness detection to prevent spoofing.
Sanctions screening: Real-time checks against OFAC, EU, and UN sanctions lists.
Accreditation verification: For regulated token offerings, verification of accredited investor status per jurisdictional requirements.
Ongoing monitoring: Continuous screening against updated sanctions lists, with automatic wallet suspension if a match is detected.

Upon successful verification, the platform updates the on-chain whitelist for all active token contracts, enabling the investor to trade. KYC data is encrypted at rest with AES-256 and stored exclusively off-chain in PostgreSQL. The blockchain records only the boolean whitelist status -- never personal data.

The system supports configurable compliance tiers: different asset classes can require different verification levels, from basic identity checks for lower-risk tokens to full accreditation verification for security token offerings.

Outcomes

End-to-end tokenization pipeline: From asset onboarding through compliant token deployment in under 10 minutes, including smart contract deployment and whitelist initialization.
On-chain compliance enforcement: Transfer restrictions enforced at the smart contract level, satisfying regulatory requirements for security token issuance across multiple jurisdictions.
Institutional-grade trading: Order book model with limit orders, partial fills, and settlement finality on-chain -- meeting the expectations of institutional participants accustomed to traditional exchanges.
KYC/AML integration: Automated identity verification with sanctions screening, supporting tiered compliance requirements per asset class and jurisdiction.
Auditable architecture: Complete transaction history on-chain, with off-chain audit logs for KYC decisions and administrative actions, providing regulators with full transparency.