Skip links

Type and hit enter

Subscribe
Oraclizer Research

Why RWA Isn’t Real DeFi Collateral Yet: The Non-Atomicity of the Collateral Layer

Two adjacent corporate conference rooms making simultaneous decisions about the same asset in isolation represents the structural disconnect in RWA DeFi collateral compliance.

TL;DR

  • Tokenized RWA-backed stablecoin supply has grown to roughly $8.5B, yet only about 12% (~$1B) is actively deployed inside DeFi protocols. The remaining 88% stays within permissioned walls.
  • Aave Horizon’s permissioned collateral plus permissionless liquidity dual architecture is the most serious attempt to make RWA work as DeFi collateral. But this architecture does not solve regulatory state synchronization. It separates the problem through a division of labor.
  • The three conditions (shared vocabulary, deterministic priority, atomic propagation) derived earlier from cross-border tokenized securities trading transfer directly into the DeFi collateral layer. One condition is added; none is removed.
  • For DeFi to accept RWA as native composable collateral rather than as isolated permissioned pools, four conditions must hold simultaneously. This is not a problem of individual protocol design. It is a problem of the infrastructure layer.

Where the Dual Structure Arrived

When Aave Horizon launched in August 2025, the problem it set out to solve was clear. Tokenized RWA requires issuer-level permissioning. Only KYC-cleared accredited investors may hold the asset, transfers must move between allowlisted wallets, and each transfer itself must satisfy the transfer agent’s rules. DeFi, on the other hand, was designed around permissionless composability. Anyone provides liquidity to a pool, anyone takes collateral and borrows, anyone becomes a liquidator. Every mechanism rests on this assumption.

The two assumptions are not simply incompatible. They contradict each other’s operating principles. A tokenized US Treasury is issued under the premise that there exist people in the market who cannot hold it. A Uniswap pool prices an asset under the premise that no such people may exist.

Aave Horizon’s dual architecture does not resolve this contradiction. It separates and isolates it. The collateral side is permissioned. Only qualified institutional investors may supply tokenized RWA DeFi collateral, and on supply a non-transferable aToken is minted to keep the collateral position from moving on the secondary market. The liquidity side is permissionless. Anyone supplies USDC, GHO, or RLUSD, and anyone receives stablecoin-yield-bearing aTokens. Two gates live inside one protocol, and each gate is accountable only to its own side of the rules.

The architecture itself is the best available compromise today. Jorge Serna of Securitize called it “what HyFi was always meant to be”, and the description is not overstated. It is the first time RWA functions as DeFi collateral directly, without wrappers or synthetics.

The question is where the boundary lies between what this compromise resolved and what it left untouched.

The 12% Fact

The number that most honestly reveals the limits of the compromise is the ratio of circulating supply to DeFi utilization. As of Q1 2026, total RWA-backed stablecoin supply has grown to roughly $8.5B. Of this, about $1B is actually deployed as collateral or connected to yield mechanisms within DeFi protocols. As a ratio, this is approximately 12%. Where is the remaining 88%? It sits inside permissioned walls. In issuer custody, with institutional custodians, or within whitelisted secondary markets that remain closed.

RWA Adoption vs DeFi Utilization Gap The chart visualizes the gap between total RWA-backed stablecoin supply and the portion actively utilized in DeFi protocols. TOKENIZED RWA ADOPTION VS DEFI UTILIZATION Total RWA-backed stablecoin supply $8.5B 12% 88% Active in DeFi protocols Locked behind permissioned walls DeFi-deployed RWA collateral ~$1B Issuer custody, institutional custodians, whitelisted secondary ~$7.5B The 12% utilization rate as of Q1 2026 reveals the structural boundary of the permissioned-permissionless dual architecture.
RWA ADOPTION VS DEFI UTILIZATION
Total RWA-backed supply $8.5B
12%
88%
Active in DeFi Locked behind walls
DeFi-deployed collateral
~$1B
Locked behind walls
~$7.5B
The 12% utilization rate as of Q1 2026 reveals the structural boundary of the permissioned-permissionless dual architecture.

Figure 1: Tokenized RWA Adoption vs DeFi Utilization

How this 12% is read determines the starting point of this analysis.

The optimistic reading is that the dual architecture is recent, and the ratio will rise with time. Aave Horizon’s deposits reached $440M within a year of launch, and the 2026 roadmap targets $1B+. Viewed as an early signal of a structure beginning to work, 12% is merely a starting point.

The pessimistic reading has a different grain. The 12% ratio itself quantitatively reveals the boundary between what the dual architecture solved and what it did not. Within a division of labor that outsources permissioning to the issuer and lets DeFi accept only the result, when the outsourced region is thick enough, the flow between the two gates is bounded by construction. The 88% remains behind the wall not because the wall has yet to be lowered, but because the wall is intrinsic to the division of labor.

Rather than deferring the question to time, it is worth unfolding the structural assumption that underlies this 12%.

The gap between supply and DeFi utilization is not a temporary onboarding lag, but a structural boundary.

The Substance of Outsourcing

The division of labor that defines how RWA DeFi collateral actually operates inside Aave Horizon can be drawn precisely along the line of responsibility.

The issuer’s responsibility: The issuers of tokenized RWA (Superstate, Centrifuge, Circle, OpenEden, and others) handle KYC, AML, accredited investor verification, transfer restrictions, and allowlist management. When a regulatory action (FREEZE, SEIZE, RESTRICT) is invoked, the issuer alters state inside its own token contract.

The protocol’s responsibility: Aave Horizon does not break the transfer restrictions the issuer has set. It mints non-transferable aTokens so collateral positions cannot leak outside the allowlist. LTV, liquidation thresholds, and supply or borrow caps are configured per issuer by LlamaRisk. Chainlink NAVLink provides price.

The promise of the division is simple. Each region operates within its own responsibility, and crossings between regions are mediated by interfaces (transfer restriction, NAV feed).

A problem that the division does not solve. When the regulatory state on the issuer’s side changes, how does the protocol side detect that change, and what action does it take?

Chainlink NAVLink fetches price. It does not fetch state. If at some moment the issuer freezes a particular holder’s tokens, the protocol learns the fact only at the moment of an attempted transfer when that transfer is denied. What about a liquidation in progress? The liquidation logic can verify only whether the collateral asset is transferable or not. It cannot tell why the transfer is denied. Whether it was SEIZED, whether a RESTRICT condition was violated, or whether the recipient is simply not allowlisted. None of these is distinguishable.

Let’s draw out what this asymmetry means one step further. If the protocol attempts a liquidation while remaining unaware of regulatory state, the liquidation itself can constitute a violation of the regulatory state intended on the issuer’s side. If the asset the liquidator is forcing onto the market is in a SEIZED state, that sale may be read as an evasion of a court order. The division of labor is silent on this possibility.

This is the structural silence of the dual architecture. There exists a region the protocol cannot observe regardless of what the issuer does within its own scope, and when a state change in that region collides with an action on the protocol’s side, the division of labor has no answer.

The Transfer of Non-Atomicity

When earlier research analyzed the non-atomicity of cross-border tokenized securities trading, three conditions were derived. Shared regulatory vocabulary: a FREEZE must mean the same thing whether issued by the SEC or by the SFC. Deterministic priority mechanism: when two commands collide, the resolution must be defined in advance. Atomic cross-domain propagation: once a command is invoked, it must apply simultaneously across every domain where the asset exists, with no partial-state observation.

Those three conditions were necessary to dissolve the non-atomicity problem of the cross-border environment. What is interesting is that the conditions are not limited to cross-border. The same conditions are demanded when the DeFi collateral layer operates on its own.

How does shared vocabulary appear in DeFi? For liquidation logic to look at a transfer denial and tell what caused it, the semantics of issuer-side state changes must be exposed in a form the protocol can read. A standard like ERC-1404 returns only a boolean about whether a transfer is permitted. Whether that boolean originated from FREEZE or from RESTRICT is not distinguished. The vocabulary is collapsed.

How does deterministic priority appear in DeFi? When an issuer-invoked FREEZE and a protocol liquidation trigger on the same asset attempt to act at the same time, which prevails? The current division of labor offers only the operational outcome that if the issuer’s action is already applied, the liquidation fails. What happens to a liquidation transaction in flight when the issuer invokes FREEZE just after the protocol initiated liquidation? There is no pre-defined priority. Execution order decides.

How does atomic propagation appear in DeFi? BlackRock BUIDL is currently deployed across nine chains. When a FREEZE is invoked on one chain, what happens to BUIDL on the other eight? The issuer must synchronize state separately on each chain. In the time window between synchronizations, the same asset can be FREEZE on one chain and transferable on another. The non-atomic regulatory action problem analyzed in the cross-border environment reappears as-is inside multi-chain DeFi.

The reason the three conditions transfer from cross-border into the DeFi collateral layer while changing form is simple. A tokenized asset is itself a cross-domain object. As long as a single asset exists simultaneously across multiple chains, multiple protocols, multiple jurisdictions, and multiple issuer-protocol divisions of labor, the state synchronization problem does not disappear when the environment changes.

The Fourth Condition

One thing distinguishes the DeFi collateral layer from cross-border. The protocol itself can become the subject of regulatory action.

This difference produces a fourth condition. The CLARITY Act §505 debate most directly exposed this difference. Certain provisions in the draft left room to classify the act of a DeFi protocol handling tokenized securities as broker-dealer activity, which ultimately implies that the moment a protocol accepts tokenized securities, the protocol itself becomes a regulatory subject.

What this possibility means is that the outsourcing assumption of the division of labor can collapse. If compliance outsourced to the issuer can be returned to the protocol’s own responsibility, the boundary between the two gates of the dual architecture is not a legally drawn line but a line that moves with current policy interpretation.

Beyond the three conditions derived in earlier research, the DeFi collateral layer requires a fourth condition. Anticipatory preparation for the possibility that the protocol itself becomes the subject of regulatory action. This condition did not appear in the cross-border analysis. The cross-border analysis approached non-atomicity from the asset’s perspective. The DeFi collateral layer brings the subject that accepts the asset into view.

Four Conditions for RWA as Native DeFi Collateral Isometric pyramid where each upper tier physically rests on the tier below, with the newly added fourth condition at the apex. FOUR CONDITIONS FOR RWA AS NATIVE DEFI COLLATERAL Each upper tier rests on the tier below. Remove any layer and the structure collapses. LAYER 1 — FOUNDATION Shared Regulatory Vocabulary LAYER 2 Deterministic Priority LAYER 3 Atomic Propagation LAYER 4 — APEX Protocol as Regulatory Subject NEW The protocol itself becomes addressable by regulators State changes apply across all domains simultaneously Pre-defined resolution when two commands collide FREEZE, RESTRICT, SEIZE carry identical semantics Three foundation tiers transferred from prior cross-border analysis. A fourth condition emerges only inside DeFi.
FOUR CONDITIONS FOR RWA AS NATIVE DEFI COLLATERAL
Each upper tier rests on the tier below. Remove any layer and the structure collapses.
Layer 4 — Apex NEW
Protocol as Regulatory Subject
The protocol itself becomes addressable by regulators
Layer 3 Transferred
Atomic Propagation
State changes apply across all domains simultaneously
Layer 2 Transferred
Deterministic Priority
Pre-defined resolution when two commands collide
Layer 1 — Foundation Transferred
Shared Regulatory Vocabulary
FREEZE, RESTRICT, SEIZE carry identical semantics across all readers
Three foundation tiers transferred from prior cross-border analysis. A fourth condition emerges only inside DeFi.

Figure 2: Four Conditions for RWA as Native DeFi Collateral

The four conditions are not independent. They form a layered structure. Without shared vocabulary, priority cannot be defined. Without priority, atomic propagation is not deterministic. Without atomic propagation, the protocol loses the ground on which to define the scope of its own responsibility. If any one layer is empty, the layers above do not operate.

Price Failure and State Failure

In April 2026, Kelp DAO’s rsETH suffered an oracle price manipulation attack. Aave absorbed $196M in bad debt. Compound recorded zero losses in the same event. MakerDAO/Sky did not accept rsETH as collateral, so there was no exposure to begin with. The same asset, three different outcomes. The difference came from the conservativeness of collateral policy.

The classification of this incident is what’s interesting. It was an oracle price failure. Kelp’s pricing mechanism was manipulable, and the manipulated price was used to evade liquidation thresholds. The incident showed what happens when a single dimension of data (price) loses reliability.

Consider the future tense of the same incident. As tokenized RWA takes its place as DeFi collateral, the equivalent scenario of price failure will be regulatory state failure. The price is accurate. The NAV is accurate. But between the moment the asset was supplied and the moment the liquidation trigger fired, the issuer invoked RESTRICT. The liquidator does not know about RESTRICT. The liquidation mechanism is triggered solely by price. The buyer who would take the asset at liquidation does not meet the RESTRICT condition. The liquidation fails. While the liquidation fails, the price continues to fall. Bad debt accumulates.

In this scenario the cause of bad debt is not price. It is the absence of state information. More precisely, it is the asynchrony between the moment state changed and the moment the protocol perceives that state.

If Aave Horizon’s $196M versus Compound’s $0 came from collateral policy conservativeness, the equivalent future incident will divide its outcomes by the protocol’s capacity to perceive regulatory state.

When CLARITY Arrives

The CLARITY Act, passed by the US House in July 2025 and currently under review by the Senate Banking Committee, makes one decisive declaration about tokenization. Tokenization is a delivery method, not a new asset class.

The implications of this single line run deep. Tokenized securities are subject to all the requirements of existing securities law. Not only KYC. The full specification that securities infrastructure demands must be met at the tokenization layer: integrity of regulatory data, atomicity of regulatory enforcement, traceability of asset state, enforceability of authority hierarchies, and the encoding of expiration, asset class, and transfer restrictions.

The four conditions discussed in this research are analysis limited to the DeFi collateral layer. The full infrastructure specification that the policy clarity CLARITY promises actually forces is much broader. The complete derivation of that specification is left for separate research.

What is worth noting in the context of this research is one point. The region the dual architecture outsourced through division of labor may be pulled back into an un-outsourceable region the moment policy clarity arrives. At that moment, how the 12% ratio moves, and how that motion divides outcomes by what the protocol layer treats as a first-class citizen, will be determined.

The Next Stage of RWA DeFi Collateral Division

The DeFi protocol spectrum of RWA DeFi collateral acceptance can be organized along one axis. What does it treat regulatory state as?

Compound takes a conservative policy and does not list exotic collateral at all. By not engaging RWA deeply, it avoids the regulatory state problem. Compound recorded $0 in losses while Aave absorbed $196M in the Kelp event. The pattern reflects the outcome of this avoidance strategy.

MakerDAO/Sky chose to have the protocol itself hold RWA directly. Inside an SPV (Special Purpose Vehicle) structure, the responsibility of issuer and the responsibility of holder are borne simultaneously by one entity. The regulatory state problem is internalized. Sky operates $2B+ in RWA and generates 60%+ of protocol revenue from RWA, but this structure is far from DeFi composability. The RWA inside the SPV does not flow out to other DeFi protocols.

Aave Horizon chose outsourcing through the dual architecture. The issuer manages regulatory state, and the protocol accepts only the result. The 12% ratio is the current limit of this outsourcing.

Morpho chose delegation through a curated vault structure. Each vault’s curator is responsible for that vault’s collateral policy and risk management. Institutions like Apollo Global Management and Société Générale participate as curators to accept RWA. Placing the responsibility for regulatory state with institutional curators is another form of outsourcing.

DeFi Protocol RWA Strategy Map Four DeFi protocols plotted in a strategy space where the central infrastructure-layer solution zone remains empty. DEFI PROTOCOL RWA STRATEGY MAP Where each protocol places the responsibility for regulatory state HIGH LOW RWA EXPOSURE — THE EMPTY ZONE — where regulatory state synchronization would be solved at the infrastructure layer no protocol occupies this position AVOIDED INTERNALIZED OUTSOURCED DELEGATED REGULATORY STATE RESPONSIBILITY LOCATION Compound conservative listing $0 loss · minimal RWA MakerDAO / Sky SPV holds RWA directly $2B+ AUM · no composability Aave Horizon dual structure $440M · 12% of RWA pool Morpho curated vaults $10B+ TVL · Apollo, SocGen
DEFI PROTOCOL RWA STRATEGY MAP
Where each protocol places the responsibility for regulatory state
Compound
Avoided
Mechanism
Conservative listing, exotic collateral excluded
Outcome
$0 loss in Kelp event · minimal RWA exposure
MakerDAO / Sky
Internalized
Mechanism
SPV holds RWA directly; protocol owns both ends
Outcome
$2B+ AUM, 60%+ revenue · no composability
Aave Horizon
Outsourced
Mechanism
Dual structure: permissioned collateral, open liquidity
Outcome
$440M deposits · 12% of RWA-stablecoin pool
Morpho
Delegated
Mechanism
Curated vaults; risk delegated to institutional curator
Outcome
$10B+ TVL · Apollo, Société Générale as curators
— The Empty Zone —
Where regulatory state synchronization would be solved at the infrastructure layer. No protocol occupies this position.
Four protocols, four bypass strategies, one empty zone.

Figure 3: DeFi Protocol RWA Approach Comparison

All four strategies do not solve the regulatory state synchronization problem itself. Avoidance is a strategy of reducing the region where the problem can arise. Internalization is a strategy of bringing both ends of the problem under one entity. Outsourcing and delegation are strategies of sending the problem to another party. None of them provides a mechanism by which regulatory state synchronizes when it operates as a cross-domain object.

A whiteboard comparing four DeFi protocol strategies for RWA DeFi collateral with "none solves sync" written underneath summarizes the structural limit of current approaches.

After hours of mapping each protocol’s choice (avoid, internalize, outsource, delegate), the line drawn across all four columns reads the same conclusion.

What this observation means is one thing. For RWA DeFi collateral to become native composable collateral rather than an isolated permissioned pool, the regulatory state synchronization problem must be solved not as an individual protocol’s policy choice but as a mechanism of the infrastructure layer. As long as that mechanism operates uniformly regardless of which asset enters which chain in which protocol, the dual architecture, internalization, and delegation can be separated as policy choices stacked on top of it.

Conclusion: The Problem Is Solved When It Moves to the Infrastructure Layer

The structural reason tokenized RWA does not become RWA DeFi collateral in any composable sense is not that RWA is too complex. Nor is it that DeFi has not matured enough. It is that no division of labor that places the full complexity of RWA on a single entity is possible. Avoidance narrows the market, internalization loses composability, and outsourcing and delegation leave behind the asynchrony between state changes in the outsourced region and the protocol’s perception of those changes.

This asynchrony is one of the invisible vectors producing the current 12% utilization ratio. Not all of the 88% lockup comes from asynchrony. Legal requirements, operational limits, and market immaturity all contribute. But as long as the asynchrony is not resolved, a portion of the 88% remains permanently locked.

Moving the problem to the infrastructure layer means that the protocol treats regulatory state as a first-class citizen. A mechanism for fetching regulatory state exists alongside the oracle that fetches NAV, at the same level of standing. Liquidation logic verifies the current regulatory state in the same way it verifies price. A state change invoked on one chain propagates to every domain where the asset exists, simultaneously, and in a manner where the moment the protocol perceives the change is not separated from the moment the change occurred.

References

  1. Aave Labs. (2025). Aave Horizon Launches. aave.com/blog/horizon-launch
  2. Aave Labs. (2025). How Aave Horizon is Built to Support Institutions. aave.com/blog/horizon-built-for-institutions
  3. Ainvest. (2026). Aave’s RWA Flow: A $1B Test for Institutional Liquidity Exit. ainvest.com
  4. Serna, J. (2025). HyFi Meets Horizon: RWAs Go Native in DeFi. Securitize. medium.com/securitize
  5. Phemex. (2026). Aave vs Compound vs MakerDAO Safety After Kelp Exploit. phemex.com/blogs/aave-vs-compound-vs-makerdao-defi-lender
  6. CoinGecko. (2026). RWA Report 2026. coingecko.com/research/publications/rwa-report-2026
  7. Arnold & Porter. (2025). Clarifying the CLARITY Act: What To Know About the House Crypto Market Structure Bill and Its Path to Law. arnoldporter.com
  8. Kim, J. & Hong, J. (2026). A Regulatory Compliance Protocol for Asset Interoperability Between Traditional and Decentralized Finance in Tokenized Capital Markets. arXiv:2603.29278. doi.org/10.48550/arXiv.2603.29278

Read Next

Insurance and Recovery Economics: Preparing for Black Swan Events
Insurance and Recovery Economics: Preparing for Black Swan Events
Earlier designs cut node risk by 73%, but the unpredictable 27% needs different rules. This study fixes how a staking insurance pool is sized (15% of stake, not protected value), bootstrapped, and banded; why a reserve held in its own token collapses with it; and how session protection follows the sync-degree hierarchy when security breaks mid-session.
Oraclizer Core ⋅ May 29, 2026
Tokenized Securities Under the CLARITY Act: The Weight of Codification
Tokenized Securities Under the CLARITY Act: The Weight of Codification
The CLARITY Act tokenized securities clause settles a single proposition in statute: tokenization is a delivery method, not a new asset class. That one sentence codifies the regulatory status of tokenized securities in U.S. law for the first time and derives an entire infrastructure specification for boundaries the token crosses.
Oraclizer Core ⋅ May 23, 2026
Sync Degree Hierarchy: Classifying What Assets Demand from State Synchronization
Sync Degree Hierarchy: Classifying What Assets Demand from State Synchronization
Sync degree hierarchy turns sync requirement strength into a four-level classification axis for RWA assets. S₀ static through S₃ atomic state binding form a reduction relation where causal consistency separates S₁ from S₂. Existing oracles, structurally two independent channels, are capped at S₁ by definition. Regulatory action forces S₃.
Oraclizer Core ⋅ May 20, 2026
Node Compensation Framework: Multi-layered Reward Design
Node Compensation Framework: Multi-layered Reward Design
After designing how the node incentive pool survives 7.6 years, an unresolved question remained: how are those rewards distributed to individual nodes? Three pressures conflict, and no single-mode distribution satisfies all three. A three-layer framework with activity, throughput, and session continuity, paired with phase-evolving weights, resolves the trilemma.
Oraclizer Core ⋅ May 13, 2026