Live on Robinhood Chain testnet · preview, unaudited

Collateral Passport

On-chain asset-admission protocol for tokenized RWA collateral.

Decide whether a specific asset, for a specific beneficiary, is admissible under your policy — before any lending protocol accepts it as collateral. Claims, per-integrator policy, and encumbrance compose one deterministic, on-chain decision.

Try the demo →Watch the demo video Read the docs

Robinhood Chain testnet (46630) · seven reproducible demos · source-available SDK · unaudited

Admission Decision

Allow

ChainRobinhood Chain testnet · 46630

AssetTSLA (demo token)

IntegratorLending Vault A

PolicyStandardAdmissionTemplateV1

Required claims

eligibility-v1valid

custody-approved-v1valid

market-tradeable-v1valid

Encumbranceclear

RationaleAllowAllClaimsValid

The problem

Tokenized collateral is arriving faster than it can be vetted.

Real-world assets are coming on-chain as collateral — equities, funds, credit. But a lending protocol cannot safely accept a token until it knows the asset is eligible, custody is sound, and the position is not already pledged elsewhere. Today every protocol re-implements ad-hoc allowlists. There is no shared, on-chain, per-integrator way to answer admission at the asset level.

The protocol

An admission layer between attestation and lending.

Attestors publish signed claims about an asset. Integrators bind a policy. The protocol composes the claims, the encumbrance ledger, and any external signal into one decision — Allow, ConditionalAllow, or Deny — with a machine-readable rationale.

Inputs

Claims

Attestor-signed (EIP-712) — PassportRegistry

Policy

Per-integrator template + config — AdmissionController

Encumbrance

Position-granular ledger — EncumbranceRegistry

checkAdmission(request)

composes claims · encumbrance · optional external signal

Decision

Allow

every required claim valid

ConditionalAllow

admit with tighter LTV / cap

Deny

with a machine-readable rationale

A drop-in PassportGuardedERC4626 adapter gates deposit / mint / withdraw on the decision — with no changes to the underlying vault.

Claims

Attestor-signed, EIP-712 statements about an asset — eligibility, custody, compliance, tradeability.

Per-integrator policy

Three versioned policy templates and a typed config decide Allow / ConditionalAllow / Deny. You own the policy.

Encumbrance

A position-granular ledger so the same collateral cannot be silently double-pledged across protocols.

Drop-in adapter

PassportGuardedERC4626 gates an existing ERC-4626 vault with no changes to its share accounting.

Who it is for

Built for the collateral supply chain.

Lending protocols

Gate which tokenized collateral your markets accept — per asset, per beneficiary, per policy.

ERC-4626 vault builders

Drop in the adapter to admission-gate deposits without touching share accounting.

Tokenized RWA & equity issuers

Give integrators a standard, on-chain way to admit your assets as collateral.

Attestors & custodians

Publish signed claims — eligibility, custody, compliance — that integrators compose into policy.

Where it runs

Robinhood Chain-first.

Robinhood Chain is the primary launch venue and the center of the Phase 1 proof — an Arbitrum-based L2 that anchors the tokenized-equity collateral thesis. The full protocol — registry, policy engine, encumbrance ledger, and adapter — is live on Robinhood Chain testnet; portability is independently validated on a second, Arbitrum-based testnet.

chain 46630core registries3 policy templatesencumbrance ledgerERC-4626 adapter

Collateral Passport is independent infrastructure deployed on Robinhood Chain testnet. It is not an official Robinhood product unless otherwise stated.

Proof, not promises

Five reproducible demos, live on-chain.

Each demo runs end-to-end against the live testnet deployment — not a recording. Read the source, run it yourself, and verify the decision on-chain.

External-signal admission

A market-halt signal flips an Allow into a ConditionalAllow with a tighter LTV haircut.

source ↗

Multi-attestor composition

Three required claims compose an Allow; one expires and admission flips to Deny.

source ↗

Cross-position encumbrance

A pledged position blocks a second protocol — Deny while encumbered, Allow after release.

source ↗

Revocation propagation

An attestor revokes a claim; the bound policy denies within a block.

source ↗

Per-integrator policy

Same asset, same claims — a lenient integrator admits, a stricter one denies.

source ↗

Deployed & verifiable

AdmissionController

Robinhood Chain 46630
0xd75FF31C85bd3a9688d21d897d4176A4d3D80cA3

Arbitrum Sepolia 421614
0xbFA5…df90 ↗

Open by default

Source-available SDKSolidity interfacesDocs GitHub

SDK and interfaces are source-available; npm publish (v1.0.0) is pending. Plus a one-page compliance positioning note and a ≤ 60-minute integration guide.

Boundaries

What it is not.

The protocol is a thin, neutral layer. Integrators define policy; attestors publish claims; the protocol records and composes them into a deterministic decision — nothing more.

Not KYC or identity

It records signed claims; it does not verify people or enforce sanctions.

Not risk scoring

It composes integrator-defined policy; it does not rate creditworthiness.

Not a price oracle

It admits or denies collateral; it does not originate prices.

Not a lending protocol

It sits before lending; integrators keep their own markets and liquidation.

Build on the admission layer.

Talk to us about pilot integrations or attestor partnerships — or run the demo and follow the ≤ 60-minute integration guide.

Talk to us →Try the demo Read the docs View on GitHub