Security & Audits

Security Audits (active vaults)

At TruFin, securing our smart contracts and safeguarding users’ assets comes before anything. The protocol has therefore undertaken three independent security audits by the most distinguished names in the field, OpenZeppelin, Nethermind and Zokyo.

• TruMATIC audits:

  • OpenZeppelin

  • Nethermind

  • Zokyo

Who has admin control of the TruMATIC contracts?

TruFin's contracts for TruMATIC are controlled by a multisig account (0x71598A2209b4a9C3E23260Ac373180f4B637136d) which is managed by a combination of contributors, investors, and external advisors. The confirmation count is 5 out of 7 signatures required.

N.B. All core team members designated as signers adhere to strict private key and wallet management best practices, utilising individual hardware wallets on a segregated basis.

The responsibilities of the above multi-sig include:

• Add or remove validators supported by the protocol

• Change the address of the whitelist contract - this contract manages the whitelist used to allow or deny users into the protocol

• Change the treasuryAddress address - this address receives the fees charged by the protocol

• Change the amount taken as fee from rewards by the protocol

• Change the amount taken as fee upon reward distribution by the protocol

• Change the amount used to offset rounding

• Modify the ownership of the contract

Digital assets are highly volatile. TruFin users agree to the T&Cs found in full here.