Comment on page

Security & Audits

Security Audits (active vaults)

At TruFin, securing our smart contracts and safeguarding users’ assets comes before anything. The protocol has therefore undertaken three independent security audits by the most distinguished names in the field, Open Zeppelin, Nethermind and Zokyo.

Who has Admin control of the TruMATIC contracts?

TruFin's contracts for TruMATIC are controlled by a multisig account (0x71598A2209b4a9C3E23260Ac373180f4B637136d) which is managed by a combination of contributors, investors, and external advisors. The confirmation count is 5 out of 7 signatures required.
N.B. All core team members designated as signers adhere to strict private key and wallet management best practices, utilising individual hardware wallets on a segregated basis.
The responsibilities of the above multi-sig are as follows:
  • Change the address of the validator share contract - this contract acts as the interface with the designated Validator
  • Change the address of the whitelist contract - this contract manages the whitelist used to allow or deny users into the protocol
  • Change the treasuryAddress address - this address receives the fees charged by the protocol
  • Change the maximum amount that can be deposited in the vault
  • Change the amount taken as fee from rewards by the protocol
  • Change the amount taken as fee upon reward distribution by the protocol
  • Change the amount used to offset rounding
  • Enable or disable strict allocations
  • Modify the ownership of the contract

Security Audits (deprecated vaults)

TruStake v1: Zokyo
Digital assets are highly volatile. TruFin users agree to the T&Cs found in full here.