AGP Picks
View all

Global Reporter Journal
Provided by AGP

Trusset Completes Independent Security Audit of Its Core Protocol with softstack - All 17 Findings Resolved

Softstack x Trusset

Softstack x Trusset

softstack, an European cybersecurity and software development firm, has completed an independent security audit of the Trusset Core Protocol.

BERLIN, BERLIN, GERMANY, June 22, 2026 /EINPresswire.com/ -- softstack, a leading European cybersecurity and software development firm, has completed an independent security audit of the Trusset Core Protocol, the on-chain infrastructure that powers Trusset's tokenization, trading, and credit platform for regulated real-world assets. The engagement covered six smart contract suites across four distinct Solidity codebases and identified 17 issues across the protocol, every single one of which has been resolved in close collaboration with the Trusset engineering team.

The audit combined manual expert review with automated security testing and addressed the areas most material to a regulated, MiCA- and eWpG-aligned tokenization stack: ERC-3643 transfer compliance, KYC/AML identity registry integration, UUPS upgradeability under a Trusset DAO / issuer governance model, oracle price integrity, overcollateralized lending and Dutch-auction liquidations, hybrid orderbook custody, and ERC-20 transfer robustness. All eight of Trusset's pre-audit security claims were independently verified.

Audit Scope

- Stock Token License: ERC-3643 security tokens with corporate actions, sub-issuer controls, and compliance-enforced force transfers
- Stock Lending: overcollateralized lending markets with interest rate model, price oracle, insurance fund, Dutch-auction liquidations, and shared liquidation router
- Commodity Token License: ERC-20 commodity tokens with reserve-enforced minting and a primary market sale module
- Commodity Orderbook License: hybrid custody with off-chain matching, on-chain settlement, and token-enforced compliance

Two further suites were covered by reference: Commodity Token Lending shares the audited Stock Lending codebase, and the Stock Orderbook License shares the audited Commodity Orderbook codebase, so every finding and mitigation applies equally to the paired suites.

Results

- 17 issues identified: 17 resolved (10 High, 5 Medium, 2 Low)
- No remaining open or acknowledged-without-fix findings
- All fixes verified on the final audited commits across the four production repositories

"Trusset is built for regulated finance, and that meant the audit had to be uncompromising. softstack treated every contract path as if a regulator would read it, and the depth of the review is exactly what gave us and our partners the confidence to move forward."
> Paul Ilami, CEO, Trusset

"Tokenized securities and commodities are some of the hardest systems to get right because compliance, custody, and credit all sit on the same rails. Trusset moved through every finding methodically and shipped fixes that hold up. Reaching a zero-open-issues state across ten high-severity items is the result of a serious engineering team."
> Yannik Heinze, CEO, softstack GmbH

About Trusset
Trusset is an open infrastructure protocol for financial institutions, turning static holdings such as stocks, commodities, real estate, and other real-world assets into programmable on-chain instruments. The platform provides modular APIs and self-contained smart contract suites covering the full lifecycle of a tokenized asset — from issuance and corporate actions through 24/7 trading and credit, with MiCA- and eWpG-aligned compliance enforced at the contract level. Clients retain full ownership of their contracts, data, and governance, and integrate Trusset either as a white-label platform or directly via REST APIs and the TypeScript SDK.

For more information, visit Trusset

About softstack
softstack is an leading European cybersecurity company headquartered in Flensburg, Germany, and founded in 2017. The firm provides smart contract audits, blockchain security reviews, Web3 penetration testing, digital asset risk assessments, and security consulting for protocols, enterprises, stablecoin issuers, custodians, and regulated digital asset institutions. softstack is ISO 27001 certified by TÜV SÜD and has completed 2,000+ audits across 20+ chains, securing more than $100B in TVL with zero known post-audit exploits.

For security assessment inquiries, visit softstack.io or contact hello@softstack.io

Florian Protschka
softstack.io
+49 461 40772079
email us here
Visit us on social media:
LinkedIn
X

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.

Share this page:

Advanced Search Options

Search for:

Search scope:

Type:

Search in:

Date range:

The last

Sort by:

Sign up for:

Global Reporter Journal

The daily local news briefing you can trust. Every day. Subscribe now.

By signing up, you agree to our Terms & Conditions.