TrustToken is a DeFi protocol that provides uncollateralized loans to institutional investors using an on-chain credit score mechanism. Users can deposit stablecoins to TrueFi lending pools and earn yields.
Zellic conducted an audit for TrueFi from August 29th to August 30st, 2022.
Our general overview of the code is that it was very well-organized and structured. The code was easy to comprehend, and in most cases, intuitive.
We applaud TrueFi for their attention to detail and diligence in maintaining incredibly high code quality standards in the development of TrustToken.
Zellic thoroughly reviewed the TrustToken codebase to find protocol-breaking bugs as defined by the documentation and to find any technical issues outlined in the Methodology section (ref) of this document.
Specifically, taking into account TrustToken's threat model, we focused heavily on issues that would break core invariants such as bypassing the protection that was put in place for the mint, transfer and burn functions of the TrustToken.
During our assessment on the scoped TrustToken contracts, we discovered one findings. Fortunately, no critical issues were found. This finding was informational in nature.