Minted Protocol / Security & Compliance

Security and compliance posture

Minted Protocol's core codebase is built, audited, and validated. Compliance infrastructure is institutional-grade and structured for GENIUS Act compliance from architecture, not retrofitted.

99.3%

Overall test coverage

27/27

Five North sandbox phases passed

Independent Softstack audits completed

116+

Successful lifecycles exercised

72/72

Stability soak samples passed (6h)

Critical findings outstanding

Independent audits

Independently audited by Softstack GmbH (German Web3 audit firm, 1,200+ zero-exploit audits since 2017, institutional clients including Siemens AG). Two completed audit engagements, both dated 2026-02-28. All findings successfully addressed.

Softstack audit — Canton Protocol (DAML)

0 critical findings
5 high-severity findings — all FIXED
14 medium-severity findings — all FIXED or ACKNOWLEDGED
26 low-severity findings — all FIXED

Softstack audit — DeFi Lending

0 critical findings
4 high-severity findings — all FIXED
9 medium-severity findings — all FIXED or ACKNOWLEDGED
12 low-severity findings — all FIXED

Note on audit scope: The two Softstack audits cover Minted's prior cross-chain DAML+Solidity architecture, which has been fully deprecated. Current production architecture is 100% Canton-native with no bridges. Bridge-related findings in those audits are not applicable to the current architecture. A third audit on the Canton-native production architecture is in progress.

Five North 5N sandbox validation

Production validator infrastructure operated by Five North SV, LLC (Canton Super Validator) under a signed Validator/NaaS Hosting Services Agreement covering DevNet, TestNet, and MainNet validator nodes on Canton Network. Agreement executed March 23, 2026 (DocuSign Envelope ID 2A8720F7-6FBA-40C9-8936-8323231E31BC).

Separately, the protocol passed all 27 phases of Five North's 5N sandbox validation:

Verdict: GO
27 phases completed
244 test cases
116+ successful lifecycles exercised
13 DvP (Delivery vs. Payment) settlement cycles proven end-to-end
DAML coverage: 100% (current Canton-native protocol)
Solidity coverage: 100% (deprecated architecture, historical reference only)
Operations coverage: 95.7%
Overall test coverage: 99.3%
6-hour stability soak: 72/72 samples passing
Zero OOM events; 6/6 containers healthy; zero orphaned contracts

On-chain security architecture

Layer	Control
Settlement atomicity	DAML atomic commit on Canton — no partial execution
Validator consensus	3-of-5 signing, sorted-address dedup
Replay protection	address(this) + block.chainid per attestation
Rate limiting	Net mint/burn capped, 24-hour rolling window
Collateralization	120% enforced on-chain before mint
Oracle stack	Chainlink + Tradecraft + API3 + TWAP
Key management	Dedicated HSM-backed custody with attested enclave signing and dual-control authorization
Emergency controls	Multi-sig admin, 48-hour timelock

Compliance stack

Function	Provider / status
Money services regulation	FinCEN MSB registered
AML / BSA	Full BSA/AML compliance program
OFAC screening	Chainalysis + TRM Labs
FINRA-member broker-dealer / ATS / transfer agent	Texture Capital (Canton-native) — non-binding LOI committed 2026-04-28; definitive agreement pending
Securities distribution structure	Reg D 506(b) / Reg S
Stablecoin regulatory framework	designed for GENIUS Act alignment by architecture (mUSD non-yield-bearing; smUSD structurally separate)
Legal counsel	Wallace Glausi (General Counsel, securities law specialist)
Regulatory advisor	Bob Feil (Chief Advisor; former VP, Federal Reserve Bank of Dallas, ~40-year Fed career)

Public artifacts

← Home Protocol → Team →