Trustless Work
smart-escrow-platform
Critical / High
Medium
Low / Informative
Report files
Audit lifecycle
Public reports represent completed engagements with finalized deliverables.
Completed
Scheduled
Scope, timeline, and review plan were agreed.
Completed
In Progress
Manual review and verification work were carried out.
Current stage
Completed
The engagement wrapped with a published final report.
Executive Summary
High-level assessment and conclusions
A concise overview of the audit scope, core findings, and the key outcomes from the engagement.
Trustless Work engaged Runtime Verification, Inc. to audit its smart contracts between August 5th and September 12th, 2025. The audit assessed security, correctness, and potential vulnerabilities, providing recommendations to enhance reliability.
Trustless Work enables trustless payments via smart contract escrows, securing funds until clients approve milestones. Stablecoins like USDC are commonly used, but any token can serve as the escrow’s trustline. Escrows act as vaults controlled by smart contract logic and user roles with defined responsibilities.
The audit involved comprehensive manual code review and formal verification, including invariant analysis and testing across state transitions. A limited three week review of the TypeScript backend identified recurring architectural and security issues, suggesting potential additional vulnerabilities.
Findings ranged from critical to informative, with recommendations to address all issues, perform further internal review, and conduct a follow-up audit of the backend and remediated components before securing significant value.
Reports
Download the audit artifacts
Access the published PDF deliverables associated with this engagement.
PDF report 1
Trustless Work.pdf
Download the published report for this engagement.