Trustless Work engaged Runtime Verification, Inc. to audit its smart contracts between August 5th and September 12th, 2025. The audit assessed security, correctness, and potential vulnerabilities, providing recommendations to enhance reliability.

Trustless Work enables trustless payments via smart contract escrows, securing funds until clients approve milestones. Stablecoins like USDC are commonly used, but any token can serve as the escrow’s trustline. Escrows act as vaults controlled by smart contract logic and user roles with defined responsibilities.

The audit involved comprehensive manual code review and formal verification, including invariant analysis and testing across state transitions. A limited three week review of the TypeScript backend identified recurring architectural and security issues, suggesting potential additional vulnerabilities.

Findings ranged from critical to informative, with recommendations to address all issues, perform further internal review, and conduct a follow-up audit of the backend and remediated components before securing significant value.