Security

iTRY implements a range of security features designed to meet rigorous industry standards and regulatory requirements. The measures below highlight several key controls in place to safeguard backing assets, protect user funds, and reduce the impact of malicious activity.

Access controls

Only whitelisted wallet addresses can mint or redeem iTRY. This ensures that these critical functions cannot be called by unauthorized parties or malicious actors. Transferability of the backing assets are also restricted through its own whitelist, preventing assets from being sent to unintended destinations and preserving the collateral base that underpins iTRY.

Transfer controls

Backing assets can only be transferred from the iTRY Issuer Contract to iTRY’s designated custody addresses. This restriction eliminates the possibility of collateral being routed to arbitrary or malicious addresses. A small portion of backing assets are held in a smart contract that facilitates redemptions, allowing the system to balance usability and user experience while keeping the majority of funds in regulated custody environments.

Monitoring

iTRY integrates Know Your Transactions (KYT) monitoring powered by Chainalysis. KYT enables the protocol to identify suspicious activity and take corrective action when necessary.

Blacklist

To comply with regulatory requirements and protect the ecosystem, iTRY includes a blacklist function. This mechanism allows the protocol to block specific addresses from performing token actions, such as transfers, minting, and redemptions, if those addresses are associated with malicious activity, sanctioned entities, or legally restricted parties.

Blacklist actions are controlled by strict operational guidelines to ensure they are not executed arbitrarily. Examples of where blacklist may be invoked include confirmed hacks, sanctioned-entity interactions, or court-ordered restrictions. Legal, operational, and contractual controls govern when and how blacklist actions may be triggered.

Redistribution mechanism

iTRY includes a redistribution function to recover assets from compromised addresses or when regulatory obligations require the system to intervene. Redistribution actions are gated behind strict controls and cannot be used at will. They are limited to scenarios defined by compliance frameworks, operational procedures, or regulatory mandates.

Smart contract security

All iTRY, wiTRY, and related contracts have undergone multiple rounds of extensive auditing, including private audits and public reviews. These audits assess code quality, identify potential vulnerabilities, and ensure alignment with best practices in decentralized protocol design.

For more information, see Audits

Administrative controls

Critical administrative functions require multisignature approval. iTRY utilizes segregated multisignature wallets to hold ownership of its smart contracts, ensuring that no single individual can execute privileged actions. Each multisig requires a defined threshold of confirmations (N of M) from authorized members before a transaction is approved.

These multisigs are used solely to manage contract ownership and permissions. They do not hold user funds or backing assets. Multiple multisigs are maintained to compartmentalize responsibilities and segregate risk across different operational domains.