> For the complete documentation index, see [llms.txt](https://docs.brix.money/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.brix.money/itry/security.md). # Security iTRY implements a range of security features designed to meet rigorous industry standards and regulatory requirements. The measures below highlight several key controls in place to safeguard backing assets, protect user funds, and reduce the impact of malicious activity. ## Access controls Only whitelisted wallet addresses can mint or redeem iTRY. This ensures that these critical functions cannot be called by unauthorized parties or malicious actors. Transferability of the backing assets are also restricted through its own whitelist, preventing assets from being sent to unintended destinations and preserving the collateral base that underpins iTRY. ## Transfer controls Backing assets can only be transferred from the iTRY Issuer Contract to iTRY’s designated custody addresses. This restriction eliminates the possibility of collateral being routed to arbitrary or malicious addresses. A small portion of backing assets are held in a smart contract that facilitates redemptions, allowing the system to balance usability and user experience while keeping the majority of funds in regulated custody environments. ## Monitoring iTRY integrates Know Your Transactions (KYT) monitoring powered by Chainalysis. KYT enables the protocol to identify suspicious activity and take corrective action when necessary. ## Blacklist To comply with regulatory requirements and protect the ecosystem, iTRY includes a blacklist function. This mechanism allows the protocol to block specific addresses from performing token actions, such as transfers, minting, and redemptions, if those addresses are associated with malicious activity, sanctioned entities, or legally restricted parties. Blacklist actions are controlled by strict operational guidelines to ensure they are not executed arbitrarily. Examples of where blacklist may be invoked include confirmed hacks, sanctioned-entity interactions, or court-ordered restrictions. Legal, operational, and contractual controls govern when and how blacklist actions may be triggered. ## Redistribution mechanism iTRY includes a redistribution function to recover assets from compromised addresses or when regulatory obligations require the system to intervene. Redistribution actions are gated behind strict controls and cannot be used at will. They are limited to scenarios defined by compliance frameworks, operational procedures, or regulatory mandates. ## Smart contract security All iTRY, wiTRY, and related contracts have undergone multiple rounds of extensive auditing, including private audits and public reviews. These audits assess code quality, identify potential vulnerabilities, and ensure alignment with best practices in decentralized protocol design. For more information, see [Audits](/resources/audits.md) ## Administrative controls Critical administrative functions require multisignature approval. iTRY utilizes segregated multisignature wallets to hold ownership of its smart contracts, ensuring that no single individual can execute privileged actions. Each multisig requires a defined threshold of confirmations (N of M) from authorized members before a transaction is approved. These multisigs are used solely to manage contract ownership and permissions. They do not hold user funds or backing assets. Multiple multisigs are maintained to compartmentalize responsibilities and segregate risk across different operational domains. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.brix.money/itry/security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.