Coinversa Completes Independent Security Audit with softstack

Coinversa secured its non-custodial trading stack through two softstack audits covering smart contracts and infrastructure.

Coinversa Completes Independent Security Audit with softstack

Client

Coinversa

Project

Web3 influencer marketing marketplace

Industry 

Web3

Service

Canton DAML smart contract audit + backend and frontend whitebox security review

About Coinversa

Coinversa is building infrastructure for non-custodial on-chain trading. The platform enables users to analyze markets, coordinate multiple wallets, and execute trades directly from their own custody, with portfolio visibility, market intelligence, and coordinated execution powered by real-time indexing of clearinghouse state and trader activity.

At the core of Coinversa’s architecture is a private identity layer anchored on the Canton Network, which reconciles trading activity while preserving non-custodial execution. The platform is designed for both discretionary traders and systematic strategies, with Hyperliquid as the first supported venue.

Two Audits, Full-Stack Coverage

Softstack conducted two independent security engagements for Coinversa, together covering the full technology stack from on-ledger smart contracts to the web application layer:

  1. Canton Smart Contract Audit: A security review of the DAML smart contracts deployed on Canton Network. These contracts implement user identity management, wallet linking, transaction commitment tracking, terms acceptance with cryptographic signatures, and user statistics aggregation, the core on-ledger primitives that underpin Coinversa’s identity and reconciliation layer.

2. Backend & Frontend Codebase Security Review: A whitebox source code security assessment of the full web platform: the Express/TypeScript backend API and the React/JSX frontend application. The backend handles authentication via Privy, trading execution through the Hyperliquid API, Canton ledger integration and WebSocket market data streaming. The frontend provides the trading interface, wallet management, Canton identity passkey handling, and notification system.

Methodology

Two independent softstack security experts conducted each engagement using a combination of manual code review and automated analysis. The assessments examined authentication logic, access control patterns, data validation, input sanitization, dependency security, cryptographic implementations, and business logic correctness across all severity levels.

Key Findings

The Canton smart contract audit identified 20 issues, 5 medium and 15 low severity, with no critical or high severity vulnerabilities. 16 findings were resolved and 4 were acknowledged by the Coinversa team.

The codebase security review identified 13 issues, 4 high, 8 medium, and 1 low severity. All 13 findings were resolved by the Coinversa engineering team through close collaboration during the remediation phase.

Across both engagements, a total of 33 security issues were identified and addressed, with follow-up reviews confirming that all fixes were implemented effectively.

Full audit reports: GitHub

Why This Matters

For a trading platform that coordinates multiple wallets and executes trades in real time, security is not optional, it is foundational. Users trust Coinversa with wallet coordination, identity management, and trading execution. Ensuring the integrity of these systems across both the on-ledger smart contract layer and the web application layer is essential to protecting user funds and sensitive data.

By commissioning two independent security assessments covering the full stack, Coinversa demonstrates the kind of security-first approach that institutional and retail users increasingly expect from Web3 platforms.

About Softstack

Founded in 2017 (formerly Chainsulting), Softstack is a German Web3 security and software development company specialized in smart contract audits, protocol engineering and digital asset risk assessments across ecosystems like Ethereum, Solana, Tezos and TON.

If you’re building complex staking systems, L2/L3 infrastructure or appchain tooling and want to subject your contracts to the same level of scrutiny, reach out at hello@softstack.io or visit softstack.io.

Services we provide

Web3 Development

Web3 Security

Web3 Consulting

Softstack Case Studies

Click through our success stories and see how we have helped other companies
achieve their Web3 goals.

Coinversa Completes Independent Security Audit with softstack

Coinversa Completes Independent Security Audit with softstack

Explore
Influence360 Completes Dual Security Audit

Influence360 Completes Dual Security Audit

Explore
Syndicate smart contract audit

Softstack Completes Smart Contract Audit of Syndicate’s Staking & Emissions

Explore
Softstack Audited DMD Diamonds

Softstack Audited DMD Diamonds Core Smart Contracts

Softstack Completes Core Smart Contract Audit for DMD Diamond’s DMDv4 EVM Base Layer.
Explore
Audits for Syndicate

Softstack Completes Multiple Audits for Syndicate: Token, Core Protocol, and Staking Emissions

Softstack completed comprehensive audits on their token mechanics, core protocol, and staking & emissions systems, ensuring robust security and reliability.
Explore
Smart Contract Audit

Smart Contract Audit for Strobe Finance Cross-Chain Money Market on XRPL EVM

Softstack has completed a full audit of Strobe Protocol, a DeFi platform bridging XRPL with EVM chains via Axelar. The review covered cross-chain messaging, lending logic, oracle systems, and edge-case defenses.
Explore