Coinversa Completes Independent Security Audit with softstack
Coinversa secured its non-custodial trading stack through two softstack audits covering smart contracts and infrastructure.
Client
Coinversa
Project
Web3 influencer marketing marketplace
Industry
Web3
Service
Canton DAML smart contract audit + backend and frontend whitebox security review
About Coinversa
Coinversa is building infrastructure for non-custodial on-chain trading. The platform enables users to analyze markets, coordinate multiple wallets, and execute trades directly from their own custody, with portfolio visibility, market intelligence, and coordinated execution powered by real-time indexing of clearinghouse state and trader activity.
At the core of Coinversa’s architecture is a private identity layer anchored on the Canton Network, which reconciles trading activity while preserving non-custodial execution. The platform is designed for both discretionary traders and systematic strategies, with Hyperliquid as the first supported venue.
Two Audits, Full-Stack Coverage
Softstack conducted two independent security engagements for Coinversa, together covering the full technology stack from on-ledger smart contracts to the web application layer:
- Canton Smart Contract Audit: A security review of the DAML smart contracts deployed on Canton Network. These contracts implement user identity management, wallet linking, transaction commitment tracking, terms acceptance with cryptographic signatures, and user statistics aggregation, the core on-ledger primitives that underpin Coinversa’s identity and reconciliation layer.
2. Backend & Frontend Codebase Security Review: A whitebox source code security assessment of the full web platform: the Express/TypeScript backend API and the React/JSX frontend application. The backend handles authentication via Privy, trading execution through the Hyperliquid API, Canton ledger integration and WebSocket market data streaming. The frontend provides the trading interface, wallet management, Canton identity passkey handling, and notification system.
Methodology
Two independent softstack security experts conducted each engagement using a combination of manual code review and automated analysis. The assessments examined authentication logic, access control patterns, data validation, input sanitization, dependency security, cryptographic implementations, and business logic correctness across all severity levels.
Key Findings
The Canton smart contract audit identified 20 issues, 5 medium and 15 low severity, with no critical or high severity vulnerabilities. 16 findings were resolved and 4 were acknowledged by the Coinversa team.
The codebase security review identified 13 issues, 4 high, 8 medium, and 1 low severity. All 13 findings were resolved by the Coinversa engineering team through close collaboration during the remediation phase.
Across both engagements, a total of 33 security issues were identified and addressed, with follow-up reviews confirming that all fixes were implemented effectively.
Full audit reports: GitHub
Why This Matters
For a trading platform that coordinates multiple wallets and executes trades in real time, security is not optional, it is foundational. Users trust Coinversa with wallet coordination, identity management, and trading execution. Ensuring the integrity of these systems across both the on-ledger smart contract layer and the web application layer is essential to protecting user funds and sensitive data.
By commissioning two independent security assessments covering the full stack, Coinversa demonstrates the kind of security-first approach that institutional and retail users increasingly expect from Web3 platforms.
About Softstack
Founded in 2017 (formerly Chainsulting), Softstack is a German Web3 security and software development company specialized in smart contract audits, protocol engineering and digital asset risk assessments across ecosystems like Ethereum, Solana, Tezos and TON.
If you’re building complex staking systems, L2/L3 infrastructure or appchain tooling and want to subject your contracts to the same level of scrutiny, reach out at hello@softstack.io or visit softstack.io.
Services we provide
