[TUSD] - Adding as collateral to MCD


This is Ryan from TrustToken. We are excited to be making a submission to include TUSD in MCD. We’ve been speaking with people on the Maker team about this for a while now and we are glad to finally have a chance for our projects to work together. In addition to TUSD, we’ve launched additional fiat-backed stablecoins including TGBP, TCAD, TAUD, THKD, with more coming.

Once we begin getting circulation on those tokens, we’d love to see them included in MCD, as well. It would make for an easy way to on-board multiple fiats into the MCD ecosystem with TrustToken handling the KYC/AML, bank relationships, etc. If you have any questions or feel that our answers lack necessary detail, please feel free to comment below and I will do my best to address all of them in a timely manner.

Please see our TUSD application below! :grinning:

Technical Specifications

  1. What is the token contract address?
  1. Where can the source code be viewed? Please provide links to the source code for all contracts providing the functionality to the token, including, but not limited to, transfers, freezes, whitelists, blacklists, transaction approvals/rejections, authorizations, upgradability, etc.
  1. Which token standard does your token comply with?
  1. Does the token have any special mechanics for handling forks? This may include forks in the token app or in the underlying blockchain.
  • We can disable the contract on unsupported forks
  1. My token fits with the following Dai Credit System adapter:
  • Our token fits with GemJoin
  1. Has the token passed formal verification?
  • No
  1. Technical audit

Financial Specifications

Overview Questions

  1. Please provide a short summary of your project.
  • TUSD is a USD-backed stablecoin that is fully-collateralized (1:1 backed) with USD held by banks and trust companies.
  1. Please list the founding members.
  1. What type of crypto asset is it (utility, work, governance, etc)?
  • TrueUSD is a USD-backed stablecoin.
  1. If a native crypto asset, which category (utility, work, governance, etc)?
  • TrueUSD is a USD-backed stablecoin.
  1. What is the token’s usage in the project? How is the token utilized?
  • TrueUSD is a USD-backed stablecoin.

Issuance - Bearer Assets

  1. What was the date of the ICO?
  • TrueCoin, LLC, the issuer of TUSD, is a wholly-owned subsidiary of TrustLabs, Inc. Neither of these companies has completed an ICO
  1. What was the initial price and valuation?
  • N/A
  1. How much capital was raised (in USD and crypto terms)?
  • N/A
  1. What was the token distribution breakdown?
  • N/A
  1. Are any tokens on a vesting schedule? If so, what is that schedule? Describe any related vestiture limitations.
  • N/A
  1. What are the circulating and total supply of the token?
  • N/A
  1. What is the wallet address of the treasury?
  • N/A
  1. How much of the ICO raise was converted into fiat (described in both terms of that fiat currency and the number of tokens?
  • N/A
  1. Were there any pre-ICO seed investors? Who and what were their respective allocations?
  • N/A


  1. Please link to the whitepaper and/or pitch deck related to the token.
  • TrueUSD does not have a formal white paper or pitch deck
  1. Please link to the most updated roadmap for your project.
  • TrueUSD does not have a public roadmap
  1. How many employees and contractors does your project have?
  • 22 FTE
  1. What is the monthly burn rate?
  • Not disclosed
  1. What is the strategy for treasury management?
  • Company funds are held in fiat USD or TrueUSD


  1. Which exchanges is your token listed on?
  • TrueUSD is listed on ~75 exchanges with Coinmarketcap providing a pretty accurate overview of the most liquid markets. For an overview of the less liquid markets please view this sheet. In addition to this, TUSD is supported by all major OTC desks and wallets.
  1. Are you aware of any paid market makers for your asset?
  • We are not aware of any paid market makers for our asset. We are connected with dozens of market makers who have direct creation and redemption access via our web portal. This is the primary mechanism for TUSD stability. Given that sophisticated traders understand that they can freely and quickly create and redeem TUSD, it allows them to easily buy TUSD in the market when it trades for <$1 and then sell back to us for $1, and vice-versa, when TUSD is trading >$1, they will buy TUSD from us for $1 and then sell it into the market until the price heads back to $1.
  1. Does your token have custodial support? Where/with whom? Please provide a copy of the custodial agreement if available.
  • Yes, TrueUSD is supported by BitGo and all major custodians. No agreements are available to show, however, TUSD is displayed on the Bitgo website.


  1. Please link your email, Telegram, subreddit, Discord, Twitter, Medium.
  1. What is the website of your project?

Legal Specifications

  1. Who is the token issuer (if any)?
  • TrueCoin, LLC
  1. Do you have legal representation related (1) to the issuance of the token, (2) regulatory requirements regarding the token, or (3) otherwise? If so, whom?
  • WilmerHale (securities counsel for the issuance of TrueUSD),
  • Orrick (corporate counsel)
  • Katten, Muchin, Rosenman (securities & regulatory counsel for the issuance of the token).
  1. What is the regulatory status of the token? Please provide relevant documentation (e.g., legal opinions, prospectuses, public disclosures, filing documents, etc.).
  • Non-securities. For parties who have signed an NDA, we can share legal memos from outside counsel supporting this conclusion.
  1. Are there any rights associated with the token that does not follow from its technical implementation or technical ramifications of the system in which the token is used? If so, what are they? How are they enforced? Please provide documentation memorializing these rights.
  • Yes. Each TrueUSD token represents a claim to one US dollar held for the holder’s benefit in escrow accounts at independent financial institutions. A summary of the terms of our escrow agreements and our Terms of Use are attached. For parties who have signed an NDA, we can share a redacted version of the escrow agreements.
  1. In what jurisdiction(s) was the token issued?? Please provide all filings and public documents related to the token’s issuance.
  • TrueUSD tokens are issued from California, United States. No public filings or public documents are associated with their issuance. TrueCoin, LLC is a registered MSB in the United States.
  1. Was the token issued as part of a regulatory process (e.g., securities offering)? If so, under which law, rule and/or regulation was the token issued? Please provide all documents related to this regulatory issuance process (to the extent not already provided in response to the above).
  • No.
  1. Was the token issued as part of the fundraising process for your project? If yes, who are the investors and how much equity do they respectively hold?
  • No.
  1. Please describe the corporate and legal structure of the project/system/product in which the token is used.
  • TrueUSD tokens are administered by TrueCoin, LLC, a wholly-owned subsidiary of TrustLabs, Inc. As mentioned above, each TrueUSD token represents a claim on one US Dollar held in escrow accounts for the benefit of the token holder. The escrow accounts are managed by regulated trust companies in the US and internationally. TrueCoin, LLC pioneered this escrow model for fiat-backed stablecoins. Each TrueUSD holder that passes a KYC/AML check becomes a legal beneficiary of a certain amount of USD held in the escrow accounts that correspond to the amount of TrueUSD tokens they hold.

This inst about the submission really, but I don’t quite understand the use case for stablecoins CDPs. Like how do you make money? I’d love help in understanding.

I’ve taken a look on implementation and it is mockery of Ethereum. Sorry for harsh words but i find no other.

TrueUSD is an upgradableProxy which might be changed at will by owner, and owner is A “multisig” with a single signer 0xF5235A0390e355CE0f133936f713C7Dc37bf28e2 (also behind upgradableProxy )

which is just some EOA

If anyone see any good argument for considering TUSD as collateral second longer, please enlight me.

I’ve made mistake during analysis, Multisig is controlled by 3 EOA. I believe that doues not change my point much


In general everything in a system is UpgradableProxy owned by some other UpgradableProxy Owner of all this mess can replace anything anytime. As far as I’ve analysed

It is just handful of EOA, but designer of a contract make good job to make analysing calls as hard as possible by internalyzing them

Thanks for this, and congrats, you’re the first token to submit this document to the forum!

In general, I think I’d like to see more detail on some of these answers. Taking a more proactive approach would also have been appreciated. Presumably you are broadly aware of how the Dai Credit System works, and you are aware of how your token works. What risks do you see to MKR Holders as a result of us including TUSD (or others) in the system? While we’ll be doing due diligence, it would be great to get your opinion on the risks as well as more detail on the benefits.

Here are some immediate questions that jump out at me. I’m unsure how many of these you can answer freely, if there are some you are unsure about, feel free to come back to those when you have the appropriate information.

  • Can TUSD be blacklisted and burned when it is within a CDP in the Dai Credit System? If it can, and such a blacklist+burn becomes necessary, how will your company handle this situation?
  • As @Adam_Skrodzki mentioned, you are currently using OwnerUpgradableProxy, do you plan to add or modify the functionality of your implementation within the next ten years?
  • You have provided a link to the latest of four audits from Level K, can you provide links to the previous three audits?
  • You say that ‘Company funds are held in fiat USD or TrueUSD’ in terms of treasury management. Can you elaborate? How does your company make money? Do you collect interest on the deposited USD? Does this remain as USD in the escrow accounts or is it held in another form? Is your company currently profitable?
  • Your website says ‘Transparent: Real-time proof of funds in an escrowed bank account.’ Is this viewable online, if so, where?
  • Your website also says: ‘Ethical: We’ve published a code of ethics demonstrating our commitment to always being fully backed, redeemable, stable, and compliant’ Where can we find this code of ethics?
  • How does your implementation on Binance chain effect the security and value of this token? I am not an expert, but in general dPos is viewed as less secure than PoW. How much TUSD is currently active on the Binance Chain versus the Eth Chain? If the TUSD on the Binance chain is compromised, how will that effect the stability of TUSD on the Eth chain?
  • If your company were to go bankrupt, or to cease operating for any reason, how can TUSD be redeemed? You mention in your legal docs that holders of TUSD have a claim on the USD in the escrowed bank accounts. How is this recovered and what does this process look like? Are lawyers involved? In your best estimate, how much USD would be recovered for each outstanding TUSD token in this situation?

Looking forward to seeing the responses. Thanks!


Hi Mitote!

AFAIK TrueUSD makes money by not paying interest on the USD collateral. Using TUSD as collateral in CDPs will however allow issuers of TUSD to earn from the Dai Savings Rate.
The flow is something like USD->TUSD (this step allows for KYC)->CDP into DAI->lockup DAI to get interest. Or they could just buy DAI outright and then lock it up.

Hi Ryan,

It is really cool to see TUSD go for this. I have some questions:

  1. How will it work with regards to oracles? How can the Maker community check how much USD you have as collateral for the TUSD you have printed?
  2. When can we expect the formal verification to be completed? I assume that is your goal.
  3. I actually think I would like a explanation of how your governance works? How does the multisig work? Within what timeframes?


So the only way they could make money with a TUSD CDP is if the stability fee is less than the DSR? Isnt that one of the main issues with low volatile collateral in MCD? We need to figure out where that extra dai for the DSR comes from, since TUSD CDP users wouldnt pay enough interest to support a DSR above the SF…

Our company makes money by retaining the interest generated from holding the USD that collateralizes TUSD.

Our company makes money by retaining the interest generated from holding the USD that collateralizes TUSD

Hi Adam,

The multisig owner of TrueUSD is 0x285D362E41CcC116192A17D21a87f41Fc26d32F9, which is also its own proxy owner, so upgrading the multisig requires 2 of 3. Yes, they can replace the implementation any time, and have in the past to upgrade to audited implementations to pull new optimizations. Every upgrade we have done and will do is to fully-audited implementations that do not break functionality. Several other projects in DeFi are controlled by a multisig. There is no single point of failure.

(This response comes from one of our lead engineers. I will ask him to create an account so that, moving forward he can address future concerns of this nature directly)

Thanks for taking so much time to write out these questions, LongForWisdom. I also caught your remarks on today’s governance call. Please let me know how we can continue to address the community skepticism. FWIW, I haven’t seen any of the remarks on this thread as skepticism. These comments are about the kind of thoughtful questioning I would expect from the Maker community.

  • Please review our Terms of Use for our AML-CTF standards and our prohibited uses.
  • Not currently, but we would consider it if, for example, there was a critical bug found in the implementation contract. We have upgraded in the past in order to optimize our gas consumption. Each of our upgrades was to an audited implementation.
  • Certik Audit
  • Slow Mist Audit
  • I have a note to not share the 4th (scrolled through and there is nothing critical in it, but let me circle back with you on that next week). I am not sure why.
  • Meaning that corporate funds are held in USD bank account (as would be the case for any company) along with some balance held in TUSD that we use for e.g., contractor payments, a 1-off OTC deal, etc. Our company makes money by retaining the interest generated from holding the USD that collateralizes TUSD. The interest generated is transferred directly to a company account and does not touch the escrow account. re profitability: we do not have capital concerns
  • Yes. Right now, we perform two types of confirmations on the USD supporting TUSD. We work with Armanino, which provides a live confirmation of the funds behind TUSD. You can view that here. We’ve been working with them since the summer of 2019. Our original accounting relationship has been with Cohen & Co., and you can view the entire history of our TUSD attestations here.
  • You can find that here.
  • Approximately $303k TUSD is currently circulating on Binance Chain. Binance Chain uses Tendermint for consensus. Both consensus protocols are subject to the Byzantine Generals Problem. Some could argue that, in some ways, Tendermint is superior to PoW; for example, Tendermint has no block reorganizations.
  • We plan to support atomic peg between the two blockchains after securing the supply on Binance Chain using rolling time locks. The amount of TUSD that could be compromised on Ethereum would be limited by the amount in the peg contract. The WIP peg contract code being developed by Binance is here.
  • The escrowed USD is held by each escrow agent solely for the benefit of each TUSD Holder. Neither the Company nor any of the escrow agents are entitled to any of the escrowed USD. The escrowed USD is not subject to any debts, liens or encumbrances of any kind of the Company or the escrow agents. Therefore, if the Company dissolves the escrowed USD would not be available to any Company creditors.
    • If the Company dissolves for any reason, each escrow agent is legally obligated to process all redemptions for TUSD holders that have either already created an account with the Company and, therefore, passed our KYC procedures, or for new Holders of TUSD that pass an escrow agent’s KYC procedures.
    • On the corporate side, a wind-down agent would be appointed to assist the escrow agents’ process redemptions and protect the property rights of the Holders.
    • If 100% of the TUSD tokens are held by persons who have either (1) already passed the Company’s KYC procedures, or (2) who pass an escrow agent’s KYC procedures after the company dissolves, then 100% of the TUSD tokens would be available for redemption.

Other stablecoins are important collateral (IMO) for a couple of reasons:

  • From a Dai (and thus MKR) holder’s perspective, they decrease the volatility of the overall collateral portfolio by being theoretically 100% correlated with Dai itself. This makes Dai more stable.

  • The borrowers of Dai against other stablecoins are most likely going to be market makers. When a market maker mints Dai and sells it above $1, their assumption is that they will be able to repurchase it at $1 to pay off their CDP before the stability fees eliminate their profit (i.e. arbitrage). This much is obvious, but only represents half of the calculus. The other consideration a market maker must take into account is the price performance of the underlying asset which they used to mint the Dai in the first place. If using ETH, for example, they now must either hedge out ETH’s price volatility (which will be costly itself) or hope that it does not decrease in price to the point where it wipes out their arbitrage profits. By being able to lock a non-directional asset into the CDP, their calculus is simplified to price above $1 - stability fees.

Hope that helps.


Fair enough, skepticism may have been too strong a word. Caution may have been a more appropriate choice.

I have skimmed these prohibited uses. My question is more related to your response. It would be great to get a clear answer of what your response would be. Would you be forced to blacklist and burn tokens that were locked in a CDP? (Note: I realise that any answer to this is akin to shooting yourself in the foot in front of either us or the U.S government. Sorry for that, but it’s important information. My assumption is that yes, you would be forced to do this.)

In my view it’s critically important that we understand what happens here, if you are forced to blacklist and burn then that makes the DCS a pathway for non-compliant individuals to convert their ‘burnable’ money into ‘non-burnable’ Dai without a counter party and in such a way that it negatively affects MKR Holders when you are forced to blacklist and burn ‘their’ tokens.

Also curious, let us know. :slight_smile:

This is fairly impressive! I recognise that you are not armanino, but if possible could you pass along the suggestion that historical data is also recorded and displayed? It would be great to verify that TUSD (or any other stablecoins they support) have always been backed 1-1. I’ll also note that without doing a lot of cross-checking it’s difficult to ensure that the attestations match the amount of TUSD in circulation on the blockchain. I’m they always match, but the information could be presented more effectively.

All looks very sensible, thanks for the point in the right direction.

Thanks for this, probably a little over my head, but if someone else wants to dig into this, that might be good?

Fantastic answer, thanks for clarifying this process in more detail and glad to hear that in theory 100% of the funds can be recovered. Just one follow up question: You mentioned a wind-down agent would be appointed, how is this funded?

1 Like

Absolutely! Thanks @g_dip! For anyone interested in learning more about the value of adding other stablecoins into the MCD system, Rune has a pretty epic thread with a lot of back and forth. He explains this better than I could. You can view that thread here.

Thanks for pointing out where the weakness is so clearly.

Also I would add to this that since TUSD is upgradable and do not use separate contracts for logic and state storage it is prone to humans errors in any future upgrades.

1 Like

@LongForWisdom this thread is getting rather long with diverse topics being discussed. Is it sort of your job to gather all the pieces into a todo list? Or is that up to @rich.brown? Keeping all these fragments together is actually a rather substantial undertaking.

Heh, no kidding. Keeping track of this forum feels like juggling plates lately. :wink:

I actually don’t think there’s a need to start organising things on this thread yet. It’s a discussion of the application submitted by Ryan and thus far the majority of responses have been on-topic as I’d judge it.

In terms of a todo list, what do you feel needs doing here? Are you referring to due diligence generally, looking into contract code, checking attestations and such?

I’m a little reluctant to start pushing people into action on the subject yet as there is a whole stack of assets that are further up the priority list (at least as MKR Token Holders voted it.) There is also the question as to which responsibilities fall under the community generally, and which responsibilities are delegated to the risk teams. I believe Cyrus will be making this more clear in the future.

I kind of blanked over this on my last read-through, and I had some thoughts when I read over it again just now. My suggestions would be the following:

  • Be proactively transparent. Tell us the ways in which including TUSD (or your other tokens) could screw over the Dai Credit System and/or MKR Token Holders. Point us to anything we should look out for or worry about. Share any doubts you have about your system. Tell us what the difficult questions are and answer them as best you can.
  • Continue to monitor the thread and answer any questions that arise as openly as possible. If you are unable to answer openly state why you can’t and try to find a way to resolve the issue.
  • Maintain the level of politeness and respect you have so far (and try not to take to heart our somewhat pointed responses.)

Hello, I am a security engineer at TrustToken. I want to add some context for how TUSD is minted, which I think would help ease some concerns. I designed the current system to minimize our risks, and I work to mitigate our risks over time.

Our “mint key” is secured within a hardware security module (HSM) in the cloud, so it is not physically located on our premises. We interact with the device through PKCS11, and it can only be accessed from a subset of our servers (the “signing service”), none of which face the public internet. No employees have ever had access to this key, nor would they be able to extract it. While the HSM is in control of engineering, it takes two engineers to update the signing service. Additionally, as explained below, there are limits and restrictions on this key.

On-chain, TrueUSD minting is controlled by a multisig “token controller”. We have an Instant Mint Pool from which this key can mint. There are limits on this pool on a per-mint basis, but also in aggregate. Refilling this pool requires a signature from one of several select employees outside engineering, called “mint security officers”. These individuals have read access to our bank accounts and verify the integrity of the supply before refilling. They cannot initiate mints; they can only ratify or pause them. Mint security officers take on-call in shifts and respond to escalations from our monitoring system.

Instant Mint Pool refills come from a “Ratifier Pool” which itself must be refilled from a larger “Multiratifier Pool” by signatures from 3 mint security officers. It is possible to mint from the ratifier pool directly with a signature from the mint key and a ratifier. Similarly, it is possible to mint from the multiratifier pool using the mint key and 3 mint security officer signatures. These “mint requests” allow larger, but less-instant, mints.

The Multiratifier Pool is refilled and configured by the owner multisig. Keyholders for this multisig are significant stakeholders, and we have guidelines that limit risky tweaking. Reconfigurations are not arbitrary; limit increases typically follow improvements to our security. Contract implementation upgrades require strong justification and a third-party audit. Our most recent set of upgrades was audited by LevelK.

Of course, there is room to improve. I’m interested in your ideas.

I hope this has helped assuage fears about our mint security. Working with the prior banking system is challenging, but it means you can send money directly to your bank account, or move your money onto the blockchain.


This is really interesting, thank you very much for sharing!

Not that I’m doubting your identity in the slightest, but it might be sensible to set a precedent of verifying people claiming to speak on behalf of company. Ryan provided his linkedin above. Is there any non-invasive proof of employment you can share?

I did look at the TrustToken website, but they only list their leadership team. By the looks you contributed to the TrustToken blog back in 2018, and I think that’s enough to satisfy me personally.

As someone whose job it is to minimise and mitigate risks, can you identify any additional risks to the DCS that could be caused by the introduction of TUSD?

I can confirm that Will is with us.

1 Like