Audits & assurance

Settlement activity on Chain 138 is independently verifiable without DBIS attestation. Counterparties may reconcile portal-published addresses against live chain state:

• Block explorer — transactions, contracts, token holders, PMM pool activity
• /.well-known/trust.json — canonical Stack A PMM integration and pool addresses (v0.5.1)
• token-list API — machine-readable token registry
• Source and deployment artefacts — Gitea

CI validates that published trust anchors match the canonical Chain 138 contract registry before portal deploy.

Annual financial statement audits and agreed-upon procedures reports will be listed with publication date, scope, and a link to the public PDF (or member-gated annex where required). None are published on this portal as of the current release.

High-level themes from the internal audit plan (IT general controls, treasury operations, third-party risk) will be summarised quarterly. Detailed workpapers remain confidential.

The 131 deployed smart contracts on Chain 138 (including cUSDT, cUSDC, cXAUC, cXAUT, DODOPMMIntegration, and CompliantWrappedToken contracts) undergo security review. Contract addresses are published in trust.json and the Infrastructure page.

• Ethics & conduct
• Whistleblower intake
• Security