Centrifuge
About
Centrifuge provides institutional-grade infrastructure for tokenizing real-world assets (RWAs) into onchain investment products. The platform enables asset managers, fintechs, and DeFi protocols to launch compliant tokenized funds with automated infrastructure and multi-chain distribution capabilities. Centrifuge connects traditional capital markets to onchain rails, offering both self-serve white-label solutions and full-service managed options through its asset management arm Anemoy.
Where Does Yield Come From?
Centrifuge helps generate yield by tokenizing real-world assets (like loans or funds) using a central hub with connected spokes.
Investors deposit assets, mainly USDC stablecoin, into vaults on the connected spokes. These vaults accept two types of deposits:
- Instant (synchronous) flows: you get shares right away, suitable for liquid strategies.
- Request-based (asynchronous) flows: deposits and withdrawals go through a queue, approval, and pricing process, better for strategies that involve offchain steps.
The deposited funds are allocated to tokenized investment strategies. These include institutional treasuries, credit products, and index funds—for example, the Anemoy S&P 500 Index Fund, which is licensed from S&P Dow Jones Indices.
Yield comes from the underlying real-world assets. It can be:
- Interest payments
- Dividends
- Capital appreciation (value increase) of the institutional-grade assets.
Investors receive share tokens that represent their proportional ownership in these strategies. How yield is distributed depends on the vault design:
- Synchronous vaults mint shares instantly, ideal for onchain strategies that are liquid.
- Asynchronous vaults use a request-based flow, where deposits and redemptions are queued, approved, priced, and then fulfilled. This works well for real-world asset strategies that have offchain components.
The platform also supports multi-asset vaults (using a standard called ERC-7575). This allows investors to deposit different types of assets while the capital is pooled for centralized management.
Tokenized real-world assets can be wrapped into special tokens called deRWA tokens. This makes them easier to use across various DeFi (decentralized finance) platforms. This opens up secondary yield opportunities—like lending them on markets such as Aave and Morpho, trading them on decentralized exchanges, or using them on other yield platforms.
Overall, Centrifuge enables institutional asset managers to create compliant yield products. At the same time, it gives investors transparent, onchain-verifiable performance data and settlement.
Persons
Audits
| Audit / Date | Findings | Verdict |
|---|---|---|
Sherlock30-01-2026 |
| This deployment verification confirms contract integrity across multiple chains with all bytecode matching source code, indicating no deployment-related security issues were identified. |
yAudit03-12-2025 - 18-01-2026 |
| The fix review confirms Centrifuge v3.1 as a mature codebase with strong security focus, finding only minor code quality improvements and gas optimizations with no security vulnerabilities identified. |
Sherlock, Blackthorn20-10-2025 - 17-11-2025 |
| The audit reveals significant security risks including a high-severity theft vector and multiple medium issues affecting cross-chain messaging and accounting integrity. All findings require remediation before protocol deployment to ensure safe operation of the Centrifuge v3.1 upgrade. |
xmxanuel16-12-2025 |
| This focused follow-up audit confirmed fixes for previously identified reentrancy vulnerabilities, with all critical findings addressed and only minor informational issues acknowledged, indicating robust remediation of cross-chain attack vectors. |
yAudit06-10-2025 - 14-10-2025 |
| The audit found no critical or high severity vulnerabilities, indicating a mature protocol with strong security foundations. All identified medium and low severity issues were promptly addressed by the development team before deployment. |
Burra Security08-10-2025 - 10-10-2025 |
| The audit uncovered a critical high-severity pool isolation bypass that was properly resolved, along with several lower-risk issues that were either fixed or acknowledged, resulting in a comprehensive security review with effective remediation. |
Burra Security24-09-2025 - 30-09-2025 |
| The audit identified and resolved critical security vulnerabilities including gas subsidy drains and cross-chain message failures, resulting in comprehensive fixes that address all high and medium severity issues before deployment. |
Burra Security21-08-2025 |
| This audit found no critical or high-severity vulnerabilities, with only low-risk issues identified and some informational items already resolved, indicating the LayerZeroAdapter implementation has basic security assurances but should monitor the acknowledged low-severity concerns. |
| The audit report was unavailable for review due to timeout accessing the provided URL; therefore no assessment of findings or protocol safety can be made from this source. | |
xmxanuel01-05-2025 - 31-07-2025 |
| The audit revealed several medium and low severity issues primarily around cross-chain recovery mechanisms and access controls, with most findings addressed before deployment, though some acknowledged edge cases around Gateway transaction handling remain. |
Macro25-06-2025 |
| The audit found only a single medium-severity issue that was promptly addressed, indicating generally robust security for the reviewed Merkle proof management contracts. |
yAudit16-06-2025 - 27-06-2025 |
| The audit uncovered one high-severity issue and several medium/low findings, all of which were promptly addressed by the Centrifuge team, resulting in a well-reviewed V3 protocol with no critical vulnerabilities remaining. |
| Unable to assess the audit findings as the report document was not accessible due to a timeout when fetching the provided URL. | |
Burra Security21-05-2025 - 23-05-2025 |
| The audit uncovered only minor administrative concerns that were promptly resolved, indicating a mature protocol with robust security practices and no significant residual vulnerabilities in the reviewed scope. |
Alex The Entreprenerd01-04-2025 |
| The audit uncovered one critical accounting overflow and several medium-severity timing/evasion issues, but the majority of findings are informational improvements; the protocol requires careful handling of rounding precision and queueing logic before production deployment. |
Burra Security09-04-2025 - 15-04-2025 |
| The audit uncovered several operational issues in cross-chain fee handling and emergency pause functionality, all of which were resolved before deployment, indicating proper remediation of identified risks. |
BurraSec22-04-2025 - 25-04-2025 |
| The audit discovered a critical re-entrancy vulnerability that was promptly fixed, along with several other medium and low severity issues that were either resolved or acknowledged, improving the overall security posture of Centrifuge's smart contracts. |
xmxanuel24-03-2025 - 01-04-2025 |
| The audit identified several critical access control and reentrancy vulnerabilities that were promptly fixed, resulting in a secured protocol with no unresolved high-severity issues at review completion. |
Cantina11-02-2025 - 16-02-2025 |
| The audit found only one low-risk vulnerability alongside gas and informational improvements, all of which were addressed before deployment, indicating a relatively secure codebase with minor issues resolved. |
Recon03-04-2025 |
| This is a technical blog post documenting methodology improvements to Centrifuge's invariant testing suite, which uncovered one functional edge case (redemption for frozen recipients) that was subsequently fixed, rather than a formal security audit with severity-rated findings. |
| The audit analysis cannot be performed due to inability to access the source document, leaving the security assessment incomplete for this particular engagement. | |
Spearbit01-06-2024 |
| The audit report was inaccessible for analysis due to fetch timeouts; therefore no findings or security assessment can be derived from the source material. |
Recon01-03-2024 - 30-04-2024 |
| This engagement focused on improving fuzzing test coverage and methodology for Centrifuge, with no specific vulnerabilities reported in this first part; the actual bug findings and their severity assessment were deferred to a follow-up analysis. |
| This blog post shares lessons from a fuzzing engagement but does not constitute a traditional audit report with severity-graded findings, limiting its utility for security assessment beyond methodological insights. | |
Cantina05-10-2023 - 19-10-2023 |
| The audit found no critical or high-severity issues, with all medium risks resolved and most low risks addressed, providing reasonable security assurance for Centrifuge's real-world asset liquidity pool infrastructure. |
Code4rena08-09-2023 - 14-09-2023 |
| The audit identified several medium-risk issues primarily affecting protocol functionality and availability, with no critical or high-severity vulnerabilities found. Centrifuge promptly addressed all reported findings through code updates. |
SRLabs03-10-2023 |
| This audit revealed no critical vulnerabilities, with the single medium-severity DoS issue already fixed, indicating the liquidity pools implementation had robust security foundations at the time of review. |
Backers
Centrifuge has raised institutional funding from leading crypto venture capital firms and strategic investors. In April 2024, Centrifuge completed a $15 million Series A funding round co-led by ParaFi Capital and Greenfield, with participation from Arrington Capital, Bloccelerate, Borderless Capital, Circle Ventures, Edessa Capital, Gnosis, IOSG Ventures, Modular Capital, ProtoCap, Re7 Capital, Scytale Digital, Skynet Trading, Stake Capital, The Spartan Group, TRGC, and Wintermute Ventures among others. The funding was aimed at scaling adoption of institutional DeFi, driving product development, creating onchain utility, cultivating ecosystem growth, and bringing on new talent.
In August 2025, Republic Digital's Opportunistic Digital Assets Fund made a strategic investment in Centrifuge to accelerate the future of tokenized finance. The investment reflected Republic Digital's conviction that real-world assets are becoming a foundational pillar of the next financial system and that Centrifuge is a leader in building infrastructure for tokenized finance.
Centrifuge's investor base includes prominent institutional crypto investors such as BlockTower Capital, ParaFi Capital, Greenfield Capital, Coinbase Ventures, Circle Ventures, Galaxy Digital, Gnosis, IOSG Ventures, and Wintermute Ventures, among others. The company has been backed since its founding in 2017 and has established itself as a leading platform for real-world asset tokenization.
Legal
Legal form
Foundation
Registration jurisdiction
Cayman Islands
Status and notes
Centrifuge Network Foundation, a foundation registered in the Cayman Islands (Floor 4, Willow House, Cricket Square, Grand Cayman KY1‐9010). Legal documentation including imprint, terms of use, and privacy policy available on the official website.