[RFC-27] VaultCraft 2nd Audit


This RFC seeks to request feedback on performing a second audit on VaultCraft:


To ensure the safety and security of our contracts by following up on the C4 competition and all fixed bugs. We need to audit ~2,500 lines of code and it would be extremely beneficial if PopcornDAO used a security audit service that has audited for 100+ projects and protected over $10B in assets.

Budget Request:

  • Up to $50K in USDC

Desired outcomes:

  • Use at least 1 professional auditing service provider to review the VaultCraft repo to ensure the safety of our contracts. It is extremely important we audit the code at least one more time and also signal to users that we used professional audit service providers on our code. Unspent budget will remain in the treasury. The audit service provider will be given the following info to review:

  • GitHub - Popcorn-Limited/audit2

  • C4 Contest details

  • C4 public repo


VaultCraft is/could be such a big feature for Popcorn, definitely don’t want some technical problems to jeopardize this. I think there is no way around a professional audit (ideally they would be somehow commited/vested with all the recent problems regarding auditing in crypto)


Great idea. VaultCraft is an important asset for Popcorn and the entire DeFi community. Ensuring its security with another audit will build its ethos and validate its ability to be a cornerstone of building high TVL vault strategies across the ecosystem

1 Like

Agree with this. Not only is VaultCraft the biggest release for Popcorn to date, it’s our first protocol with the potential to be widely used by major players in the DeFi ecosystem. It’s critically important we do everything we can to ensure its safety and help others feel confident using it.

Supportive! Don’t compromise quality or security