- Assurance
  Smart Contract Assessment
  Securing code integrity, protecting digital assets
  Smart Contract Assessment
  Securing code integrity, protecting digital assets
  Blockchain Layer 1 Assessment
  Assessing protocols, securing blockchain foundations
  Blockchain Layer 1 Assessment
  Assessing protocols, securing blockchain foundations
  Code Security Audit
  Uncovering flaws, strengthening software integrity
  Code Security Audit
  Uncovering flaws, strengthening software integrity
  Web Application Penetration Testing
  Exposing weaknesses, fortifying digital defenses
  Web Application Penetration Testing
  Exposing weaknesses, fortifying digital defenses
  Cloud Infrastructure Penetration Testing
  Securing configurations, protecting critical environments
  Cloud Infrastructure Penetration Testing
  Securing configurations, protecting critical environments
  Red Team Exercise
  Simulating real-world attacks, strengthening defenses
  Red Team Exercise
  Simulating real-world attacks, strengthening defenses
  AI Red Teaming
  Testing AI systems against real threats
  AI Red Teaming
  Testing AI systems against real threats
  AI Security Assessment
  Securing AI models, data, and pipelines
  AI Security Assessment
  Securing AI models, data, and pipelines
- Advisory
  AI Advisory
  Guiding secure, strategic AI adoption forward
  AI Advisory
  Guiding secure, strategic AI adoption forward
  Risk Assessment
  From unknown threats to actionable insights
  Risk Assessment
  From unknown threats to actionable insights
  Blockchain Architecture Assessment
  Optimizing architecture for tomorrow’s networks
  Blockchain Architecture Assessment
  Optimizing architecture for tomorrow’s networks
  Compliance Readiness
  Stay ready as regulations evolve
  Compliance Readiness
  Stay ready as regulations evolve
  Custody and Key Management Assessment
  Securing the heart of digital custody
  Custody and Key Management Assessment
  Securing the heart of digital custody
  Technical Due Diligence
  See the risks before you invest
  Technical Due Diligence
  See the risks before you invest
  Technical Training
  Empower your teams to secure what matters
  Technical Training
  Empower your teams to secure what matters

Goldivault Diff - Goldilocks

Prepared by:

HALBORN

Last Updated 04/01/2025

Date of Engagement: March 21st, 2025 - March 24th, 2025

Summary

100% of all REPORTED Findings have been addressed

All findings

Critical

High

Medium

Low

Informational

1. Assesment summary
2. Scope
3. Findings overview

1. ASSESMENT SUMMARY

The team at Halborn assigned a full-time security engineer to assess the security of the smart contracts. The security engineer is a blockchain and smart-contract security expert with advanced penetration testing, smart-contract hacking, and deep knowledge of multiple blockchain protocols.

The purpose of this assessment is to:

Ensure that smart contract functions operate as intended.
Identify potential security issues with the smart contracts.

No major issues were identified.

2. SCOPE

REPOSITORY

(a) Repository: goldilocks-core

(b) Assessed Commit ID: 0222634

Goldivault4626.sol
Goldivault.sol
PointsGoldivault.sol

Out-of-Scope: Third party dependencies and economic attacks.

Remediation Commit ID:

Out-of-Scope: New features/implementations after the remediation commit IDs.

3. Findings Overview

Security analysis	Risk level	Remediation
Usage of direct approve calls	Low	Risk Accepted
Unlocked pragma compiler	Informational	Solved - 03/28/2025
Misleading _unstakableYT logic	Informational	Solved - 03/28/2025
Duplicated deposit logic	Informational	Solved - 03/27/2025
Missing NonReentrant protection	Informational	Solved - 03/27/2025
Consider using named mappings	Informational	Solved - 03/28/2025

Halborn strongly recommends conducting a follow-up assessment of the project either within six months or immediately following any material changes to the codebase, whichever comes first. This approach is crucial for maintaining the project’s integrity and addressing potential vulnerabilities introduced by code modifications.

1. Assesment summary
2. Scope
3. Findings overview

// Download the full report

Goldivault Diff

* Use Google Chrome for best results

** Check "Background Graphics" in the print settings if needed

← Back to Audits

Goldivault Diff - Goldilocks

Prepared by:

HALBORN

Last Updated 04/01/2025

Date of Engagement: March 21st, 2025 - March 24th, 2025

Summary

100% of all REPORTED Findings have been addressed

All findings

Critical

High

Medium

Low

Informational

1. Assesment summary
2. Scope
3. Findings overview

1. ASSESMENT SUMMARY

The purpose of this assessment is to:

Ensure that smart contract functions operate as intended.
Identify potential security issues with the smart contracts.

No major issues were identified.

2. SCOPE

REPOSITORY

(a) Repository: goldilocks-core

(b) Assessed Commit ID: 0222634

Goldivault4626.sol
Goldivault.sol
PointsGoldivault.sol

Out-of-Scope: Third party dependencies and economic attacks.

Remediation Commit ID:

Out-of-Scope: New features/implementations after the remediation commit IDs.

3. Findings Overview

Security analysis	Risk level	Remediation
Usage of direct approve calls	Low	Risk Accepted
Unlocked pragma compiler	Informational	Solved - 03/28/2025
Misleading _unstakableYT logic	Informational	Solved - 03/28/2025
Duplicated deposit logic	Informational	Solved - 03/27/2025
Missing NonReentrant protection	Informational	Solved - 03/27/2025
Consider using named mappings	Informational	Solved - 03/28/2025

Goldivault Diff

Goldilocks

Goldivault Diff - Goldilocks

Summary

Table of Contents

1. ASSESMENT SUMMARY

2. SCOPE

3. Findings Overview

Table of Contents

Goldivault Diff

Goldilocks

Goldivault Diff - Goldilocks

Summary

Table of Contents

1. ASSESMENT SUMMARY

2. SCOPE

3. Findings Overview

Table of Contents