January 27, 2026
52
Findings Breakdown
Executive Summary
This report presents a comprehensive security review of the Hermetica Vaults smart contracts, implemented in Clarity on the Stacks blockchain. The assessment evaluated the correctness, robustness, and security of the vault architecture and its integrated yield strategies. The review identified findings related to performance fee calculations, profit and loss accounting, share rounding behavior, share price computation, external protocol collateral management, first-deposit denial-of-service vectors, SIP-10 compliance, and token integration mechanisms.
About Hermetica Vaults
Hermetica Vaults are Stacks (Clarity) yield vault smart contracts that implement ERC-4626-style share mint/redeem, publish periodic NAV updates into a liquid staking token (LST), and execute yield strategies via integrations with external on-chain protocols. hBTC is the reference implementation: a BTC-denominated vault that deploys deposited BTC across integrated DeFi venues to generate yield while tracking assets and liabilities on-chain.
Findings Summary
This security review identified a total of 52 findings:
All findings were thoroughly documented and communicated to the Hermetica Vaults team. For detailed analysis and remediation recommendations, please refer to the full report.