Contract registry and security review materials
Not all deployed contracts are required to deploy or operate a vault. To avoid confusion, contracts are grouped by whether they are required for a vault-only deployment or optional modules.
Mainnet contract registry
For deployment addresses, the canonical docs source is the Deployed Addresses page. The list below is the Capital Provider security-review subset.
Required for vault deployments
These contracts are involved in deploying, operating, and verifying Octant v2 vaults and strategies. A vault-only deployment does not require any contracts outside this group.
Shared implementations
- YieldDonatingTokenizedStrategy:
0xE8797A98710518A6973Cc8612f98154EECF2C711 - YieldSkimmingTokenizedStrategy:
0xFe064acA6acFF4eFbE496271A665F0a9D66d6da1
Core infrastructure
- Module Proxy Factory:
0x8B73Fc5DE3E1d2e5A1deF7F9B2728E8D9B71bf79 - Dragon Tokenized Strategy:
0x0031542c6381d81CFCb35658E3Ce5BEccf6ea3CB - Dragon Router:
0x4C9268BBf4302D7c489458b3eD0e15c6F7d5206d
Strategy factories
- SkyCompounderStrategyFactory:
0x2a3fd5D3ab48cDE74Cb0b179d3C67155119141cC - MorphoCompounderStrategyFactory:
0x1eE8Af6604d7e80f155D45a863128Bc79f015275 - LidoStrategyFactory:
0xc69288F65647DDf8FDBfDc905bdBD21b034b61b8 - YearnV3StrategyFactory:
0x9A6c9aA80D4A0d8Da29EcbA62c40ccBBB321abB6
Yield routing
- PaymentSplitterFactory:
0x5711765E0756B45224fc1FdA1B41ab344682bBcb - Split Checker:
0x00ca94eD9FDF7Ea27B66B3a830ACa7cb58cd5B7f
Optional modules (not required for vault-only onboarding)
The contracts below support additional or future functionality and are not required to deploy, operate, or monitor a vault.
Community staking
- Regen Staker Factory:
0x6a8250C95d2e866e95fe4749eD540357B8e44a9a
Allocation and program tooling
- Allocation Mechanism Factory:
0x30B980fe1CaF8Fa275e9a364187DB953d08C3ACE
Awaiting team confirmation
The rows below are useful context for review packets but are not required for the vault-only deployment path above. Confirm current production relevance with the Octant team before treating them as operational dependencies.
Direct contribution tooling
- Linear Allowance Singleton:
0x99Cfb6e72D7b6FAFa65a22D8da09A107f0efcB95
Support contracts
These contracts support permissions, role management, and internal safety checks.
- Hats:
0x391892d03E0718C43B0f1CD30969fbf51121f050 - DragonHatter:
0x7bD9b7f9E2Ffe76de3dE6e80CF9Af00907fe5F40
Test/mock contracts
These contracts are used for local development, testing, and demonstrations only. They are not used in production vault deployments.
- Mock Strategy Singleton:
0xd5ca295AD9AE697c0d86e87fAD29dEEFBE36638F - Mock token:
0x36FB65282f7B53a7048fA540cD77F9ABa8A9Ec9a - Mock yield source:
0x5D21fEeC160D7312632d5604dde62c551E813544
What to verify onchain
At minimum:
- contract code is verified on Etherscan for the factory and core contracts
- the strategy’s
dragonRouter()/ donation destination is the one you expect - role addresses match your signed-off configuration (management, keeper, emergency admin)
report()emits “Reported” events and profits route to the configured destination
Code and audits
Repo and audit reports are maintained in the Octant v2 core repository. Include these in any internal security review packet.
Core contracts: https://github.com/golemfoundation/octant-v2-core/tree/06ae2b9fa2e4443a3d9f6148498d4ada4f9861e8
Audit reports: https://github.com/golemfoundation/octant-v2-core/tree/06ae2b9fa2e4443a3d9f6148498d4ada4f9861e8/audits