SEPOLIA TESTNET · NO MONETARY VALUE
TikiDeco

Open community peer review

Review the frozen V2 candidate

Verify one immutable candidate, reproduce its evidence, inspect known questions, and use the appropriate public or private reporting path.

Community peer review is not a formal independent smart-contract audit. V2 remains non-canonical and non-deployed. No mainnet, sale, liquidity, listing, stated monetary value, or active hospitality benefit is approved.

Review Identity

Current review status
open-for-community-peer-review
Review candidate source commit
cdc9e7e27e66f204c50d59e45ccf970ad20290d6
Frozen V2 code commit
9099fdb87a6be715b1d7fd4fafa6fade0b12b61c
Package SHA-256
980555973d47cb5b21b900f3d463890d4faeeff1c45d351332906f5149bae1a2
Formal independent audit
not-started
Opened
2026-07-11T00:00:00.000Z

Contracts And Scripts In Scope

Token candidate
contracts/TikiDecoTokenV2.sol
Vesting candidate
contracts/TikiDecoVestingVaultV2.sol
Deployment guard
scripts/deploy-v2.cjs
Candidate tooling
scripts/build-v2-review-candidate.cjs, scripts/check-v2-review-candidate.cjs, scripts/check-review-handoff.cjs

Tests And Review Evidence

Hardhat tests
test/TikiDecoTokenV2.js, test/TikiDecoVestingVaultV2.js, test/TikiDecoInvariants.js, test/V2DeploymentConfig.js
Foundry tests
foundry/TikiDecoTokenV2Invariant.t.sol, foundry/TikiDecoVestingVaultV2Invariant.t.sol, foundry/FoundryTestBase.sol
Known issues
KI-01, KI-02, KI-03, KI-04, KI-05, KI-06, KI-07, KI-08, KI-09 remain visible for review
Reviewer questions
Access control, pause behavior, vesting liabilities, metadata, roles, and Slither classifications

Reproduce

Checkout
git checkout cdc9e7e27e66f204c50d59e45ccf970ad20290d6
Focused checks
npm ci && npm run compile && npm test && npm run foundry:test && npm run slither
Build package
npm run review:candidate:build -- --commit cdc9e7e27e66f204c50d59e45ccf970ad20290d6
Expected package SHA-256
980555973d47cb5b21b900f3d463890d4faeeff1c45d351332906f5149bae1a2
Process check
npm run community-review:check

Report Or Ask

Public security finding
Public-safe Medium, Low, or Informational finding
Reproducibility issue
Broken command, checksum, scope, or immutable link
Test suggestion
Focused Hardhat, Foundry, invariant, or deployment-guard test
Review question
Public non-sensitive scope or technical question
Sensitive vulnerability
Use private vulnerability reporting; do not publish exploitable unresolved Critical or High details

Out Of Scope

Excluded
Canonical V1 deployed bytecode and source semantics
Excluded
Mainnet deployment or readiness
Excluded
Sepolia deployment or transaction broadcast
Excluded
Private keys, RPC secrets and signer identities
Excluded
Legal, tax, regulatory, property or hospitality operator conclusions
Excluded
Token sale, liquidity, listing, value statements and active hospitality benefits

Acknowledgements

Reviewers acknowledged
No reviewers have been acknowledged yet
Public findings
0
Private findings disclosed as aggregate
0