RockSolid
About
RockSolid is a single-click, institutional-grade DeFi vault platform built for ETH-native (ERC-20) assets. It enables protocols, institutions, and individual depositors to access curated, professionally managed DeFi strategies through audited smart contracts, institutional MPC custody controls, and transparent onchain vault logic — all with a single-click deposit experience and auto-compounding rewards.
Where Does Yield Come From?
RockSolid vaults earn rewards from several activities happening at once:
- Staking returns from liquid staking tokens (like Rocket Pool's rETH)
- DeFi optimisation — lending out assets and looping them through lending platforms such as Aave and Morpho to earn more
- Liquidity provision — placing funds into concentrated liquidity pools on exchanges like Uniswap and Balancer to collect trading fees
- Incentive farming — special reward programmes negotiated with partner networks (Optimism, Arbitrum, Linea, Ink, Yearn, Hemi, Katana, Spark) that pay extra tokens for using their ecosystems
A professional strategy manager called Tulipa Capital chooses which activities to run and adjusts them over time. The Lagoon vault platform handles the technical execution, and Fordefi provides secure multi-party signing (a shared control mechanism) for transactions. All rewards automatically compound inside the vault, meaning earnings get reinvested without you needing to do anything. When you withdraw, everything converts into the vault's main asset (for example, rETH), no matter where the rewards originally came from.
The vault charges a 1% annual service fee on the total value held, plus a 10% performance fee on the profits it earns. Any change to these fees requires a 30-day waiting period and a contract upgrade.
RockSolid also offers a white-label service for other protocols — they can build their own vault using RockSolid's infrastructure, with custom strategies, secure signing workflows, and ongoing advice.
Audits
| Audit / Date | Findings | Verdict |
|---|---|---|
Nethermind10-07-2025 |
| The audit found only two Best Practice issues (both promptly fixed by the Lagoon team) with no critical, high, medium, or low severity vulnerabilities, reflecting a well-scoped and securely implemented set of proxy management contracts. |
Nethermind Security09-05-2025 - 13-05-2025 |
| The audit identified a critical-value loss bug (High) that was promptly fixed, and the remaining Medium/Low issues were resolved or mitigated — overall the code changes for PR #200 present acceptable residual risk given the operational controls added. |
| The audit report is hosted on Google Drive behind an authentication wall and is not publicly accessible, making it impossible to analyse. Without access to the document, no assessment of the protocol's security posture can be provided. | |
Nethermind Security18-10-2024 - 07-11-2024 |
| The audit by Nethermind identified one critical and one high severity vulnerability, both of which were fixed prior to the final report, making the core vault logic reasonably secure for deployment; the unresolved low-severity highWatermark inconsistency and the acknowledged DOS-between-settlements finding represent minor residual risks that should be monitored. |
Bretzel27-09-2024 |
| The audit found no critical or high-severity issues; two medium-risk findings (one acknowledged, one resolved) and all low/informational items were addressed, indicating the protocol was in sound shape at review time with no residual high-impact vulnerabilities. |
Nethermind Security29-01-202530-01-2025 |
| The audit found no critical, high, or medium severity vulnerabilities; the sole informational issue regarding maxWithdraw returning a misleading value when paused was promptly fixed, indicating a well-scoped codebase with negligible residual risk. |
Nethermind03-04-2025 |
| Nethermind found no security issues in the Lagoon BeaconProxyFactory contract additions, indicating the code introduced in PR 195 is clean, well-documented, and free of vulnerabilities. The audit gives a clean bill of health for these specific changes. |
Nethermind17-04-2025 |
| The audit found zero vulnerabilities in the added claimSharesOnBehalf function for Lagoon Vaults, but the scope was narrow (single function addition) and does not cover the broader protocol. |
Trail of Bits04-03-2026 |
| The audit identified one meaningful medium-severity risk (permanent fund loss via misconfigured controller) that was partially remediated, while two informational design limitations remain unresolved by design; overall the vault's core ERC-7540 implementation is sound, but residual operational trust assumptions around the curator and settlement ordering persist. |
Nethermind22-04-2026 |
| The audit found no critical, high, or medium severity vulnerabilities; the single Low issue (maxCap bypass via native ETH) and one Best Practices annotation issue were both fixed by the team, making the v0.6.0 upgrade ready for deployment from a security standpoint, though the report notes test coverage gaps in native ETH flows and negative access-control paths. |
Backers
RockSolid raised a $2.8 million pre-seed round led by Castle Island Ventures, as reported by The Block on September 25, 2025. Other notable backers in the round include the Blockchain Builders Fund, GSR, Kindred Ventures, Rocket Pool, and the Stanford Blockchain Accelerator. The RockSolid homepage additionally lists the following entities as backers (shown under "Backed by" and "We're backed by" sections): Castle Island Ventures, Kindred Ventures, Rocket Pool, IDEO coLAB Ventures, Finoa, GSR, Stanford Blockchain Accelerator, Blockchain Builders (Fund), and PIERTWO. The homepage also lists individual backers/advisors including Brett Gibson (GP, Initialized Ventures), Collin Myers (Founder, Obol DVT), John Henderson (GP, AirTree Capital), Andrew Yeo (GP, OIF Ventures), Chris Cable (FlamingoDAO), Charles Lu (Cofounder, Espresso Systems), Scott Keto (President, CoinList), and Emre Tekisalp (Angel Investor). The RockSolid roadmap indicates a "Fundraise" milestone in Q4 2024.
Legal
Legal form
Company (incorporated)
Registration jurisdiction
Cayman Islands (company number 424521)
Status and notes
Operating entity disclosed in the Terms of Service as "RockSolid Vaults", a company incorporated in the Cayman Islands with company number 424521. The website footer contains a "Legal" link pointing to the Terms of Service page which includes both the Terms of Service and Privacy Policy (both last updated Sep 8, 2025). Governing law is the Cayman Islands, with disputes resolved via UNCITRAL arbitration seated in the Cayman Islands. Grievance contact: [email protected]. The Services are restricted for residents of Australia, Canada, Singapore, United States, United Kingdom, and various sanctioned jurisdictions.