Stake DAO
About
Stake DAO is a non-custodial liquid staking platform focused on governance tokens. It enables users to lock governance tokens while maintaining liquidity through liquid sdTokens, which provide yield, voting power, and access to vote incentives. The platform offers yield optimization strategies, lending against staked positions, and an on-chain vote marketplace.
Where Does Yield Come From?
Stake DAO earns yield for its users through several connected mechanisms. Here is how they work:
Liquid Lockers – You deposit a governance token (like CRV, BAL, or PENDLE) and receive a liquid sdToken in return. That sdToken keeps earning rewards from the original token's distributions, a share of strategy fees, and incentives from voting.
Boosted Strategy Yields – The platform holds large veToken balances (voting-escrowed tokens). These balances boost the rewards that liquidity providers earn on other protocols. When you deposit into a Stake DAO strategy, you get those boosted rewards right away when they are harvested — no waiting or streaming delays.
VoteMarket – Protocols that want to attract gauge votes pay incentives. sdToken holders earn a share of these incentives, distributed every two weeks, simply by holding their tokens.
Lending – You can borrow against your staked strategy positions while they continue to earn yield. So your deposit works for you even when used as collateral.
Fee design – The platform charges performance fees on harvested rewards, but there are no fees for depositing or withdrawing. The collected fees help support liquidity incentives and the DAO treasury.
In short, yield comes from four sources: protocol rewards, boosted gauge emissions, vote incentives, and a share of strategy fees.
Audits
| Audit / Date | Findings | Verdict |
|---|---|---|
Omniscia08-05-2025 - 20-05-2025 |
| Omniscia's audit revealed multiple significant vulnerabilities in the Stake DAO staking v2 system, all of which were either alleviated or acknowledged by the team, leaving no outstanding critical issues prior to launch. |
Trust Security31-03-2025 - 11-04-2025 |
| The audit uncovered several critical vulnerabilities that were all fixed, along with numerous medium and low severity issues, resulting in a thorough security review with most findings resolved before deployment. |
Pashov Audit Group21-07-2025 - 24-07-2025 |
| The audit identified critical flaws in reward distribution and checkpoint updates, along with multiple medium-risk issues affecting deposits, approvals, and oracle accuracy. While many findings were acknowledged, the protocol should address the critical and medium vulnerabilities before production deployment. |
Omniscia25-08-2025 - 03-09-2025 |
| The audit identified one medium and one minor issue, both acknowledged by the team, along with several informational findings. No critical or high severity vulnerabilities remain, indicating the codebase is reasonably secure for deployment. |
Trust Security15-02-2024 |
| The audit report is unavailable for review because the PDF file is corrupted and cannot be parsed, preventing any assessment of findings or security posture. |
Trust Security31-03-2025 - 11-04-2025 |
| The audit reveals multiple high-severity vulnerabilities that could lead to substantial reward loss and potential CRV drain, alongside numerous medium and low issues, indicating the codebase requires extensive remediation before being considered safe for production use. |
Zach Obront16-11-2023 - 22-11-2023 |
| The audit uncovered one high-severity rebalancing flaw and several medium issues, most of which were addressed, leaving low-risk design quirks and trust assumptions on Convex as residual considerations. |
Pashov Audit Group22-10-2024 - 24-10-2024 |
| The audit identified several medium-severity issues that could disrupt cross-chain functionality and cause token lockups, along with multiple low-severity improvements; all findings appear to have been acknowledged or resolved by the team. |
Trust Security19-08-2024 - 01-09-2024 |
| All high and medium severity issues were fixed, addressing critical reward distribution flaws; residual low-severity and informational recommendations highlight centralization dependencies and token compatibility risks that require ongoing attention. |
ChainSecurity01-01-2023 |
| The audit resolved critical and high-severity drainage risks, but multiple medium and low issues were risk-accepted, indicating residual design and implementation concerns that the team has chosen to tolerate. |
Trust Security16-03-2026 - 26-03-2026 |
| The audit identified several medium-severity logic flaws and low-severity issues, most of which were fixed or acknowledged; residual centralization and systemic risks remain but are documented. |
ChainSecurity01-10-2022 |
| Critical and high-severity vulnerabilities were fixed, but several medium and low risks remain accepted by the Stake DAO team, indicating residual design and operational risks in the bribe platform. |
ChainSecurity14-01-2022 - 15-02-2022 |
| The audit identified moderate risks in access control and time logic, all of which were addressed, leaving no critical or high-severity vulnerabilities in the reviewed contracts. |
Omniscia11-03-2025 |
| The audit revealed only minor and informational issues, all of which were either resolved or acknowledged, indicating a robust security posture for the ZeroLend integration with no critical vulnerabilities remaining. |
Trust Security20-08-2025 - 23-08-2025 |
| The audit identified one high, two medium, and one low severity issues, all of which were fixed or acknowledged, resulting in a secure implementation of StakeDAO's Curve oracles after remediation. |
Legal
Status and notes
Stake DAO operates as a non-custodial protocol; not a registered Crypto-Asset Service Provider (CASP) under MiCA. The disclaimer states that the document is governed by the laws of Zug, Switzerland. No legal entity or registration details are disclosed on official sources.