The Security Layer Behind RAAC

Smart contract security is the baseline and a part of key process. Every protocol that ships new contracts, upgrades existing ones, or integrates external infrastructure introduces new attack surface. The question is: What security audits are essential for mitigating exploit and failure risks in the codebase?

For RAAC, that function is performed by Pashov Audit Group.

About Pashov Audit Group

Pashov Audit Group is the smart contract security firm trusted by the biggest names in the space—Aave, Uniswap, Polymarket, Ethena, LayerZero, Venus, Jupiter and many more.

The firm has completed 400+ audits, found 4,000+ vulnerabilities, and secured over $100 billion in TVL across DeFi protocols. Every engagement is staffed by 4 dedicated senior auditors, all security contest champions.

• Full audit portfolio: github.com/pashov/audits
• Website: https://www.pashov.com/

What They Do for RAAC

Pashov Audit Group acts as a security layer for RAAC, working continuously alongside RAAC's full-time development team as new contracts are built and shipped. This is not a one-time engagement. It is an ongoing security review process that covers every major component of the protocol as it evolves.

To date, Pashov Audit Group has reviewed the following RAAC contracts:

RAAC (August 2025). LendingPool, StabilityPool, RWAVault and LiquidationStrategyProxy. Issues identified and resolved before deployment.

Report link: RegnumAurum security review (August 2025)

RAAC (August 2025 & November 2025). RegnumFx audit—Three security reviews of a gold-RWA leverage and stablecoin system (FxLowVolatilityMath, Market, Treasury, FractionalToken, LeveragedToken, TokenBlender and ChainlinkOracleAdapter), with issues identified and resolved before deployment.

• August report
• November report
• November report 2

RAAC (November 2025). RWAVaultAdapterV2, LiquidationSwap and CrvUSDToUSDOracle. Issues identified and resolved before deployment.

Report link: RegnumAurum security review (November 2025)

RAAC2 (November 2025). LendingPool, RToken, DEToken, DebtToken, VaultProxy, RWAVault and RAACNFT. Issues identified and resolved before deployment.

Report link: Regnum Aurum security review (November 2025)

RAAC2 (February 2026). LendingPool, StabilityPool, RToken, DebtToken, LiquidationProxy, VaultProxy. Issues identified and resolved before deployment.

Report link: RegnumAurum security review (February 2026)

RAAC2 (March 2026). Upgradeable RWA collateral vault. Issues identified and resolved before deployment.

Report link: RegnumAurum security review (March 2026)

RAAC3 (March 2026). PSMVault peg stability module. Issues identified and resolved before deployment.

Report link: RegnumAurum security review (March 2026)

Work on RAAC4 is currently ongoing.

Why This Matters

Finding vulnerabilities before deployment is the entire point of a security review process. Every issue listed above was caught and fixed before it could affect users or protocol funds. That is the process working as designed.

For a protocol working to be among the more audited crypto lending platforms in 2026, operating at the intersection of real-world asset collateral and DeFi yield infrastructure, the security standard has to match the asset profile. pmUSD is backed by in-situ gold. iREET is backed by real rental properties. The contracts that govern those assets are reviewed by the same firm trusted by Aave and Uniswap.

RAAC's goal is to be positioned as one of the safest on-chain yield platforms backed by RWAs. What the team can already say is that the security infrastructure behind its contracts is institutional grade, continuous, and independently verified. For users looking for secure platforms to earn yield on tokenized gold and real-world assets, that process is part of what makes the architecture credible.

Security is not a launch event. It is a continuous process. As RAAC ships new contracts and expands the protocol, Pashov Audit Group will remain part of that process. The work is ongoing, the reviews are public, and the standard does not change.

The full audit report is publicly available at the link below.

Audit report: RegnumAurum security review (August 2025)

All official verification documentation is available at: https://pmusd.raac.io/collateral

RAAC protocol is only available in a limited number of jurisdictions and is not available to US persons.