# Revision log of vDF audit by Certik - GLOBAL-01 | Unlocked compiler version Now unified to `0.6.12` - DFC-01 | Centralization risk We are in the process of migrating to a DAO, and this is part of our DAO governance system. - DFC-02 | Logic issue in unstakeUnderlying() The `rdivup()` is used for rounding up the vDF amount deducted, so the rounding error will be in favor of the protocol rather than the user. - DFC-03 | Source of reward token Good to know. The vault will be a global vault for all dForce protocols. - DFC-04 | Third party dependencies Good to know. - DFC-05 | Incompatibility with deflationary tokens Good to know, now only considering DF, which is the not a deflationary token - DFC-06 | Payers and receivers are different It is our design to be integrated with other contracts. Also, in stake(), the DF payer is msg.sender, vDF receiver is _repcipient. - DFC-07 | Lack of reasonable boundary Fixed. - DFC-08 | Lack of zero address validation Fixed. - GTC-01 | Time check relies on timestamp Good to know. - GTC-02 | Declaration naming convention Good to know. - GTC-03 | Proper usage of “public” and “external” type Good to know.