Sapien Vault

The Sapien Vault is the onchain economic-security layer for Proof of Quality (PoQ). You can deposit SAPIEN and receive vault shares (vSAPIEN). Locking stake as collateral for validation work is optional and at your sole discretion if you choose to participate as a validator. When you do lock, the vault escrows that collateral and applies unlock or slash outcomes decided by the offchain PoQ engine.

It does not score contributions or run consensus onchain. It only holds assets and enforces lock / unlock / slash instructions.

What it is

PropertyDetail
StandardERC-4626 tokenized vault
AssetSAPIEN (ERC-20)
SharesSapien PoQ Vault / vSAPIEN
DeploymentUpgradeable (UUPS) behind an ERC-1967 proxy
StorageERC-7201 namespaced layout (sapien.storage.SapienVault)

How it fits PoQ

  1. Anyone can deposit SAPIEN into the vault and receive vSAPIEN shares.
  2. If you opt in as a validator, after shares mature past the configured deposit age you may call lockStake — optionally, at your sole discretion — to put collateral at risk for validation work.
  3. The offchain PoQ engine evaluates outcomes and, when needed, calls:
    • unlockStake — reduce locked amount; value becomes withdrawable again
    • slashStake — burn shares so the validator loses the slashed value
  4. The validator withdraws or redeems whatever remains unlocked and matured.

In the product API, validators who choose to participate on staked projects typically lock stake through the staking / batch-lock flow before claiming validations. The vault is the onchain source of truth for locked vs available balance.

Stake model

Each address has one stake account:

ConceptMeaning
LockedPortion of economic stake committed for validation; not withdrawable until unlocked or slashed
AvailableMatured position minus locked amount — what you can lock further or withdraw
CallWhoEffect
deposit / mintAnyoneAdd SAPIEN; mint vSAPIEN
lockStake(amount)Share holderMove available → locked
unlockStake(user, amount)Engine roleReduce locked amount (no burn)
slashStake(user, amount)Engine roleReduce locked amount and burn shares
withdraw / redeemShare holderExit matured, unlocked value

lockStake is permissionless for the holder and is never automatic — you choose whether and how much to lock. Unlock and slash are engine-only — locked stake cannot be exited without the engine (or a slash).

Roles

RoleTypical holderCapabilities
DEFAULT_ADMIN_ROLEGovernance multisigPause, upgrades, role grants, deposit-age / tranche settings
ENGINE_ROLEPoQ engine smart accountunlockStake, slashStake only

Admin can pause the vault to halt a misbehaving engine, and can revoke ENGINE_ROLE. Pause stops deposits, withdrawals, transfers, and lock/unlock/slash paths that respect pause.

Deposit age

To resist flash deposit → lock → exit patterns, the vault can require shares to age before they count as available for lock, transfer, or withdraw.

  • Configured by admin (minDepositAge, capped at 7 days).
  • Enforced per share cohort (tranche), not as a single global timer per user.
  • Fresh deposits create immature tranches; once aged, shares fold into the matured bucket.
  • Use depositAgeStatus(user) (or maturedShares / pendingShares) when integrating.

When minDepositAge is 0, deposits are immediately mature.

Deployments

NetworkChain IDVaultSAPIEN
Base84530x60Bf63729f688287a450299962b36Cef0aFfaa420xC729777d0470F30612B1564Fd96E8Dd26f5814E3
Base Sepolia845320x58E72Fa7fb92B100f2c652377465EEEe2642544C0x7F54613f339d15424E9AdE87967BAE40b23Fa7F6

Canonical deployment JSON lives in the sapien-contracts repository under deployments/.

Integrator notes

  • Prefer ERC-4626 preview* and max* helpers before submitting txs; they reflect pause, locks, and deposit age.
  • Locked stake reduces maxWithdraw / maxRedeem.
  • Slashing burns shares without removing underlying SAPIEN from the vault, so remaining stakers' share value appreciates. Index both slash amount and shares burned.
  • Engine liveness matters: if unlocks stop, locked stake stays locked until the engine resumes (or ops intervene via pause / role revoke — which still does not auto-unlock existing locks).

Further reading

Security audit

Quantstamp audited SapienVault. Read the final report:

QS SapienVault Final Report — June 2026 (PDF)

Edit this page on GitHub Last updated Jul 14, 2026