20 Security Reports
Audits, formal verifications, and fuzzing from 6 independent firms
4 Formal Verifications
Mathematical proofs of correctness for core lending, vault, and order contracts
$0 Bad Debt
3+ years live, $175M+ in liquidations processed with zero losses
Defense in Depth
Kamino is a credit protocol — the stakes are existential. A single exploit or risk management failure could result in catastrophic loss for lenders. Security is not a single checkpoint but a continuous, multi-layer process where each layer operates independently. If any one fails, the others remain. This defense-in-depth approach spans the full stack: smart contract correctness, oracle reliability, operational infrastructure, protocol-level safeguards, market risk monitoring, and economic stress testing. The protocol has operated since September 2022 without a single security incident, bad debt event, or oracle exploit. This track record is not the result of any one measure — it is the product of all layers working together.Security Stack
Security Audits
15 independent code audits across all smart contracts, conducted by OtterSec, Sec3, Offside Labs, and RX Security.
Formal Verification
4 formal verifications providing mathematical proofs that critical invariants hold — not probabilistic testing, but exhaustive verification across all possible states.
Fuzzing & Testing
Months-long automated fuzzing campaigns using Ackee Blockchain’s Trident framework, with millions of instruction sequences tested. Plus verifiable on-chain builds.
Oracle Architecture
Kamino’s proprietary Scope oracle aggregator combines feeds from Chainlink, Pyth, Switchboard, and Redstone with TWAP/EWMA smoothing and price band validation.
Infrastructure & Redundancy
No single point of failure across RPC providers, cloud infrastructure, oracle cranks, and liquidation bots. Full real-time monitoring with anomaly escalation.
Bug Bounty
$1.5M program on ImmuneFi — Solana’s largest bug bounty at launch — covering all core smart contracts and the web application.
Open Source
All core contracts are publicly available on GitHub, enabling community review, peer security analysis, and independent verification.
Protocol Safeguards
Auto-deleverage, daily caps, E-Mode caps, and interest rate controls provide protocol-level defense against market stress and outsized risk.
Open Source Contracts
All core smart contracts are fully open source. Anyone can inspect the code, verify deployments against audited source, and contribute to identifying issues.| Repository | Description |
|---|---|
| kamino-finance/klend | Kamino Lend — core lending and borrowing |
| kamino-finance/kvault | Kamino Earn Vaults |
| Kamino-Finance/limo | LIMO — limit orders |
| kamino-finance/scope | Scope — oracle aggregator |
| kamino-finance/kfarms | Kamino Farms |
The information on this page is provided for informational purposes only. While Kamino implements rigorous security measures, no system is fully immune to risk. Refer to the Terms & Conditions for full details.