Use this file to discover all available pages before exploring further.
Kamino has completed 20 external security reviews across all major smart contract components — 15 traditional security audits, 4 formal verifications, and fuzzing campaigns. Audits are conducted by independent security teams before and after every major launch, with rolling code reviews for ongoing changes. Every report is published publicly.
Kamino engages multiple specialized security firms, each with distinct methodologies and areas of expertise:
OtterSec — Solana-native security firm specializing in manual code review and formal verification of Rust/Anchor programs
Sec3 — Automated and manual auditing with deep Solana program analysis tooling
Offside Labs — Independent security research firm focused on DeFi protocol auditing
Certora — Formal verification specialists using symbolic execution and mathematical provers
Ackee Blockchain — Fuzzing and automated testing using their proprietary Trident framework
RX Security — Smart contract security auditing
Using multiple firms ensures that no single auditor’s blind spots carry through. Different methodologies — manual review, automated analysis, fuzzing, and formal verification — each catch different classes of bugs.
Point-in-time audits catch issues at a snapshot. But code evolves continuously — new features, parameter changes, and optimizations are deployed between scheduled audits.To close this gap, Kamino maintains ongoing code review contracts with security teams. New pull requests are reviewed by independent security researchers before they reach production. This ensures that every code change — not just major releases — receives external scrutiny.
All 20 security reports — including audit, formal verification, and fuzzing reports — are published publicly. Anyone can download and review them.View all audit reports on GitHub →
