Security Audits

Kamino has completed 20 external security reviews across all major smart contract components — 15 traditional security audits, 4 formal verifications, and fuzzing campaigns. Audits are conducted by independent security teams before and after every major launch, with rolling code reviews for ongoing changes. Every report is published publicly.

20 Security Reports

6 Independent Firms

0 Critical Vulnerabilities

Audit Firms

Kamino engages multiple specialized security firms, each with distinct methodologies and areas of expertise:

OtterSec — Solana-native security firm specializing in manual code review and formal verification of Rust/Anchor programs
Sec3 — Automated and manual auditing with deep Solana program analysis tooling
Offside Labs — Independent security research firm focused on DeFi protocol auditing
Certora — Formal verification specialists using symbolic execution and mathematical provers
Ackee Blockchain — Fuzzing and automated testing using their proprietary Trident framework
RX Security — Smart contract security auditing

Using multiple firms ensures that no single auditor’s blind spots carry through. Different methodologies — manual review, automated analysis, fuzzing, and formal verification — each catch different classes of bugs.

Audits by Component

Kamino Lend

The core lending and borrowing smart contract — the highest-stakes component.

Date	Firm	Link
6 February 2025	Sec3	View Report
6 September 2023	OtterSec	View Report
3 July 2023	RX Security	View Report

Kamino Earn Vaults

Vault contracts that manage depositor funds across lending markets.

Date	Firm	Link
12 April 2025	Offside Labs	View Report
6 February 2025	Sec3	View Report
9 December 2024	OtterSec	View Report

Scope Oracle

Kamino’s proprietary oracle aggregator that ingests and validates price feeds.

Date	Firm	Link
16 December 2024	Sec3	View Report
16 December 2023	OtterSec	View Report
8 December 2023	Offside Labs	View Report

Limit Orders (LIMO)

Zero-fee limit order contracts.

Date	Firm	Link
29 January 2025	Sec3	View Report
29 November 2024	Offside Labs	View Report
7 November 2024	OtterSec	View Report

Liquidity Vaults

Automated liquidity provisioning contracts.

Date	Firm	Link
14 November 2023	OtterSec	View Report

Farms

Reward distribution and farming contracts.

Date	Firm	Link
8 December 2023	Offside Labs	View Report
13 October 2023	OtterSec	View Report

Rolling Code Reviews

Point-in-time audits catch issues at a snapshot. But code evolves continuously — new features, parameter changes, and optimizations are deployed between scheduled audits. To close this gap, Kamino maintains ongoing code review contracts with security teams. New pull requests are reviewed by independent security researchers before they reach production. This ensures that every code change — not just major releases — receives external scrutiny.

Public Audit Repository

All 20 security reports — including audit, formal verification, and fuzzing reports — are published publicly. Anyone can download and review them. View all audit reports on GitHub →

SECURITY

RISK FRAMEWORK

PROTOCOL SAFEGUARDS

20 Security Reports

6 Independent Firms

0 Critical Vulnerabilities

Audit Firms

Audits by Component

Kamino Lend

Kamino Earn Vaults

Scope Oracle

Limit Orders (LIMO)

Liquidity Vaults

Farms

Rolling Code Reviews

Public Audit Repository

SECURITY

RISK FRAMEWORK

PROTOCOL SAFEGUARDS

20 Security Reports

6 Independent Firms

0 Critical Vulnerabilities

​Audit Firms

​Audits by Component

​Kamino Lend

​Kamino Earn Vaults

​Scope Oracle

​Limit Orders (LIMO)

​Liquidity Vaults

​Farms

​Rolling Code Reviews

​Public Audit Repository

Audit Firms

Audits by Component

Kamino Lend

Kamino Earn Vaults

Scope Oracle

Limit Orders (LIMO)

Liquidity Vaults

Farms

Rolling Code Reviews

Public Audit Repository