Skip to main content
Oracles are the most critical attack surface in DeFi lending. Every LTV calculation, every liquidation decision, every interest rate update depends on accurate price data. A compromised or stale oracle feed can trigger improper liquidations, enable collateral drain exploits, or create bad debt. Historically, oracle manipulation has been the single most common vector for DeFi exploits — responsible for billions in losses across protocols like Euler, Mango Markets, and Cream Finance. Kamino did not rely on a single off-the-shelf oracle solution. Instead, it built Scope — a proprietary on-chain oracle aggregator — from the ground up.

3 Dedicated Audits

Audited by Sec3, OtterSec, and Offside Labs — plus oracle coverage in broader Lend and Vault audits

$19.33B Volume

Total volume processed through Scope price feeds

0 Oracle Exploits

Zero oracle-related exploits since launch

What Scope Is

Scope is an on-chain program deployed on Solana that aggregates price data from multiple independent oracle providers into a single, validated price feed. It is not a pass-through — Scope applies its own validation rules before accepting any price, and only publishes prices that pass all checks. The key insight behind Scope is that no single oracle provider is reliable enough to secure billions in deposits. Each provider has different strengths and failure modes:
  • Some are more resilient to network congestion
  • Some update more frequently
  • Some have broader asset coverage
  • Some are more resistant to manipulation
By aggregating across providers and applying cross-validation, Scope achieves a level of reliability that no individual provider can match.

Architecture

Scope operates as a Solana program that:
  1. Ingests prices from multiple on-chain oracle accounts (Chainlink, Pyth, Switchboard, Redstone, and others)
  2. Validates each price against a preset of rules — staleness checks, deviation checks, cross-provider consistency
  3. Selects the best price dynamically based on freshness, consistency with other providers, and validation status
  4. Publishes the validated price to a single on-chain account that Kamino’s lending and vault contracts read from
If a provider’s feed goes stale, deviates significantly from other providers, or fails a validation check, Scope automatically falls back to the next-best source. This self-healing behavior means that an outage or anomaly in any single provider does not compromise price accuracy.

Multi-Price Oracle System

The most significant upgrade to Scope’s architecture is the Multi-Price Oracle System — a fundamental evolution from selecting a single “best” price to continuously aggregating and cross-validating all available high-quality sources in real time. This system eliminates any remaining dependence on a single data provider, dynamically selects the freshest valid price at the moment of each transaction, and self-heals during provider downtime or deviation without manual intervention. The Multi-Price Oracle System was double-audited by Certora and Offside Labs before deployment. For details on how this system reduces oracle pricing risk, see Oracle Pricing Risk.

Oracle Providers

ProviderTypeStrengths
Chainlink Data StreamsPull-based decentralized oracleHigh-frequency, low-latency market data on demand; industry-standard infrastructure securing hundreds of billions across chains
Pyth NetworkHigh-frequency on-chain dataSub-second updates, native Solana integration, confidence intervals
SwitchboardCustomizable on-chain feedsFlexible oracle design, Solana-native, community-operated feeds
RedstoneModular data deliveryCost-efficient data push model, broad data source coverage
Chainlink Data Streams — a pull-based delivery model where prices are requested on-demand rather than pushed on fixed heartbeat intervals — underwent extensive mainnet testing for multiple weeks before integration, demonstrating consistently strong results in accuracy and latency against existing feeds. For each asset on Kamino, Scope maintains feeds from multiple providers simultaneously. The protocol does not depend on any single provider for any asset — if one goes down, the others continue to provide accurate pricing.

Open Source

Scope is fully open source. The smart contract code, aggregation logic, and validation rules are all publicly available for review: Anyone can inspect how prices are aggregated, what validation rules are applied, and how fallback selection works.

Oracle Audits

Scope has been independently audited 3 times by 3 different firms. In addition, oracle integration is reviewed as part of every Kamino Lend and Vault audit:
ReportFirmDate
Sec3 AuditSec316 December 2024
OtterSec AuditOtterSec16 December 2023
Offside Labs AuditOffside Labs8 December 2023
Beyond these dedicated Scope audits, the oracle aggregation layer is reviewed as part of every Kamino Lend and Vault audit — meaning oracle security is scrutinized from multiple angles across the protocol’s full audit portfolio.