Kamino Finance
DAMASCUSLending / Yield · Solana · $1B+ TVL · 10 contracts
Public risk assessment — scores are produced with the same methodology as monitored protocols
Security Profile
72
72
72
62
48
60
98
75
70
100
72
72
72
62
48
60
98
75
70
100
Audit History
Bug Bounty Program
Assessment
Growing Solana lending protocol with moderate maturity. Multiply product adds leveraged composition risk. Oracle dependency on Solana ecosystem (D3=72) and governance centralization (D5=48) drag score. Clean security record helps.
Dimension Breakdown
How scores work →- Lending market creation permissioned by protocol
- Asset listing controlled by Kamino team/governance
- Liquidation is permissionless (good)
- Admin authority for market parameters
- Lending model with interest rate curves
- Multiply (leveraged yield) adds economic complexity
- kToken collateral creates recursive risk
- Liquidation mechanics adapted for Solana's execution model
- Pyth and Switchboard oracle dependency
- TWAP-based pricing for certain assets
- Oracle staleness checks present
- Solana oracle ecosystem less mature than Ethereum's Chainlink
- Lending product live since early 2024 (~16 months)
- Evolved from Hubble Protocol (vault strategy)
- No protocol exploit to date
- Growing TVL (~$2B) but relatively young lending protocol
- Z-factor: 0.748
- KMNO token governance is early stage
- Protocol parameters largely team-controlled
- No meaningful timelock on parameter changes
- Governance structure still being decentralized
- Score derived from continuous adversarial security research
- Active team with rapid iteration
- Solana-specific monitoring
- Multiple product launches in parallel (Lend, Multiply, Liquidity)
- Operational complexity from multi-product strategy
- kTokens composed across Solana DeFi
- Multiply product creates leveraged composition loops
- JitoSOL, mSOL, etc. as collateral inherits LST risks
- Cross-protocol liquidation cascades possible on Solana
- Member of 1 dependency cluster(s)
- No cross-protocol cascade exposure detected
- Score: 100/100 (higher = more isolated from systemic risk)
- Source: cross_protocol_composition.json dependency analysis
- Rust/Anchor framework
- Solana program library dependencies
- Oracle client libraries (Pyth, Switchboard)
- Math libraries for interest rate calculations
Risk Drivers
Primary risk factors driving this score, ordered by severity.
Adversarial Risk Signals
Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.
Score History & Verification
Score provenance tracking begins with the next reassessment.
On-Chain Data
- Protocol Slug
- "kamino"
- Oracle
- BRORegistry (Base)
- Evidence
- IPFS (pinned)
- Staleness Threshold
- 24 hours
registry.getScore("kamino")Reduce exploitable risk
BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.