In preparation for the launch of their new product, Kava Swap, Kava Labs underwent their fifth CertiK audit to ensure the safety and security for the community and the Swap Protocol. A CertiK audit will identify and eliminate security vulnerabilities using the most rigorous and thorough cybersecurity techniques. Prior audits included the Kava Platform, the Kava Mint Protocol  and the Kava Lend Protocol. It is clear that Kava is not only interested in, but focused on security with all the steps they have taken to protect their products and users.  All of Kava’s CertiK audits can be found here.

Use-Case Profile

Kava Swap, which is set to launch on August 30th, is a cross-chain Autonomous Market Maker (AMM)  for all DeFi apps and financial services. Its purpose is to enable the aggregation of capital where it can then be deployed seamlessly across different blockchain ecosystems, DeFi Apps, and Financial Services. Kava Swap was built on the Kava blockchain platform. Kava Swap delivers users a way to swap assets of different blockchains and deploy their capital into market making pools where they can earn handsome returns.

Code Review & Auditing Process

The initial review was conducted between August 2nd, 2021, and August 16th, 2021. The methodology used was Static Analysis and Manual Review. 

The objective of the audit is to discover issues and vulnerabilities in the source code of the Swap module. 

A series of thorough security assessments have been carried out to help said project protect their users by finding and fixing known vulnerabilities that could cause unauthorized access, loss of funds, cascading failures, and/or other vulnerabilities. The auditing process focused on the following considerations:

• Testing smart contract(s) against both common and uncommon attack vectors.
• Assessing the codebase to ensure compliance with current best practices and industry standards.
• Ensuring contract logic meets the specifications and intentions of the client.
• Cross-referencing contract structure and implementation against similar smart contracts produced by industry leaders.
• Through a line-by-line manual review of the entire codebase.

Only seven (7) findings were identified and presented in the vulnerability summary, of which four (4) were of informational nature, and three (3) were minor. No major, critical, or medium issues were found during the auditing process, and the Kava Labs team acknowledged or resolved all findings highlighted by the CertiK Professional Services team, pointing towards a well-written codebase by the team’s engineers.

CertiKShield

In addition to the aforementioned security audit, the Kava team have unlocked an unprecedented level of protection for themselves, their community, and their token holders through CertiKShield.

With CertiKShield protection, Kava users will be protected from any unforeseen, on-chain, security related events which result in lost or stolen assets.

You can read more about CertiKShield and the benefits it provides here.

About Kava

Kava Labs is focused on democratizing financial services and making them openly accessible to anyone, anywhere in the world while also De-Risking DeFi. Undergoing an audit, as well as many other steps, is what is needed to bring decentralized finance and cryptocurrency into the mainstream. Kava brings together everything that's required to do frictionless decentralized finance. Many companies have already integrated with Kava's DeFi platform to allow their users to lend, invest, and earn with crypto.

Kava Swap is yet another product the Kava team has created to further broaden the Kava ecosystem. Other products include Kava Platform, Kava Mint and Kava Lend which have all undergone their own CertiK audits before release. 

About CertiK

CertiK is an edge-standards cybersecurity firm founded by Computer Science professors hailing from Yale and Columbia University respectively, aiming to improve the security and correctness of smart contracts and blockchain protocols on a global scale.

Leveraging a seasoned team of multi-skilled engineers and security auditors, CertiK’s mission is to apply a plethora of high-level industry practices, covering the entire spectrum of static, manual, and dynamic analyses, in order to ensure each project subject to a formal audit is up-to-date with modern security standards while offering their services to the broader DLT community.

Consult with one of our experts at bd@certik.io

Stay connected!