NEW YORK, 11/02/2021 - We’re happy to announce that Kava Labs’ new single issuance module implementation, was successfully audited by CertiK Professional Services Division. In this spotlight, we elaborate on the scope of the audit, as well as present some of the issues found during the auditing process.
Built on top of the Cosmos SDK, Kava is a multi-chain Decentralized Finance (DeFi) platform offering financial apps and services such as loans, stablecoins, and money markets to end-users and other blockchains.Kava’s new Issuance Module is already being used by Huobi in order to create and host HBTC on Kava.
Code Review & Auditing Process
The initial review was conducted between December 14th, 2020, and February 9th, 2021, by CertiK security engineers Jay Jie, and Alex Papageorgiou.
The sole objective of the audit was to verify Kava Labs' implementation of the Issuance module, the main mechanism of which allows for a white-listed entity (i.e. issuer) to control the minting and burning of an asset, against the provided specifications.
A series of thorough security assessments were carried out, the goal of which is to help Kava Labs in protecting their users by finding and fixing known vulnerabilities that could cause unauthorized access, loss of funds, cascading failures, and/or other vulnerabilities. Alongside each security finding, a recommendation on fixes and/or mitigation methods were provided to the team for alleviation.
The in-depth investigation of the smart contract in question included Static Analysis and Manual Review techniques. The auditing process focused on the following considerations:
- Testing smart contract against both common and uncommon attack vectors.
- Assessing the codebase to ensure compliance with current best practices and industry standards.
- Ensuring contract logic meets the specifications and intentions of the client.
- Cross-referencing contract structure and implementation against similar smart contracts produced by industry leaders.
- Through a line-by-line manual review of the entire codebase.
Considering Kava is one of the leading players in the broader DeFi scene and having secured a variety of its native smart-contracts with CertiK multiple times in the past, the popular protocol followed the best industry practices in order to deploy its new issuance module.
Only four (4) findings were identified and presented in the vulnerability summary, of which two (2) were of informational nature, and two (2) were minor. No major or critical issues were found during the auditing process, and the Kava Labs team alleviated all findings highlighted by the CertiK Professional Services team, pointing towards a well-written codebase by the team’s engineers.
You can review the full audit here.
About Kava Labs
Kava Labs’ mission is to unlock financial opportunities for everyone. Kava is focused on democratizing financial services and making them openly accessible to anyone, anywhere in the world.
For this reason, the Kava platform was created and has quickly become the most trusted DeFi platform by institutions all over the world for giving users access to core financial services for digital assets. Through a single API, Kava provides a suite of decentralized financial apps and services that enable any user with crypto assets to lend, borrow, and earn interest in just a few clicks.
To date, the Kava DeFi platform manages over $1B in total assets, has issued over $50m in loans to users, and has helped users earn over $20M in rewards and interest on their digital assets.
“CertiK has been a valued partner through every step of our development process. Their team of auditors has a great eye for detail and because we’ve worked with them over many phases of Kava’s development they understand our platform intimately. With the completion of this audit of the new token issuance module, Kava and its partners can rest assured that the creation and management of new tokens on the Kava blockchain will function as intended and safely bring new assets to our ever-expanding ecosystem.”-Brian Kerr, CEO of Kava Labs
Websitel Telegraml Mediuml Twitter
CertiK is an edge-standards cybersecurity firm founded by Computer Science professors hailing from Yale and Columbia University respectively, aiming to improve the security and correctness of smart contracts and blockchain protocols on a global scale.
Leveraging a seasoned team of multi-skilled engineers and security auditors, CertiK’s mission is to apply a plethora of high-level industry practices, covering the entire spectrum of static, manual, and dynamic analyses, in order to ensure each project subject to a formal audit is up-to-date with modern security standards while offering their services to the broader DLT community.
Over the past few years, CertiK has serviced more than 100 top-shelf blockchains, DeFi protocols, among other complex and/or custom smart contracts, including but not limited to Binance, Tera, Bancor, Shapeshift, and Blockstack.
Consult with one of our experts at firstname.lastname@example.org