Audits & Security

Audit Program

Kaskad's smart contracts are scheduled for independent security audits before mainnet launch. Our audit strategy follows the gold standard established by leading DeFi protocols.

Sherlock

Kaskad has partnered with Sherlock for its primary audit coverage. Sherlock provides:

Contest-based audits — multiple independent security researchers review the codebase simultaneously
Audit coverage — financial backing for any missed vulnerabilities found post-audit
Continuous review — ongoing security monitoring as the protocol evolves

Audit Scope

The following components will be audited:

Component	Description	Status
Core Lending Engine	Supply, borrow, repay, liquidation logic	Scheduled
Oracle Integration	Price feed validation and circuit breakers	Scheduled
Bounded Governance	Parameter update and proposal execution	Scheduled
Cross-chain Bridge	Hyperlane integration and message verification	Scheduled
Token Contracts	$KSKD token and vesting contracts	Scheduled

Security References

Kaskad's architecture draws from battle-tested DeFi protocols:

Aave V4 — isolated lending pools, risk parameter architecture
Morpho — peer-to-peer matching, capital efficiency patterns
1inch — aggregation and routing security patterns

Bug Bounty Program

A formal bug bounty program will be launched alongside mainnet deployment, covering:

Smart contract vulnerabilities (critical, high, medium, low)
Oracle manipulation vectors
Cross-chain message integrity issues
Governance attack surfaces

Details and reward tiers will be published before mainnet launch.

Security Practices

Multi-sig governance — all protocol upgrades require multi-signature approval
Timelock delays — parameter changes are subject to time delays for community review
Circuit breakers — automated halting mechanisms for anomalous market conditions
Formal verification — planned for critical contract paths (liquidation, oracle)