TRUST Summit | Nov 3, 2025 | NYCWhere decision-makers define the next chapter of secure blockchain adoption.
Learn more

Kaia

Audit name:

[L1] Kaia | Kaia Core | Jun2024

Date:

Jul 2, 2024

Table of Content

Introduction
Audit Summary
Document Information
System Overview
Executive Summary
Findings
Appendix 1. Severity Definitions
Appendix 2. Scope
Disclaimer

Want a comprehensive audit report like this?

Introduction

We express our gratitude to the Kaia team for the collaborative engagement that enabled the execution of this Security Assessment.

Kaia is a Layer 1 blockchain platform, built on the robust foundation of the Ethereum protocol. It incorporates innovative features and enhancements, striving for superior performance and efficiency. Kaia's architecture is designed to address the limitations of existing blockchain systems, providing a more scalable, secure, and user-friendly environment. One of Kaia's significant advantages is its compatibility with the Ethereum ecosystem, fostering extensive adoption by creators and developers.

titlecontent
PlatformKaia
LanguageGolang
TagsLayer 1
Timeline04/06/2024 - 02/07/2024
MethodologyBlockchain Protocol and Security Analysis Methodology

    Review Scope

    Repositoryhttps://github.com/kaiachain/kaia
    Commite2265cd12fe6d8e62b79f5889a70aa303d70332b

    Audit Summary

    6Total Findings
    5Resolved
    0Accepted
    1Mitigated

    The system users should acknowledge all the risks summed up in the risks section of the report

    Document Information

    This report may contain confidential information about IT systems and the intellectual property of the Customer, as well as information about potential vulnerabilities and methods of their exploitation.

    The report can be disclosed publicly after prior consent by another Party. Any subsequent publication of this report shall be without mandatory consent.

    Document

    NameBlockchain Protocol Code Review and Security Analysis Report for Kaia
    Audited ByNino Lipartiia
    Approved ByLuciano Ciattaglia
    Websitehttps://klaytn.foundation/say-hello-to-kaia/
    Changelog21/06/2024 - Preliminary Report
    Changelog02/07/2024 - Final Report

    • Document

      Name
      Blockchain Protocol Code Review and Security Analysis Report for Kaia
      Audited By
      Nino Lipartiia
      Approved By
      Luciano Ciattaglia
      Website
      https://klaytn.foundation/say-hello-to-kaia/
      Changelog
      21/06/2024 - Preliminary Report
      Changelog
      02/07/2024 - Final Report

    System Overview

    The latest update to the Kaia blockchain at the time of writing this report includes several significant enhancements:

    • KIP-160: An Update of Treasury Fund Rebalancing Introduces TreasuryRebalanceV2 to improve token redistribution and economic stability within the network.

    • KIP-162: Priority Fee Mechanism Addresses the issue of network congestion under the KIP-71 dynamic base fee mechanism by introducing a priority fee mechanism. This allows transactions to include an additional tip, helping to manage traffic more effectively and reduce delays during periods of high network activity.

    • KIP-163: CnStakingV3 with Public Delegation Enables public delegation services, allowing token holders to delegate staking power to validators, enhancing network decentralization and security.

    Executive Summary

    Documentation quality

    • The project inherits source code documentation from the Geth project, ensuring a robust foundational understanding and continuity.

    • All changes related to Kaia Improvement Proposals (KIPs) are thoroughly documented.

    • Increasing the amount of documentation and comments within the code would be advantageous.

    • Documentation regarding the updating of the validator refresh interval could use improvement.

    Code quality

    • The project inherits Geth's high code quality, with added features maintaining the same standards.

    • Adherence to the best practices of Go programming ensures robust and efficient code.

    • Remaining TODO comments in the code indicate areas that require further development.

    Architecture quality

    • The project is based on the Geth source code, ensuring a solid and reliable foundation.

    • It features an innovative architectural design that segregates components for distinct purposes.

    • Hard forks are managed proficiently, ensuring stability and continuity.

    • New functionalities are incorporated effectively and seamlessly into the existing architecture.

    Scoring Methodologyarrow right

    Findings

    Code
    Title
    Status
    Severity
    F-2024-3967Missing GasTipCap and GasFeeCap Validation in State Transition
    mitigated

    Medium
    F-2024-3890Kaia RPC Client Lacks Support for EthereumDynamicFee Transaction Type
    fixed

    Medium
    F-2024-3966Non-Compliance with KIP-162 Standard in Multiple Node Components
    fixed

    Low
    F-2024-3965Unutilized Function Clutters the Codebase
    fixed

    Observation
    F-2024-3956Inaccurate Gas Price Suggestion in Simulated Backend
    fixed

    Observation
    F-2024-3932Disregard for RebalanceTreasury Method's Return Value
    fixed

    Observation
    1-6 of 6 findings

    Findings like these can secure your blockchain.

    Appendix 1. Severity Definitions

    Severity

    Description

    Critical
    		Vulnerabilities that can lead to a complete breakdown of the blockchain network's security, privacy, integrity, or availability fall under this category. They can disrupt the consensus mechanism, enabling a malicious entity to take control of the majority of nodes or facilitate 51% attacks. In addition, issues that could lead to widespread crashing of nodes, leading to a complete breakdown or significant halt of the network, are also considered critical along with issues that can lead to a massive theft of assets. Immediate attention and mitigation are required.

    High
    		High severity vulnerabilities are those that do not immediately risk the complete security or integrity of the network but can cause substantial harm. These are issues that could cause the crashing of several nodes, leading to temporary disruption of the network, or could manipulate the consensus mechanism to a certain extent, but not enough to execute a 51% attack. Partial breaches of privacy, unauthorized but limited access to sensitive information, and affecting the reliable execution of smart contracts also fall under this category.

    Medium
    		Medium severity vulnerabilities could negatively affect the blockchain protocol but are usually not capable of causing catastrophic damage. These could include vulnerabilities that allow minor breaches of user privacy, can slow down transaction processing, or can lead to relatively small financial losses. It may be possible to exploit these vulnerabilities under specific circumstances, or they may require a high level of access to exploit effectively.

    Low
    		Low severity vulnerabilities are minor flaws in the blockchain protocol that might not have a direct impact on security but could cause minor inefficiencies in transaction processing or slight delays in block propagation. They might include vulnerabilities that allow attackers to cause nuisance-level disruptions or are only exploitable under extremely rare and specific conditions. These vulnerabilities should be corrected but do not represent an immediate threat to the system.

    • Severity

      Critical

      Description

      Vulnerabilities that can lead to a complete breakdown of the blockchain network's security, privacy, integrity, or availability fall under this category. They can disrupt the consensus mechanism, enabling a malicious entity to take control of the majority of nodes or facilitate 51% attacks. In addition, issues that could lead to widespread crashing of nodes, leading to a complete breakdown or significant halt of the network, are also considered critical along with issues that can lead to a massive theft of assets. Immediate attention and mitigation are required.

      Severity

      High

      Description

      High severity vulnerabilities are those that do not immediately risk the complete security or integrity of the network but can cause substantial harm. These are issues that could cause the crashing of several nodes, leading to temporary disruption of the network, or could manipulate the consensus mechanism to a certain extent, but not enough to execute a 51% attack. Partial breaches of privacy, unauthorized but limited access to sensitive information, and affecting the reliable execution of smart contracts also fall under this category.

      Severity

      Medium

      Description

      Medium severity vulnerabilities could negatively affect the blockchain protocol but are usually not capable of causing catastrophic damage. These could include vulnerabilities that allow minor breaches of user privacy, can slow down transaction processing, or can lead to relatively small financial losses. It may be possible to exploit these vulnerabilities under specific circumstances, or they may require a high level of access to exploit effectively.

      Severity

      Low

      Description

      Low severity vulnerabilities are minor flaws in the blockchain protocol that might not have a direct impact on security but could cause minor inefficiencies in transaction processing or slight delays in block propagation. They might include vulnerabilities that allow attackers to cause nuisance-level disruptions or are only exploitable under extremely rare and specific conditions. These vulnerabilities should be corrected but do not represent an immediate threat to the system.

    Appendix 2. Scope

    The scope of the project includes the following components from the provided repository:

    Scope Details

    Repositoryhttps://github.com/kaiachain/kaia
    Commite2265cd12fe6d8e62b79f5889a70aa303d70332b

    Components in Scope

    v.1.0.0 release, including:

    Assets in Scope

    KIP-160 - KIP-160
    KIP-162 - KIP-162

    Disclaimer