Kaia

Audit Summary

The system users should acknowledge all the risks summed up in the risks section of the report

Total findings by Severity

KAIA Contracts Consensus Rebalance Multicall Audit Summary

Documentation quality

• Functional requirements are provided

• Technical description is provided.

Code quality

• Best practices are applied.

Test coverage

Code coverage of the project is 88% (branch coverage).

• Not all branches covered with tests.

KAIA Contracts Kaia Bridge Allocation Audit Summary

Documentation quality

• Functional requirements are provided

• Technical description is provided.

Code quality

• Best practices are applied.

Test coverage

Code coverage of the project is 81% (branch coverage),

• Not all branches are covered with tests

KAIA Contracts

KAIA ContractsConsensus Rebalance Multicall System Overview

The KAIA Blockchain Ecosystem is a comprehensive set of smart contracts designed to facilitate secure and efficient blockchain-based operations. These operations include Staking, Treasury rebalancing, Multicall aggregation.

• Staking - is an advanced staking system designed for managing both locked and delegated stakes within a network. It integrates various functionalities that enable detailed management of staking operations, lockup conditions, re-delegation processes, and interaction with public delegation systems

• Treasury rebalancing - is to manage the rebalancing of treasury funds within a defined system. The contract records the addresses holding treasury funds before and after a rebalancing process, and facilitates the approval and redistribution of these funds to new addresses.

• Multicall aggregation - is designed to aggregate and provide staking information for client-side applications, for the “Kaia client”.

Privileged roles

• ADMIN_ROLE (Staking) - This role has the highest level of access and is responsible for initial setup and configuration tasks. These include setting the staking tracker address and initializing public delegation settings.

• OPERATOR_ROLE (Staking) - Operators manage ongoing contract functions such as updating critical addresses (like staking trackers and voter addresses), managing redelegation settings, and handling lockup stakes withdrawals.

• STAKER_ROLE (Staking) - This role is allowed to delegate stakes to the contract, either through direct transactions or fallback methods when KAIA is sent to the contract address.

• UNSTAKING_APPROVER_ROLE, UNSTAKING_CLAIMER_ROLE (Staking) - These roles are essential for managing the liquidity and integrity of the staking pool, providing checks and balances on how funds are moved in and out of the contract.

• Owner (Treasury Rebalance) - The owner sets the initial parameters, modifies contract state, manage entries, responsible for execution of rebalancing, controls the reset functionality.

KAIA Contracts Kaia Bridge Allocation System Overview

The KAIA Blockchain Ecosystem is a comprehensive set of smart contracts designed to facilitate secure and efficient blockchain-based operations. These operations include Bech32 encoding/decoding, cross-chain asset transfers through a bridge, multi-signature transaction management by guardians, judicial oversight by judges, and asset lockup management.

Attributes:

Bech32

• Implements Bech32 encoding/decoding.

• Attributes:

• • charset: "qpzry9x8gf2tvdw0s3jn54khce6mua7l"

  • linkHash: keccak256("link")

KAIABridge

• Manages cross-chain asset transfers.

• Attributes:

• • minLockableKAIA: 5 KAIA

  • maxLockableKAIA: 1,000,000 KAIA

  • TRANSFERLOCK: 30 minutes

Lockup

• Manages asset lockup and delegation.

• Attributes:

• • totalDelegatedAmount

  • isInitialized

Privileged Roles:

Owner (KAIABridge):

• Can modify bridge parameters.

• Can manage provisions and transfers.

Guardian (Guardian):

• Can add, remove, and replace guardians.

• Can authorize upgrades and manage transaction confirmations.

Judge (Judge):

• Can add, remove, and replace judges.

• Can authorize upgrades and manage judicial oversight.

Operator (Operator):

• Can add, remove, and replace operators.

• Can manage bridge operations and provision transactions.

Admin (Lockup):

• Can propose acquisitions and request delegated transfers.

• Can manage role assignments.

Secretary (Lockup):

• Can confirm and reject acquisitions and delegated transfers.

When auditing smart contracts, Hacken is using a risk-based approach that considers Likelihood, Impact, Exploitability and Complexity metrics to evaluate findings and score severities.

Reference on how risk scoring is done is available through the repository in our Github organization:

hknio/severity-formula →