Kava Labs Update

How Safety and Security Are Top Priorities

As decentralized finance continues to grow and mature, user concerns about reliability and security remain a barrier to adoption to the mainstream. Kava Labs prioritizes safety and security of user funds, which is part of why we have attracted support from institutions as well as retail investors. As Kava Labs prepares to launch Kava Swap on August 30th, we want to highlight the steps that we have in place to ensure the safety and security of the community and Kava Labs’ products.

1. Internal audit — before launching any application, a complete internal audit is conducted. A senior engineer (who is independent of the project’s development) reviews the full code base and produces an audit report like those you would find from public auditors. Building up our internal audit capacity and expertise has been enormously valuable, as it makes us less dependent on the availability of external auditors.
2. External audit — following the internal audit, a targeted audit with CertiK prior is conducted prior to launch. They review the most sensitive and complex parts of the code to look for bugs and make recommendations for refactors. They have been a great audit partner and have become very skilled at auditing cosmos-sdk code.
3. Public testing — finally, we conduct incentivized testnets that motivate users and other cosmos-sdk developers to uncover bugs with the user interface and/or blockchain performance before launch.
4. SAFU Fund — the Kava community used governance to establish a SAFU Fund of 10M $KAVA to reimburse users in the event that they lose funds due to unforeseen issues.
5. Proper safety guards — all features have guarded releases and limits that can be increased as the software gets used and solidified. When a bug is found, engineers can respond quickly and restore functionality to all other parts of the software without risk.
6. Software specifications — the Kava blockchain based on the Cosmos-SDK and is written in Golang, a strictly-typed, stable and modern language that is widely used in DeFi for secure cloud computing infrastructure. Compared to Solidity, and which has many known idiosyncrasies that are the source of many contract bugs, Golang is a tightly-controlled and vetted language and ecosystem.
7. Security —decentralization does not mean that anyone can deploy unvetted software to Kava (like on Ethereum). The two recent Thorchain hacks were a result of someone publishing an ETH contract that was able to fool part of their bridge. The root cause was essentially bugs in the Solidity code that tricked their bridge software into believing a user sent ETH/ERC-20 tokens when in fact they had not. This is not related to the Cosmos-SDK.
8. Governance — active community and governance ecosystem that operates at the blockchain level can step in and address system-wide issues quickly in a way that no ETH project can. A similar level of onchain governance control over ETH-chain level activity is not possible, nor is governance across multiple projects.
9. Process and experience — this includes proper separation of concerns, minimizing the surface for bugs, and only releasing software when we are at high confidence. At each point in the process, the engineering team is empowered to call for another audit or testnet until we are confident that the code is ready for production. While no process can ensure 100% security, we feel we have a world-class team and approach to these issues that will serve the Kava community well going forward.

The reason why Kava Labs has taken these measures is the assurance of safety and security is what is needed to bring decentralized finance and cryptocurrency into the mainstream. Offering producets with improved user experiences reduces risk as well. Supplying to Hard Protocol is designed as a risk-reduced way for users of any experience level to participate in DeFi and access all of the benefits and earning potential of the blockchain economy. Kava Labs puts focus on both developing ambitious products and rigorously ensuring the safety and security of user funds because that is what will deliver institutional grade DeFi.

Stay in touch!

• Follow us on Twitter: https://twitter.com/kava_labs
• Join the conversation on Telegram:
  - Kava: https://t.me/kavalabs
  - Hard: https://t.me/hard_protocol
  - Swap: https://t.me/KavaSwap
• Checkout our code: https://github.com/kava-labs
• Subscribe to our YouTube: https://www.youtube.com/c/Kavalabs/videos

Disclaimer: This content is provided for informational purposes only, and should not be relied upon as legal, business, investment, or tax advice. You should consult your own advisers as to those matters. References to any securities or digital assets are for illustrative purposes only, and do not constitute an investment recommendation or offer to provide investment advisory services. Furthermore, this content is not directed at nor intended for use by any investors or prospective investors, and may not under any circumstances be relied upon when making investment decisions.