🔍Audits

Kodiak has done 3 rounds of audits on the core protocols, as well as rounds of audits focused on different new products (Panda Factory, Bault, Meta-Aggregator, Fungible, etc). In all audits - all issues raised have been addressed and no critical issues were found.

Core Protocol

December 2024, 0xMacro: focused audit on Kodiak Islands and Farms

April 2024, 0xMacro: Dex Core and Periphery, Islands, Farms, Tokens

February 2024, Kalos: Dex Core and Periphery, Islands, Farms, Tokens

Panda Factory

October 2024, 0xMacro: Panda Factory

Bault

May 2025, AstraSec: Bault (auto-compounding vaults)

Meta-Aggregator, Fungible

May 2025, AstraSec: Meta-Aggregator, Fungible (NFT tokenization)

For technical reference, here is a brief technical overview of the various parts of the protocol:

• Dex V2: Exact fork of Uniswap V2

• Dex V3: Fork of Uniswap V3 with one small difference:

  • Modified feeProtocol to uint32 in slot0 (only relevant for integrators, not normal users)

• Kodiak Island: "Modified from" Arrakis V1 vaults (ArrakisFinance/vault-v1-core). Key differences:

  • Vaults are non-upgradeable after deployment (vs upgradeable in original implementation)

  • Simplified rebalances to enable "permissionless" fixed vault creation with no ownership

  • For managed vaults, rebalancing can route through liquidity throughout Berachain

• Kodiak Farm: "Modified from" Frax Communal Farm (FraxFinance/frax-solidity). Key differences:

  • Farms can be deployed permissionlessly via FarmFactory

• Panda Factory: Fully built in-house, very loosely "inspired by" pump.fun on Solana

• Bault: Fully built in-house, ERC-4626 compliant vaults that compound BGT with bounty mechanism

• Meta-Aggregator: Fully built in-house, Dex router that can call aggregator APIs

• Fungible: Fully built in-house, NFT tokenization product