Risk Mitigations

When interacting with Keiko smart contracts, users should be aware of the following security measures and potential risks:

Protocol Multisig

The Keiko protocol's ownership is controlled by a 3-of-5 multisig wallet managed by the team. This security measure ensures that an attacker would need to compromise at least three keys from three different team members to gain access to the contract ownership. This significantly reduces the risk of unauthorized access and malicious changes to the protocol.

Parameter Safeguards

As mentioned in the previous section, the core smart contracts of the protocol are immutable. This design choice prevents an attacker from upgrading the contracts or implementing custom logic to directly steal user funds. Any potential attacker would be constrained by the existing protocol logic. However, an attacker with access to the multisig could potentially modify collateral parameters in an attempt to manipulate the system, grief it or mint unlimited amounts of KEI. To mitigate this risk, we have implemented hardcoded safeguards on critical collateral parameters:

• Minimum Collateral Ratio: Set at 100%, preventing an attacker from setting the MCR below this threshold. This safeguard ensures that KEI cannot be minted without sufficient backing.

• Maximum Interest Rate: Capped at 100%, preventing an attacker from setting an excessively high interest rate that could exponentially increase the debt of user vaults.

• Maximum Liquidation Penalty: Limited to 30%, preventing an attacker from setting an unreasonably high liquidation rate that could extract disproportionate amounts of funds during liquidations.

• Maximum Redemption Fee: Capped at 10%, ensuring that an attacker cannot set an excessively high redemption fee. This maintains KEI's price floor at $0.90 or higher, preserving its stability and value.

These safeguards provide an additional layer of protection for users, even in the unlikely event of a compromise of the multisig wallet. By implementing these limits, we aim to maintain the integrity and stability of the Keiko protocol under various threat scenarios.