Skip to content

About Know Your Protocol

A public, technical reference for DeFi protocol permissions and audit findings.

What this site is

KYP indexes structured permission and audit data for DeFi protocols. Each entry is the product of an audit framework that examines a protocol's smart contracts, role assignments, upgrade authority, oracle wiring, audit history, and operational maturity. The output is a descriptive snapshot — not a recommendation.

The site is intended as a reference for technical readers — researchers, security engineers, fund analysts, and protocol contributors. It does not issue investment advice.

The framework, in brief

The framework runs in stages: reconnaissance, architecture mapping, parallel domain-expert review, optional simulation, and synthesis. The result is a security score (0–100), a letter grade (A–F), an aggregate risk level (Critical / High / Medium / Low), and the outcome of a deal-breaker gate: a set of conditions that, if any are violated, halt the pipeline and flag the protocol for re-evaluation.

Reading the dashboard

Deal Breaker Gate

  • Pass — no deal breakers triggered.
  • Conditional — passed the gate with material caveats.
  • Watchlist — passed but with notable open concerns.
  • Fail — one or more deal breakers triggered.
  • Inconclusive — assessment incomplete.

Trust Surfaces

A trust surface is a power on a contract that, if abused, affects user funds — for example, "USDat — Proxy upgrade" or "Oracle — admin role". Each surface is annotated with its controller, controller type, configured delay (timelock hours), and worst-case impact.

  • EOA — externally-owned account; a single key.
  • Multisig — Safe / Gnosis-style multi-signature wallet.
  • Timelock — delayed execution contract; abuse has a public delay window.
  • Governance — DAO or on-chain voting controller.
  • Contract / Unknown — other on-chain controller, or unidentified.

Audit Tiers

Auditor tier is a coarse signal of engagement quality. Tier 1 firms (e.g. Trail of Bits, OpenZeppelin, Certora, ConsenSys Diligence, Spearbit) typically do deep formal-verification or multi-week reviews. Tier 2 firms (e.g. Three Sigma, Halborn, Quantstamp, ChainSecurity, Code4rena contests) perform standard manual review. Tier 3 covers independent reviewers and smaller firms. Tier alone is not a verdict — read the actual report.

Open Issues — P0 / P1 / P2

P0 issues are urgent (immediate action recommended to the protocol team). P1 are important (target ≤ 1 month). P2 are improvements (target ≤ 3 months). These priorities are addressed to protocol maintainers, not to readers.

Disclaimer

This site presents technical audit findings and protocol metadata only. It does not constitute financial, investment, legal, or tax advice, and does not endorse any protocol. Smart-contract security is dynamic; assessments may be incomplete or out of date. Use at your own risk.