Smart-contract risk
Kimia consists of six Anchor programs, five supporting crates, and third-party integrations (Pyth, SPL Token, wSOL). Any of them can contain bugs.- V1 is unaudited as of devnet. Mainnet launch is gated on formal audits.
- Even after audits, new interactions and on-chain conditions can expose previously-unknown behavior.
- We do not carry insurance on contract risk. If funds are lost due to a bug, recovery depends on admin intervention and governance consensus.
Oracle risk
Kimia trusts Pyth Hermes price feeds:- Feed outage. If Pyth publishers go offline long enough, Kimia instructions that require an oracle update will fail. Trading halts until publishers recover.
- Feed manipulation. Pyth uses a confidence-weighted median across publishers. Kimia enforces a 2.5% confidence cap, updates above that are rejected, but an adversary who corrupts enough publishers simultaneously could in principle push a price within the cap.
- Staleness. Kimia rejects prices older than 60 s. A replay of older data is impossible.
Funding-rate risk (delta-vault)
The delta-vault’s expected return depends on sustained positive funding.- Negative funding. In a sustained bear market, shorts can pay longs. The vault absorbs this with its insurance fund (seeded by 30% of positive funding historically), then with NAV.
- Auto-pause. If the insurance fund is depleted and funding has been negative for 24 h, the vault auto-pauses. Withdrawals remain possible once the admin unwinds, but you may exit at a NAV lower than you entered at.
Liquidation risk (perps)
- Your position is liquidated when
health ≤ 0. - Funding payments silently draw your collateral even when mark is stable, which means your liquidation price can drift against you over time.
- V1 uses full-position liquidation; half-unwinds are not supported.
- The insurance fund covers bad debt, but in extreme cases it can be depleted and the market can auto-pause.
AMM risk (yield-amm)
- Impermanent-loss-style exposure if you LP and rates move sharply against your deposit ratio.
- Near-maturity brittleness. Swaps within 0.1% of maturity are disabled to
avoid exponent blowup. If you want out, use the split-engine’s
redeem_ptorearly_exitinstead.
Intent-router risk
- An intent session that reverts at step 3 leaves you holding PT + YT that may be less valuable than the USDC you deposited (if the AMM moved significantly).
- You can unwind manually (sell YT, or early-exit), but the AMM price at that moment may be worse than what you originally targeted.
Keeper incentive risk
- Permissionless cranks (
update_funding_rate,update_rewards,rebalance) pay no built-in reward in V1. - If no one cranks, funding accrues without being applied and rewards don’t flow until the next trader interaction.
- In practice, the protocol and integrators are expected to run keepers. Third parties may also run them for MEV reasons.
Governance risk
- Kimia admin keys are held by the core team in V1.
- Parameter updates (margin ratios, fees, oracle thresholds) are at admin discretion. A governance transition is on the V2 roadmap.
- The admin can pause markets and vaults. They cannot unilaterally drain user funds, every transfer path is gated by the user’s authority or by liquidation / bad-debt rules.
Regulatory risk
- Perpetual derivatives are regulated differently across jurisdictions. Using Kimia may not be permitted from your jurisdiction.
- Stablecoins and yield products face regulatory scrutiny.
- You are responsible for compliance with the laws applicable to you.