Data Room

Live protocol state

Read in your browser from the same public endpoints anyone can call. Nothing on this page is hand-entered, so it cannot silently drift from reality.

The published APY is a live formula output, variable, computed from public Lido and Hyperliquid data with the methodology open at /docs/yield-methodology. The formula's funding input is a 180-day trailing window; as strong late-2025 funding months roll out of that window through mid-July 2026, the published number is expected to print in the low-to-mid teens regardless of market direction. We state the decay before you ask.

What kUSD is

kUSD is a USDC-collateralized synthetic dollar on Base, minted 1:1 through an on-chain Peg Stability Module at a published, tiered fee. Staked kUSD (skUSD) is an ERC-4626 wrapper that earns a delta-neutral yield: Ethereum staking rewards plus Hyperliquid perpetual funding, hedged to zero directional exposure. Both tokens live in the holder's own wallet.

Full mechanism: whitepaper v3.0, chapter-level detail in the documentation, machine-readable summary at /llms.txt. Kerne Protocol on Base is unrelated to Kernel Protocol or KernelDAO; disambiguation here.

Scale, stated plainly

Kerne is at genesis scale. The first PSM mint happened on 2026-05-14; supply and TVL are in the hundreds of dollars, and the holder count is whatever BaseScan says it is today. We lead with those numbers rather than hide them. The first millions of every synthetic dollar in this category have come from anchor capital, not organic retail; the protocol is structured for that sequence, and this page exists so that capital can diligence quickly.

What is already real at this scale: the full mint-stake-redeem loop is live on mainnet, the hedging engine runs against real positions, reserves are attested hourly with a recoverable signature, and the protocol publishes its failures (see the findings corpus below) with the same cadence as its wins.

Contract registry and verification

12 of 14 deployed contracts are source-verified on both BaseScan and Sourcify. The two pending rows are disclosed with reasons and resolution paths. The verified source bundles are mirrored per address in the public contract registry, with a step-by-step independent verification guide in HOW_TO_VERIFY_KERNE.md.

Per-row notes, the retired-contract history, and the verification timeline live on /security/audits. Where deployed bytecode differs from current source, the divergence is disclosed with an operating rule at /security/deployed-vs-source.

Proof of reserves, signed hourly

Every hour the protocol publishes a signed attestation of reserves at /api/por/signed. The signature is EIP-191 personal_sign over the attestation hash; the canonical signer is the strategist EOA 0x09a2780ac8Be6D5d2d1F85A8D92b09D40C9CA37e. Recovering the signer takes three lines of code in JavaScript, Python, or foundry cast; the recipes are embedded in the response itself under _meta.verify and rendered on /transparency.

Since schema v4 the headline aggregate_solvency_ratio is the PSM stablecoin backing ratio (USDC reserve versus user-held kUSD). The legacy v1 vault's alarming share-basis figures remain published, demoted to a labeled known_issue_vault_v1 block, because hiding them would be worse than explaining them.

Audit pipeline

No external audit has been completed yet. We say that plainly rather than decorate it. The current state of the pipeline:

• Internal, done and published: two adversarial campaigns in May 2026 (a 10-auditor red team across all 80 contracts, then an 8-agent multi-surface pass over contracts, bot, frontend, and infrastructure), 201 findings catalogued with severities and a triage order, full history at /security/audits.
• External, in selection: a scoped request for proposals is with multiple security firms as of June 2026; quotes are in hand and under review. The auditor-facing scope is public: audits/SCOPE.md, Tier 1 covering the four deployed risk-bearing contracts (kUSD, skUSD, KUSDPSM, KerneVault, roughly 960 normalized SLOC).
• Sequencing: institutional-scale staking is gated on the published external report; the anchor terms encode that gate explicitly. The bug bounty at /security is the standing external channel in the interim.

The findings corpus: self-found, published

Kerne has found, classified, and published over two hundred findings against its own code, including Critical ones, before any external auditor was engaged. Read one way, that is a long list of mistakes. Read the way auditors read it, it is the difference between a team that knows its own system and a team that is about to be surprised. Every named finding carries a live status (open, mitigated, partial, closed) with the closing commit cited at /security/findings-tracker.

The honest residue: three places where deployed bytecode still lags current source, each with a mitigation and an operating rule, disclosed at /security/deployed-vs-source. That page exists so a reviewer finds context from us, not surprises on their own.

Governance and signer policy

Protocol administration sits with a 2-of-3 Gnosis Safe on Base: 0x52d3E450bA6c299B1B07298F1E87DD74732D4877. The Safe holds DEFAULT_ADMIN_ROLE across the deployed AccessControl contracts and owns the treasury (verified in the April 2026 on-chain admin audit; timeline on /security/audits). The first signer is hardware-backed; no single key can move protocol funds or grant roles. Day-to-day automation (hedging, attestation signing) runs on a separate operational EOA that holds no admin roles.

Token-level disclosures: KERNE token history and skUSD admin role status.

Team

Kerne is built by three co-founders. The team is pseudonymous at this stage, and the protocol is deliberately structured so that nothing on this page requires trusting an identity: admin roles sit with the 2-of-3 Safe, reserves are signed hourly by a key you can check, and the deployed source is verified. Identity disclosure to specific counterparties (an anchor, an audit firm) happens directly in those conversations.

Direct channels: kerne.systems@protonmail.com, @KerneProtocol, Discord.

Runway

Protocol operations (the hedging engine, the hourly attestation signer, on-chain automation) are funded with an operational gas runway measured in months at the current transaction cadence. The treasury and insurance fund balances are small at genesis scale and verifiable on chain at the addresses in the registry above; the insurance fund is designed to capitalize from protocol revenue as it accrues, and we do not decorate either number.

Anchor terms

Documented terms exist for anchor mints of $1M to $5M: tranche-structured (mint and hold first, staking gated on the external audit and the upgraded staking vault), a guaranteed points multiplier, a fee-share rider on staked tranches, a named transparency page, and full exit symmetry through the PSM. The terms document is available on request to qualified counterparties: kerne.systems@protonmail.com.

Regulatory positioning

kUSD is a protocol-issued synthetic dollar, not a fiat-backed payment stablecoin. kUSD itself pays no yield for holding it; yield exists only through the separate skUSD staking receipt. This is the structure the category has converged on under the US GENIUS Act framework and analogous legislation elsewhere, whose perimeters target fiat-backed payment stablecoins: protocol synthetic dollars with a separate staking receipt sit outside that perimeter, with sUSDe and sUSDS as the worked public examples. None of this is legal advice; it is stated so a reviewer knows how the protocol is positioned and can test the reasoning.

Known weaknesses, stated by us first

• Scale. TVL and holder count are tiny. Everything above is real but small; judge the machinery, not the odometer.
• No completed external audit. Firm selection is in progress; until the report is published, the verification story rests on the internal corpus, the verified source, and the signed PoR.
• Hedge venue concentration. The funding leg currently runs on a single venue (Hyperliquid). Multi-venue routing exists in the engine and arms as additional venues are added.
• Legacy v1 vault. The original WETH vault is in a documented degraded state, holds no user funds, and is excluded from backing math. Its raw share figures look alarming in isolation; the signed PoR labels them as a known issue rather than hiding them.
• Deployed-versus-source divergences. Three, each with an operating rule, at /security/deployed-vs-source.
• Short realized history. The published APY is a live formula output, not a realized track record; realized-cost telemetry accumulates daily and the realized story will be reported from data as the history lengthens.