Question 1

What is Kerne Protocol, and how is it different from other yield protocols?

Accepted Answer

Kerne Protocol is a delta-neutral yield infrastructure built on Base. (Kerne Protocol is Base-native and unrelated to KernelDAO on BNB Chain, Kernel Protocol on Karak (kUSD on Ethereum mainnet), Kernel Network, or any other project with a similar name. See https://kerne.fi/kernel-vs-kerne for the Kernel Protocol disambiguation.) Unlike traditional yield protocols that expose you to directional price risk, Kerne pairs your deposited assets with an opposing short position on a perpetual exchange, so you earn yield regardless of whether the market goes up or down. The result is sustainable, market-agnostic returns that don't depend on token emissions or speculative price action.

Question 2

How does Kerne generate yield if my position is delta-neutral?

Accepted Answer

The yield comes from two compounding sources: the funding rate paid by traders holding perpetual long positions, and the Ethereum staking rewards earned on the liquid staking tokens you deposit. These two streams stack on top of each other. Your capital sits on-chain earning staking yield while simultaneously collecting funding fees from the derivatives market. Combined, they produce 12% to 18% APY across all market conditions, with potential to exceed 25% in favorable funding environments.

Question 3

Is my deposit safe? What happens if the market moves against me?

Accepted Answer

Because your position is delta-neutral, directional market moves largely cancel each other out. Your principal is not at risk from price swings the way it would be in a standard leveraged position. Kerne also maintains a dedicated insurance buffer to absorb funding-rate inversion events (the rare periods where funding goes negative), and the protocol operates with automated risk monitoring and circuit breakers to protect depositors.

Question 4

Do I need to manage anything after I deposit?

Accepted Answer

No. Once you deposit into a Kerne vault, the protocol handles everything: opening and maintaining the hedge, collecting funding and lending yield, rebalancing when needed, and compounding your returns. The vault is fully automated. You hold ERC-4626 vault shares that appreciate in value as yield accrues. When you want to exit, you request a withdrawal, wait a 7-day cooldown period, then claim your assets. No active management required.

Question 5

What is kUSD, and which chains does Kerne Protocol run on?

Accepted Answer

Kerne Protocol runs exclusively on Base (chain 8453). The protocol ships two live products. First, the delta-neutral WETH vault, which issues kLP shares. Second, the Peg Stability Module (PSM) at 0xFf3025ec18e301855aB0f36Ec6ECa115a29A5Fbc, which lets USDC holders mint kUSD 1:1 at a 10 bps fee. kUSD is deployed on Base at 0x5C2EfdF0D8D286959b42308966bc2B97f5680AA3. The skUSD yield-bearing wrapper, which lets kUSD holders earn protocol yield, is on the roadmap. (This kUSD is Kerne Protocol's Base-native stablecoin, distinct from Kernel Protocol's kUSD on Ethereum mainnet at 0x0bB9aB78aAF7179b7515e6753d89822b91e670C4 (a Karak-native LRT), KernelDAO's kUSD on BNB Chain, and any other similarly-named token on other chains. Disambiguation page: https://kerne.fi/kernel-vs-kerne.)

Question 6

How do I know the smart contracts are secure?

Accepted Answer

Kerne's contracts are built to institutional-grade standards: Solidity 0.8.24, OpenZeppelin v5 battle-tested libraries, and full Foundry test coverage including edge-case scenarios and fuzz testing. Formal audits are an ongoing process and a continual part of our roadmap. On-chain proof-of-reserves attestations are also automated, giving you real-time verifiability of what the protocol holds versus what it owes.

Question 7

Is there a token, and how do I get early access?

Accepted Answer

The $KERNE token provides governance and revenue sharing to holders. Our loyalty program, Opal, rewards early participants for their contribution over time. You can participate now by depositing into Kerne vaults via the Kerne Terminal at app.kerne.fi.

ID	Severity	Surface	Finding	Status	Closing commit
1.3a	CRIT	contracts	KerneVault rate-limit bypass on updateHedgingReserve and updateL1Assets when prior value was 0 Rate-limit now enforced on first writes. Paired with KernePrime free-collateral faucet closure in the same commit.	closed	089d75292026-05-09
1.8	CRIT	contracts	KernePrime accounting-only ledger could be wired to mint/burn kUSD without a backing check KernePrime free-collateral faucet patched alongside the rate-limit bypass.	closed	089d75292026-05-09
1.18	CRIT	contracts	KerneStaking lock-bypass via partial-unstake-then-restake path Source patched same-day with 7 regression tests. Deployed bytecode at 0x032A...D582 has not been re-verified to confirm the fix is on-chain; treat as partial until verified.	partial	not yet
B4	CRIT	contracts	InsuranceFund.checkAndInject targets degraded vault totalSupply Duplicate of TOP-3 in the audit's framing; tracked as a separate item because the source-level fix and the operational mitigation differ.	open	not yet
B7	CRIT	contracts	KerneVault.setFactory race window enables clone hijack Factory not currently used for deploys; closing the race before any factory-driven vault is deployed.	open	not yet
B8	CRIT	contracts	KerneZINRouter.onFlashLoan accepts any lender with attacker-chosen calldata ZIN router not currently in deploy path. Patch before re-enabling.	open	not yet
B9	CRIT	contracts	KerneIntentExecutor V1 lacks the V2 hardening and remains callable V2 closed the equivalent class of bugs. V1 SOLVER_ROLE still ungated; pause + revoke needed before V1 sees production use.	open	not yet
B10	CRIT	contracts	KerneVault.emergencyExit drains entire balance to arbitrary recipient Requires DEFAULT_ADMIN_ROLE + paused state, so blast radius is Safe-bound; still worth pinning recipient to treasury + adding a 24h delay.	open	not yet
B11	CRIT	bot	RFQ /quote endpoint signs arbitrary EIP-712 orders with strategist key, no auth Bot is offline as of 2026-05-12 (HL-only restart 2026-05-13 with the RFQ surface still disabled). Attack surface inert; patch is still required before the RFQ endpoint is re-enabled.	mitigated	not yet
B12	CRIT	bot	BotOrchestrator.deploy_instance writes raw private keys to /tmp env files Bot is single-instance HL-only; the orchestrator multi-container path is inactive. Patch required before orchestrator-style deploys are re-enabled.	mitigated	not yet
TOP-1	CRIT	frontend (terminal)	Opal cron /api/opal/cron/accrue accepted spoofable x-vercel-cron header as auth Replaced with constant-time Bearer comparison against CRON_SECRET; ACCRUE_SECRET retained as legacy fallback.	closed	35c05ec12026-05-11
TOP-2	CRIT	contracts	KerneVault pause path requires Safe co-sign; no on-chain pauser holds PAUSER_ROLE Bot's pre-flight pause simulation (commit 80c676aa) prevents the loop-spam failure mode, but a live solvency event still requires manual Safe co-sign to pause. Safe co-sign is out of scope for current ranked action plan.	open	not yet
TOP-3	CRIT	contracts	KerneInsuranceFund.checkAndInject is permissionless and computes target against degraded vault totalSupply Mitigated today by the vault's degraded-state UI guard (deposits gated); the on-chain primitive remains callable by anyone. Requires source patch + Safe AUTHORIZED_ROLE strip.	open	not yet
TOP-4	CRIT	infra	Postgres 5432 internet-exposed on VPS with self-signed cert UFW rule allows 5432 from 0.0.0.0/0. Scram-sha-256 auth is the only barrier. Restrict to Vercel egress ASNs or move to managed Postgres with network ACLs.	open	not yet
TOP-5	CRIT	secrets	Leaked OpenRouter API key committed in bot/solver Source patched in audit pass. Operator dashboard rotation required to fully retire the key; tracked separately.	mitigated	35c05ec12026-05-11
TOP-6	CRIT	infra	VPS SSH posture: PermitRootLogin yes, no fail2ban, password auth not explicitly disabled Bot key is the only working SSH credential; brute-force surface limited but bot scanners are visible in auth.log. Cheap to harden.	open	not yet
TOP-7	CRIT	frontend (terminal)	Opal /api/opal/balance/[address] IDOR with write-on-read Removed the INSERT-on-GET path; balance reads are now read-only.	closed	35c05ec12026-05-11
TOP-8	CRIT	contracts	kUSD.burnFrom callable via permit2 chain by any contract with allowance burnFrom is now gated behind BURNER_ROLE. The permit2-then-burnFrom primitive is closed.	closed	4cd208262026-05-12
TOP-10	CRIT	infra	Postgres opal-pg TLS connection used rejectUnauthorized: false 35c05ec1 flipped to rejectUnauthorized: true with pinned CA cert. 982996d9 (2026-05-14) added explicit CN verification when the connection hostname (localhost.) does not match the cert's CN (134.209.46.179), which had been silently failing every Vercel cron invocation since 2026-05-11 23:00:50 UTC and froze the fragment ledger for 66 hours.	closed	35c05ec1 982996d92026-05-14
B13	HIGH	bot	Bot used 5% slippage on every Hyperliquid order Tightened to 0.3% with TWAP fallback for sizes over 5 ETH.	closed	35c05ec12026-05-11
B14	HIGH	bot	All bot on-chain txs used legacy gasPrice instead of EIP-1559 panic.py + oracle_updater are on EIP-1559. ~12 other call sites (chain_manager, risk_engine, por_attestation, etc.) still use legacy gasPrice; pending a canonical helper rollout.	partial	cb8fc23e bebb30942026-05-12
TOP-9	HIGH	contracts	KerneYieldDistributor merkle root is updated without a 24h timelock window Distributor is currently inactive (0 KERNE in flight). Add timelock before any first distribution.	open	not yet

Audit Findings Tracker

How this page works