All audit reports and security-related information are maintained in the Kasu Security Repository.
Upgradability
All Kasu smart contracts use the OpenZeppelin TransparentUpgradeableProxy pattern. Each proxy has its own dedicated ProxyAdmin contract for security isolation — a compromised ProxyAdmin only affects one proxy, not the entire system.
ProxyAdmin ownership is held by the Kasu multisig on each network.
Emergency Mechanisms
Mechanism
Function
Description
System Pause
KasuController.pause()
Halts all system activity across all lending pools
Emergency Withdraw
KSULocking.emergencyWithdraw()
Forcibly unlocks all users' KSU positions
Pool Stop
LendingPoolManager.stopLendingPool()
Halts a specific lending pool's operations
Access Control
Administrative functions are protected by role-based access control managed through the KasuController contract. Critical operations require multisig approval. See Roles & Access Control for the complete role matrix.