Beyond smart contract risk, which the team takes precautions to mitigate via numerous internal tests and external audits, Kamino entails the same risks that are present on the CLMM DEXes it is built on, of which the primary one is impermanent loss:
Kamino is a CLMM automation protocol, and none of the Vaults are independent of the underlying DEX pools.
Kamino’s smart contracts have passed a third-party security audit from Smart State, and the code is thoroughly tested. While Kamino takes precautions to protect users’ funds, it does not guarantee funds can be 100% shielded against an exploit.
Kamino can help users increase the efficiency of their concentrated liquidity positions, but it is not a capital protection strategy. Market movements will affect the value of users’ liquidity positions, as will de-pegging events for stable and pegged assets.
Kamino uses two oracles:
PYTH: We use Pyth for all feeds the tokens that we need which have a Pyth feed, currently, for the mainnet tokens, they are USDC, USDT, SOL, stSOL.
SWITCHBOARD: we use them for USDH and all the other tokens. Switchboard is aggregating prices from Jupiter, Mercurial, Saber, and Orca and other sources to provide an average.
TWAP: Kamino has TWAP and EWMA feeds, which adds to the resilience of oracles.
Here's more info on Kamino's Oracle infrastructure:
Yes. Users can find smart contract cover for Kamino positions on Amulet Protocol.