Oracles have historically been the most common attack vector for DeFi exploits. K-Lend’s oracle risk engine combines various risk practices such as heuristic and EWMA prices, while also maintaining its own oracles alongside those from other providers.

TWAP and EWMA Prices

Similar to price bands, Time Weighted Average Prices (TWAP) and Exponentially Weighted Moving Average (EWMA) prices are resistant to price manipulations because they identify the average price of an asset over time.

Since K-Lend uses TWAPs and EWMAs, the protocol is protected from flash loans/flash crashes, as dramatic short term price changes are rejected. Exploiting the protocol via price manipulation is thus expensive, as it requires the exploiter not only to manipulate a price, but to sustain it for some period of time relative to the existing TWAP/EWMA intervals.

Price Bands

Each stable or soft-pegged asset in K-Lend has a price range within which the smart contract expects the price to fall within. This is referred to as the price-band, and alongside TWAP/EWMA, also protects the protocol from flash crashes and flash-loan exploits.

For example, USD-pegged stables like USDC and USDH could have a 1% upper or lower band from $1. In this case, if the price is above $1.01, the price would be rejected. For SOL-pegged assets, price bands would be expressed relative to the SOL price.

Multiple Providers

K-Lend cross-references oracles from both Pyth and Switchboard, as well as its own Switchboard oracles that ingest feeds from various on-chain and off-chain sources.

For kTokens, Kamino computes prices directly on-chain. Each kToken price is calculated atomically, based on various price sources and the current state of the strategy.


For Kamino Vaults, Pyth feeds (alongside other oracle feeds) are used as a reference price to ensure the prices of the pools we deploy into are unmanipulated. Pyth feeds are also used to ensure that the vault rebalancing mechanism swaps at fair prices during liquidity rebalancing.

For Kamino Lend, Pyth feeds are used to identify the relative value of the differents assets borrowed or supplied into the protocol.

Pyth is critical for the security of Kamino Lend, as it ensures that loan health ratios are properly computed and refreshed.

Pyth feeds are used for the following assets:




  • mSOL/USD

  • JitoSOL/USD





  • bSOL/USD





Last updated