This article serves as a case study as to how Kim Exchange partnered with Cantina—a transparent, efficient, and industry-leading security marketplace for protocols incubated by Spearbit to secure their lending protocol at multiple stages throughout their development lifecycle.
Key Stakeholders
Kim Exchange
Kim Exchange is a decentralized exchange (DEX) protocol that utilizes a novel mathematical formula to price assets, facilitating trading without the need for a traditional order book. The team's recent launch of the Kim NFT Marketplace represents a significant expansion of their ecosystem.
Cantina
Cantina is an efficient security marketplace incubated by Spearbit, providing protocols with access to leading security service providers, high-signal crowdsourced security reviews, and dynamic price transparency across the web3 security talent pool.
Context and Value Alignment
The Kim Exchange team has consistently turned to Cantina to enhance the security of their protocol, with two engagements in 2024—one solo review in May and a Cantina-managed review this past November. This aligned partnership stems from a shared ethos around the necessity of a multi-faceted approach to security—a key priority for Kim Exchange as they work toward their goals.
By partnering with Cantina for multiple security engagements, Kim Exchange has demonstrated their dedication to fortifying the resilience of their protocol, particularly with the launch of their NFT marketplace. The collaboration between the two teams has been instrumental in identifying and addressing potential vulnerabilities across Kim Exchange's infrastructure.
The Approach
Kim Exchange's security strategy for the NFT marketplace reflects a diversified, multi-stage approach aligned with Cantina's best practices. In the initial solo review in May 2024, expert security researchers conducted in-depth analyses of Kim Tokens—finding only 4 lows and 4 informationals—ensuring the foundational integrity of what they were building.
Building on this foundation, Cantina then hosted a second security review in November 2024, bringing fresh researchers to the team to uncover vulnerabilities from unique perspectives. This combination of solo and team security reviews creates a robust defense strategy, bolstering the overall resilience of the Kim Exchange NFT marketplace.
The Assessment
Cantina's security review of the Kim Exchange NFT marketplace involved a meticulous examination by a team of seasoned security researchers, specifically Cccz and Chinmay Farkya as associate researcher. Over the course of several engagements spanning November 2024, the researchers identified a total of 23 issues, classified as follows:
- Critical Risk: 2
- High Risk: 2
- Medium Risk: 7
- Low Risk: 6
- Gas Optimizations: 2
- Informational: 4
The researchers praised Kim Exchange's dedication to security consciousness and the exceptional quality of their codebase. The team highlighted the protocol's streamlined architectural approach, which prioritizes simplicity in the core product while relegating complex UI/UX elements to peripheral contracts. This strategic decision enhances maintainability and fosters a robust foundation for future development.
Additionally, the researchers noted that Kim Exchange's internal review process stood out for its effectiveness and thoroughness, further demonstrating the team's unwavering commitment to security.
Cantina's Collaboration with Kim Exchange
The collaboration between Cantina and Kim Exchange was impactful. In the words of a Kim Exchange spokesperson:
“When we set out to launch our NFT Marketplace for trading locked liquidity positions, security wasn’t just a requirement—it was a cornerstone. Cantina’s team provided the thorough and adaptive approach we needed to meet that standard.
Their researchers didn’t just audit our code from a distance; they embedded themselves in our process, collaborating directly with our engineers to scrutinize every layer of the marketplace. This close collaboration allowed us to catch potential vulnerabilities early and refine the marketplace’s architecture with confidence. Issues were identified and addressed in real time, creating an ongoing dialogue that ensured nothing was overlooked.
Cantina’s ability to understand the nuances of trading locked liquidity positions and their proactive feedback helped us strengthen the marketplace beyond simple fixes. The result is a marketplace where users can trade kpNFTs knowing security is seamlessly integrated into every transaction. Partnering with Cantina elevated our security standards and gave us a resilient foundation to innovate and expand our offerings.”
Similarly, security researcher Cccz enjoyed the process as well:
“Working with KIM team has been an incredibly rewarding and enjoyable experience. Each member of the team is dedicated and committed, approaching every issue with a high level of responsibility and professionalism. Their diligence and attention to detail ensure that every task is handled thoroughly and effectively. It's a pleasure to collaborate with such a dedicated group of individuals.”
Security researchers and engineers from the Kim Exchange team were able to work together on the Cantina platform, discussing issues, commenting, and learning from one another—a unique experience compared to other security providers.
Conclusion
The prioritization of security from the Kim Exchange team, combined with Cantina's comprehensive and collaborative approach, has had a significant impact on the protocol's trajectory. By presenting Cantina's team with streamlined architecture, an open and responsive team, and robust documentation, the researchers were empowered to apply their expertise to every aspect of the codebase, leading to a truly comprehensive evaluation.
This symbiotic relationship, strengthened through repeated engagements, has enabled Cantina's researchers to explore increasingly creative ways to hypothetically exploit the protocol, ensuring that even the most obscure attack vectors are considered. As a result, the resources allocated to security have been utilized to maximum efficiency, fostering innovation and excellence in the web3 landscape.
Secure your protocol today
Cantina is your go-to for comprehensive end-to-end security. Looking to secure your crypto protocol? Let's talk. We can have a full quote turned around for you within 24 hours, catered exactly to your project's needs.