Security & Trust

OpenZeppelin-based, Audited Contracts:

• LKAT and related contracts are built on top of battle-tested OpenZeppelin libraries (e.g., ERC20Burnable, Ownable2Step).

• This ensures standard compliance, reduced risk of common vulnerabilities, and easy integration across DeFi.

Controlled Minting through Minter:

• LKAT cannot be minted freely. Only the Minter contract, which is explicitly whitelisted as a minter, can mint LKAT tokens.

• Minter itself can only mint LKAT after it successfully claims locked KAT on behalf of the user, ensuring every LKAT is always backed by real KAT rewards.

KAT Source Validation (Merkle root)

To ensure that LKAT minting remains fully trustless and verifiable, reward data comes directly from the Merkl API. For example, rewards earned by a user (like 0xCcc23518038a4668b4B002C59Ef0DbE8E7AD95b9 on chainId 747474) can be queried through:

https://api.merkl.xyz/v4/users/0xCcc23518038a4668b4B002C59Ef0DbE8E7AD95b9/rewards?chainId=747474

Audit Status

LKAT and Minter contracts were audited by Sub7 Security. All identified issues were reviewed and fully resolved, and the final report gave the contracts a green signal, though no contract can ever be considered entirely risk-free.

Permission Structure (Who Can Mint/Claim)

• Only whitelisted minters ( Minter contract) can mint LKAT.

• Minter can claim locked KAT rewards only after users set it as claim recipient and operator.

• Users must provide valid Merkle proofs for claims, keeping the process trustless and verifiable.