The Kima platform maintains large liquidity pools across multiple different layer-1 blockchains. Wherever there is pooled capital, there is an attendant risk. The Kima platform is committed to safety and liveness in its services, with the terms being defined as the following:
Safety: Safety is the ability to prevent the system from doing something incorrectly. In this case, this includes someone emptying the liquidity pools held on different blockchains or causing a transaction to occur that was not requested.
Liveness: Liveness is the ability to ensure that the system is able to do the things that it should be able to do. Here, Liveness means that the Kima system is able to continue making cross-chain transactions when requested.
In this section, we lay out the main types of risk faced by Kima and the steps taken to mitigate that risk.
The primary wardens control all funds held in Kima pools and are the only entities that can move tokens out of the pools, thus it is of critical importance to protect the system against malicious (or otherwise compromised) wardens.
The use of threshold signatures ensures that wardens can only move funds if a quorum of wardens has authorized the transfer. The use of SGX enclaves makes it so that wardens can only deviate from the prescribed behavior by breaking the security of an SGX enclave. Kima wardens must stake tokens, and they expose themselves to slashing risk if they misbehave. A majority of professional block producers now validate across multiple chains; thus misbehavior on one chain will result in a loss of reputation that translates to a loss of revenue across multiple chains.
Smart contract risk
The Wormhole bridge uses multisigs (as opposed to threshold signatures) to control its asset pools. This dramatically increases the complexity of the on-chain code and the risk of smart-contract vulnerabilities. The Wormhole exploit showed the risk of overly complex contracts.
Kima does not use multisigs, but instead uses threshold signatures, and thus Kima does not use smart contract, but instead holds assets in EOAs, which minimizes this attack surface.
Other risks include blockchain reorganizations and impermanent loss - these were already covered in this whitepaper.