The feature prevents compromised curator keys from redirecting depositor funds to unvetted reserves.
Kamino, the largest lending protocol on Solana, has rolled out a new security feature called Whitelisted Reserves that enforces allocation controls at the smart contract level across its lending vaults.
The move comes just over a week after the Drift Protocol exploit, in which attackers drained roughly $270M from the Solana-based perpetual futures exchange using social engineering and compromised admin keys. The attack, which security firms have since attributed to DPRK-linked threat actors, rattled the broader Solana ecosystem and prompted the Solana Foundation to launch a new tiered security program for decentralized finance (DeFi) protocols.
Kamino’s Whitelisted Reserves mechanism ensures that vault funds can be deployed only to reserves explicitly approved by a protocol-level multisig. If a vault curator’s keys are compromised, an attacker would be unable to redirect depositor funds into a malicious or unvetted market, a scenario that could otherwise drain a vault’s liquidity.
“With Whitelisted Reserves, that attack path is closed,” Kamino said. “The smart contract rejects any allocation or investment into a reserve that Kamino has not explicitly whitelisted, regardless of who signs the transaction.”
The feature enforces two onchain restrictions: curators cannot create or increase allocations outside the whitelist, and depositor funds cannot flow into any unvetted reserves via the vaults. Both restrictions are irreversible once activated by a curator.
All vaults currently displayed on Kamino’s frontend — including those managed by Sentora, Gauntlet, Steakhouse, Allez Labs, and RockawayX — now have Whitelisted Reserves enabled. Going forward, the feature will be a requirement for any vault to appear on the Kamino interface.
Withdrawals remain unaffected by the whitelist; depositors can exit vaults at any time, subject to available liquidity.
Kamino is the largest DeFi protocol on Solana and ranks among the top lending platforms across all chains. Earlier this year, the protocol launched Lend V2, introducing modular markets, automated lending vaults, margin leverage, and RWA integration.
This article was written with the assistance of AI workflows. All our stories are curated, edited and fact-checked by a human.
Be the first to comment