Katana
About
Katana is a DeFi-focused L2 blockchain built on Polygon CDK that concentrates liquidity and incentives into a focused set of core applications — one lending market (Morpho), one spot DEX (Sushi), one perps venue (Katana Perps), and one native stablecoin (AUSD, backed by U.S. Treasuries) — rather than fragmenting across many competing protocols. Users bridge supported assets to Katana, deploy them into these core apps, and earn yield sourced from real onchain and offchain revenue streams (Vault Bridge L1 yield strategies, sequencer fees, AUSD treasury yield, and core app fees) rather than relying solely on inflationary token emissions.
Where Does Yield Come From?
Yield on Katana comes from several real revenue streams that work together, rather than depending only on newly printed tokens.
Vault Bridge (earning yield on Layer 1)
When you bridge assets like USDC, USDT, WETH, or WBTC to Katana, the Vault Bridge sends those assets into low-risk yield strategies on Ethereum (using Morpho vaults managed by Gauntlet and Steakhouse Financial). You receive vbTokens (like vbUSDC) on Katana that represent your bridged assets. The yield earned on Ethereum gets streamed back to Katana.
But there is a catch: if you just let vbTokens sit in your wallet, they earn nothing. You must deploy them into Katana's core apps — lending markets, DEX pools, or other tools — to unlock the boosted yields. This keeps the assets "productively at work" on both layers.
Chain-Owned Liquidity (CoL)
All transaction fees paid by users on Katana (called sequencer fees) go into a pool of liquidity owned and managed by the network itself. This pool is deployed into Sushi DEX positions, Morpho lending supply, Katana Perps margin, and other routing strategies. The yield from these deployments either gets compounded back into more Chain-Owned Liquidity or is redirected to boost incentives for active liquidity providers. This creates a self-reinforcing cycle: more activity feeds more liquidity, which feeds more yield.
AUSD stablecoin
AUSD is Katana's native stablecoin, backed by U.S. Treasury bills held offchain. It is issued by Agora, with reserves held at State Street and managed by VanEck. The Treasury yield flows back onchain to support incentives for AUSD lending pools and liquidity, providing a yield stream that does not depend on what happens in crypto markets.
Core app fee recycling
A portion of the fees from core apps — lending interest on Morpho, swap fees on Sushi, trading fees on Katana Perps — gets redirected back into liquidity pool incentives. This boosts returns for active participants.
vKAT Armory (the voting and gauge system)
Users can lock KAT tokens to receive vKAT (a non-transferrable NFT with voting power) or avKAT (a liquid, auto-compounding token). vKAT holders vote on "gauges" — allocations that decide where KAT token emissions go (which liquidity pools get more rewards). In return, voters earn three things:
- Vote incentives (bribes from protocols that want emissions directed their way)
- Trading fees from the pools they voted for
- A share of exit fees from users who unstake vKAT early (this gets redistributed to remaining holders)
The loop works like this: emissions attract liquidity → liquidity drives trading volume → volume generates fees → fees flow back to the voters who directed the emissions.
Exit fee redistribution
If you leave a vKAT lockup early, you pay a fee. It starts at 2.5% after a full 60-day cooldown, goes up to 25% for "rage-quits," and can reach 80% during the first 14 days after launch. All of those fees are fully redistributed to the remaining active vKAT holders — so staying locked rewards patience.
Katana Perps
The native perpetuals exchange uses vbUSDC as its main margin asset, linking trading activity back to Vault Bridge revenue. Trading fees from perps feed into the broader Katana system, and perps also becomes a new category for vKAT gauge voting and voter fee rewards.
The big picture
The fee and emission system follows a modified ve(3,3) model — KAT emissions are directed by vKAT gauge voting — but it is designed to be backed by real revenue (Vault Bridge, sequencer fees, AUSD, core app fees) rather than purely printing new tokens. The goal is that real yields grow in step with network activity and total value locked, instead of relying on inflation alone.
Persons
Matthew Fisher
CEO
Audits
| Audit / Date | Findings | Verdict |
|---|---|---|
Certora11-03-2025 - 18-03-2025 |
| The audit found no critical, high, or medium vulnerabilities; the 3 low-severity and 8 informational issues were all either fixed or acknowledged, and formal verification confirmed the final code is correct with respect to all specified properties, indicating a well-secured token deployment. |
| Sigma Prime's audit found 1 Critical and 1 High severity issues, both resolved by the development team, meaning the most serious risks in the Yield Exposed Token contracts were addressed prior to deployment. The two closed items (unnecessary refund and inconsistent event usage) present minimal residual risk as they were acknowledged but do not affect core security. | |
ChainSecurity31-03-2025 - 07-05-2025 |
| All identified vulnerabilities were closed with code corrections across three remediation versions, resulting in no open findings; ChainSecurity assessed the codebase as providing a good level of security for production deployment, with residual design notes about bridge liquidity timing and Morpho vault trust assumptions. |
Certora22-04-2025 - 06-05-2025 |
| The audit identified and resolved all critical, high, and medium severity issues (all fixed), with only one low-severity DoS finding (L-05) intentionally left with a documented workaround rather than a code fix, indicating a well-scoped and mature codebase with manageable residual risk. |
Certora13-05-2025 - 23-06-2025 |
| Two informational rounding discrepancies were identified and fixed during the engagement, and all formal verification properties ultimately passed, indicating a high degree of correctness assurance for the vault bridge contracts under the stated assumptions. |
Certora22-09-2025 - 14-10-2025 |
| The audit identified no Critical or High severity vulnerabilities, and all three Medium issues were remediated (two fixed, one acknowledged as a design choice), leaving only minor acknowledged risks (e.g., USDT fee changes, upgrade procedure discipline) — indicating a solid security posture for the Vault Bridge V1 protocol. |
Certora03-11-2025 - 17-11-2025 |
| The audit uncovered 16 findings (4 medium, 5 low, 7 informational) with 10 confirmed fixed and 6 acknowledged; key medium-severity risks around migration integrity and incident-response gaps have been partially remediated, and the remaining acknowledged items are slated for a V2 redesign. The protocol's safety posture is reasonable for launch with the fixed items deployed and awareness of the acknowledged design limitations. |
Trail of Bits26-08-2024 |
| The pessimistic-proof crate is architecturally well-designed but critically under-tested for adversarial edge cases, and the engagement recommends that Polygon invest in a thorough negative test suite before deploying this library in production. |
| The report reveals one critical vulnerability (proofs not settled to L1) that was resolved, alongside three high-severity issues, making the audit moderately concerning but with key remediations already applied; residual risks remain in areas the development team acknowledged but deferred (e.g., stale nodes, unauthenticated RPC, proof aggregation), so continued monitoring and additional review of future design changes is recommended. | |
Sigma Prime01-04-2025 |
| The audit found no critical or high-severity vulnerabilities; the two medium-severity issues were closed as intentional design choices for the SP1 ZK environment, and the remaining low/informational items were accepted as open. Overall, the AggLayer v0.3.0 offchain components present a moderate risk profile with no blocking security concerns. |
SigmaPrime01-04-2025 |
| The audit identified two medium-severity issues (unauthenticated RPC services and certificate loss under load) and twelve low-severity findings, all left open, indicating the project had not addressed these concerns at the time of reporting; continued remediation and a follow-up review are recommended before production deployment. |
SigmaPrime01-07-2025 |
| The audit found no critical or high-severity issues; the two medium-severity findings were intentionally closed by design in the SP1 ZK context, and the low-severity findings were resolved. Overall the AggLayer v0.3.0 Rust components present a reasonable security posture for continued development. |
| This audit found no high or critical severity vulnerabilities; the two medium-severity issues were acknowledged/closed by the team with mitigations planned for future releases, making the protocol reasonably safe for its current scope with note that authentication and encryption on RPC services remain to be addressed. | |
Hexens17-12-2022 - 27-02-2023 |
| The Hexens audit of Polygon zkEVM uncovered 4 critical vulnerabilities that could have led to bridge fund drainage and execution hijack, most of which were remediated before publication, indicating a meaningful improvement in security posture. The report's overall conclusion confirms that code quality and security increased after the review. |
| The audit found one resolved high-severity issue (rollback corrupting pending state) and no critical vulnerabilities, but the two closed medium/low findings represent acknowledged design centralization and gas-efficiency trade-offs that remain present in the codebase. | |
Sigma Prime01-04-2025 |
| This audit found no critical or high-severity vulnerabilities; the four medium-severity issues were resolved or acknowledged, and the overall contract set appears to have been reviewed with due diligence by Sigma Prime. |
| All three findings were acknowledged and closed by the development team with operational mitigations; no unresolved or exploitable vulnerabilities remain in the audited code at the reviewed commit. | |
| The audit found no critical or high-severity issues; one medium and two low-severity findings were either resolved or acknowledged, giving the Agglayer v0.3.5 contracts a clean security bill of health with only documentation and deployment-script quality concerns. | |
Sigma Prime01-02-2024 |
| The Sigma Prime audit of the Polygon LXLY Bridge found no Critical or High severity issues, with 19 findings mostly in the Medium-to-Informational range, indicating a sound overall design; the resolved Medium issues (e.g., missing emergency-state modifiers, rollup overwrite checks) address the most impactful risks, while closed items were accompanied by acceptable developer rationale. |
| The audit found no critical or high severity vulnerabilities, and all 6 discovered issues (2 medium, 1 low, 3 informational) were either resolved or acknowledged by the development team, indicating a strong security posture for the sovereign chains bridge scope. | |
| This targeted review of PR-478 changes found only three informational issues — all acknowledged and resolved — with no vulnerabilities of critical, high, medium, or low severity, indicating that the migration logic was implemented securely within the scope examined. | |
| No critical or high-severity vulnerabilities were found, and the sole medium-severity issue along with all informational findings were resolved by the development team, indicating a properly remediated audit cycle. | |
Spearbit21-05-2025 - 07-07-2025 |
| The audit revealed 7 High-severity issues, all of which were fixed prior to publication, and 2 Medium-severity findings (one fixed, one acknowledged), demonstrating responsive remediation; the remaining Low and Informational findings are largely addressed or tracked for future versions, and the review provides reasonable assurance for the v0.3.0 codebase when deployed with the recommended fixes. |
Backers
Katana is incubated by Polygon Labs and GSR, as stated consistently across the official website (footer) and in the "About katana foundation" section of the mainnet launch blog post. The Katana Foundation is described as a nonprofit organization dedicated to creating a DeFi-native chain. No specific funding rounds, amounts, dates, or additional venture capital investors are disclosed on the official website or blog.
Legal
Legal form
Limited company (Ltd.) – referred to as "Katana Foundation (Cayman) Ltd."
Registration jurisdiction
Cayman Islands – entity name "Katana Foundation (Cayman) Ltd."; registered address at 4th Floor, Harbour Place, P.O. Box 10240, Grand Cayman KY1-1002, Cayman Islands (c/o Harneys Fiduciary (Cayman) Limited)
Status and notes
Operating entity is Katana Foundation (Cayman) Ltd. (together with its affiliates, "Katana Foundation"), a limited company. Imprint/Terms available at /legal/terms-of-use and Privacy Policy at /legal/privacy-policy. The Terms of Use elect British Virgin Islands governing law and exclusive jurisdiction (for non-arbitration matters), with arbitration seated in the Cayman Islands. Privacy Policy address is in the Cayman Islands. The Terms explicitly state the Foundation is a nonprofit organization dedicated to the Katana ecosystem. Contact email: [email protected].