a specter has returned to ethereum: the specter of code that runs without an operator
kat0 is an erc-20 on ethereum. lowercase name, lowercase symbol, eighteen decimals. it is an asset. it does not launch and graduate and migrate.
issuance happens through one contract, a uniswap v4 hook, set as the only minter at deployment and locked there. when ether arrives, the hook computes how much kat0 to mint and keeps the ether as reserves. the price of the next kat0 is p(eth) = (S/K) · e^(eth/S), with S = 400 ether and K = 18,000,000. the only variable is eth, the cumulative net ether ever paid in.
cumulative supply is the integral of that price: minted(eth) = K · (1 − e^(−eth/S)). the function approaches K but never reaches it. the exponential's tail is mathematically infinite; bounded human attention is finite. we picked 99% of K as the line where attention runs out before money does, and we wrote that line into the contract. there is no graduation event, no liquidity migration.
sells run the same function in reverse. anyone holding kat0 can burn their tokens against the hook's reserves and receive ether priced by the inverse curve, less the fee. the hook holds every wei of net ether ever paid in.
every sell carries a 0.5% fee. forty percent of that fee is converted into kat0 from a reserved tail allocation of 2,000,000 tokens — the reflection vault — and distributed pro-rata to every current holder in the same transaction. sellers literally pay holders to exit. the longer you hold, the more sells happen around you, the more kat0 accrues to your wallet, automatically, without a claim function.
the reflection vault depletes deterministically. its issuance follows R(eth_sold) = 2,000,000 · (1 − e^(−eth_sold/160)) — the same exponential shape as the primary curve, asymptotic to the 2,000,000 cap. early holders capture the steepest part of the reflection emission. when the vault crosses 99% depletion, reflection mode locks. the curve continues. the holders keep their accumulated balances forever.
the remaining 60% of every sell fee, plus a flat 0.3% fee on every buy, stays in the hook permanently as reserve. it cannot be withdrawn, governed, voted on, or redirected. it isn't a treasury. it is a counterweight: a small automatic tax on round-trip activity that prevents the curve from being a free thing to abuse, and prevents anyone, including us, from extracting value from it.
three constraints keep the system hard to game. a single buy is capped at 4 ether, so no one can vacuum a meaningful share of supply in one transaction. selling in the same block as your last buy reverts, which makes flash-loan arbitrage uneconomic. and for the first two hundred blocks after deployment, every buy received a random multiplier between 0.95 and 1.15: a tax on the bots tuned for the exact deployment block. that window has closed. from this point onward, the contract is fully deterministic.
a consequence of S = 400 is that the early curve is intentionally flat. the first eighty ether of cumulative buys move the price by less than 25%. the first eight hundred move it about 7×. only as the curve approaches its termination point, around 1,842 cumulative ether, does the price reach roughly 100× the launch price. early buyers pay nearly the same price as one another; late buyers pay much more. early buyers also receive the densest reflection rewards. this is the math, not a defect of it.
the curve terminates by design. when minted supply crosses 99% of K — that is, 17,820,000 kat0, reached at roughly 1,842 cumulative ether — selfDeprecated flips on-chain and locks. from that moment forward, the hook will not mint another unit of curve supply, ever. the remaining 180,000 kat0 from the primary allocation never enter circulation.
issuance ends. the token does not. after deprecation, sells continue to work, reflection continues until the vault crosses 99% depletion, and each sell reduces supply irreversibly. the bonding curve hook stays online as a permanent on-chain bid for kat0. the cap, once hit, is one-way.
what changes is who makes the market. during issuance, the curve is the market. after issuance, the holders are. price on secondary venues is set by liquidity providers, not by a function. the curve becomes two things at once: a permanent floor, deterministically buying kat0 back for ether as long as the reserves hold, and a permanent on-chain record of how the supply got distributed in the first place.
we did not pre-mint. we hold no allocation, no admin role, no pause function, no upgrade path. there is nothing to extract from the hook other than by selling kat0 back through the inverse curve like anybody else, or by holding kat0 and waiting for other people to sell. if everyone who shipped this disappeared tonight, the contract would run tomorrow against the same rules and the same prices. that is what we mean by "no operator." that is the only feature.
kat0 has no socials. no twitter, no telegram, no discord. anyone claiming to represent kat0 is impersonating it.
most tokens ask you to trust them. then they ask you to verify that trust by reading solidity on etherscan. most people don't. most people can't. the gap between "the code is public" and "i have personally read and understood the code" is where rugs live.
kat0 closes that gap by removing every place a rug could hide.
the contract is immutable. there is no proxy. there is no upgrade pattern. the address you see on this page on day one is the same address running the same bytecode in year ten. there is no admin key, because there is no admin function. there is no pause function. there is no mint function callable by anyone. there is no fee setter. there is no parameter the team can change after deployment. the only way to change the rules is to deploy a new contract at a new address — at which point it is a different token, not kat0.
the constants are public. the bonding curve uses S = 400 and K = 18,000,000, both stored as immutable variables on-chain at construction. they are readable by anyone. they cannot be changed by anyone, including us. the price function p(eth) = (S/K) · e^(eth/S) is the contract. there is no version of kat0 where these values are different.
the manifesto is on-chain. the prose you are reading right now is committed to the contract's storage at deployment as a keccak256 hash. anyone can read the stored hash, hash this page's content themselves, and confirm the two match. if a single character of the manifesto changes, the hash breaks, and the mismatch is provable from any block explorer or rpc node. the contract carries its own constitution.
the deployment is reproducible. the contract is deployed via create2 to a deterministic vanity address. anyone with the source code, the same compiler version, and the same constructor arguments can produce the same bytecode and confirm it matches what is on-chain. there is no "trust us, this is what we deployed" — the deployment is a function of public inputs.
the source is auto-verified through deterministic build artifacts published to sourcify and ipfs at deployment time. you do not need to manually request etherscan verification or wait for it. the bytecode-to-source mapping is independently verifiable at sourcify.dev and pinned via ipfs hash referenced in the contract storage. the full source code, the compiler input, and the metadata json are all retrievable without depending on any centralized indexer.
the hook is the only minter. at deployment, the token contract sets the uniswap v4 hook as the only address with permission to mint, and then locks that role permanently by setting the minter-setter function to revert. there is no other path to new supply. anyone querying the token's role registry sees one minter, forever.
there is no team allocation. zero tokens were minted to any address at deployment. the entire supply enters circulation through the bonding curve, by buyers paying ether. you can verify this by checking that no Transfer event with from = address(0) and a non-zero amount exists before the first buy event in the contract's history.
what you don't have to do: install foundry, read 800 lines of solidity, audit the openzeppelin imports, check the uniswap v4 hook permission flags by hand, or trust an audit firm that was paid by the deployer. all of that is welcome — the source is open, the build is reproducible, the audits are public — but none of it is required to use kat0 safely. the structural properties above make the standard rug vectors physically impossible. the contract cannot be upgraded, cannot be paused, cannot be drained, cannot be reminted, and cannot be governed. there is no "we" to make changes after launch.
what is required: confirm the address shown on this page matches the address returned by the official deployment transaction (linked below once deployed). everything else follows from the address.
the test you can run in 30 seconds:
read on-chain. proof that the manifesto stored at construction matches the prose above.