★ Empty cToken-style market (zero supply/borrow)
Jito's assessment for RD-F-070 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
[★ CRITICAL — NOT APPLICABLE] Jito is not a Compound V2 fork. No cToken-style markets, no permissionless market listing, no share-inflation donation attack surface. SPL stake pool architecture uses aggregate-stake/token-supply accounting managed by the on-chain SPL program. Taxonomy PD-024 explicitly designates F070 as Compound-fork-only and N/A for all other protocols. The upstream SPL stake pool was audited by OtterSec (2023-01-20) specifically for token accounting vulnerabilities.
Sources #
- InternalJito Protocol Profile §5 — fork lineageProfile §5 fork lineage: Jito uses SPL stake pool program directly — not a Compound V2 fork. Taxonomy §Cat 4 PD-024: F070 N/A for non-Compound-fork protocols.retrieved 2026-04-29
- OtterSec SPL Stake Pool Audit — 2023-01-20OtterSec SPL Stake Pool audit 2023-01-20 (commit fc34c25): covers token accounting, pool math, and first-depositor patterns in SPL stake pool program used by JitoSOLretrieved 2026-04-29
Methodology #
Determine whether any listed Compound V2-fork market has `totalSupply == 0` and `totalBorrow == 0`, the precondition for a donation-exploit.
See the full factor methodology and distribution across all protocols →