★ Public initialize() without initializer modifier

Jupiter Perpetual Exchange's assessment for RD-F-022 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Public initialize() without OpenZeppelin initializer modifier is an EVM/Solidity-specific vulnerability pattern. Solana Anchor programs use #[account(init)] constraints and program-derived accounts for initialization — there is no publicly callable EVM-style initialize() function. The vulnerability class does not exist in this substrate. Per briefing §6: F143 N/A (no EVM proxy; BPFLoaderUpgradeable) applies analogously here.

Sources #

Docs
Solscan — Jupiter Perps BPF program (Anchor/Solana substrate)Profile §3 footnote: EVM-specific proxy patterns (UUPS, Transparent, Beacon, Diamond) are not applicable; Solana uses BPFLoaderUpgradeableretrieved 2026-05-16

Methodology #

Determine whether any implementation contract exposes `initialize(…)` without the OpenZeppelin `initializer` modifier or equivalent initialization lock.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol jupiter-perps factor RD-F-022 score not_applicable collected_at 2026-05-16 01:53:11