★ Post-audit code changes without re-audit

Jupiter Perpetual Exchange's assessment for RD-F-139 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Three original audits (OtterSec Oct-Nov 2023, Sec3 Jan 2024, Offside Labs Feb-Mar 2024) covered pre-April-2024 binary. Offside Labs conducted a Perpetuals Exchange audit in May 2025 (OffsideLabs/reports GitHub), substantially reducing the drift gap. The Squads v4 24h timelock adds a delay on upgrades but is not a substitute for explicit audit coverage. Closed-source prevents independent binary diff verification of post-May-2025 changes. Scored yellow: May 2025 audit significantly reduces drift gap; ongoing closed-source prevents continuous verification; any post-May-2025 upgrades not confirmed audited.

Sources #

Docs
https://developers.jup.ag/docs/resources/auditsretrieved 2026-05-16
GitHub
OffsideLabs public reports repositoryOffsideLabs/reports: Jupiter-PerpetualsExchange-May-2025-OffsideLabs.pdf — Perpetuals Exchange audit from May 2025 (most recent covering the perps program)retrieved 2026-05-16
Audit
https://github.com/OffsideLabs/reports/blob/main/audits/Jupiter-PerpetualsExchange-May-2025-OffsideLabs.pdfretrieved 2026-05-16

Methodology #

Count deployed changes to audited bytecode where no subsequent audit or spot-review covers the changed code.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol jupiter-perps factor RD-F-139 score yellow collected_at 2026-05-16 01:53:11