★ Audit scope mismatch

Jupiter's assessment for RD-F-001 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

17 audit engagements across 5 firms cover all major sub-protocols; most recent audit October–November 2025. However, the primary aggregator v6 (JUP6LkbZbjS1jKKwapdHNy74zcZ3tLUZoi5QNyVTaV4) is a closed-source binary — commit SHA from audit report cannot be independently matched against deployed bytecode. Audit PDFs return 404 on all direct URL attempts. Scope-match verification structurally impossible for closed-source binary substrate.

Sources #

GitHub
jup-ag/jupiter-cpi (archived November 2025)jupiter-cpi archived repo confirming no main aggregator source availableretrieved 2026-04-29
Etherscan
Jupiter Aggregator v6 — SolscanSolscan account JUP6LkbZbjS1jKKwapdHNy74zcZ3tLUZoi5QNyVTaV4 — program metadata, closed-source binary confirmedretrieved 2026-04-29
Docs
Jupiter Audit Reports — Jupiter DevelopersCanonical audit index listing 17 engagements, 5 firmsretrieved 2026-04-29

Methodology #

Check whether the commit SHA cited in the audit report matches the bytecode deployed at the production proxy/implementation address.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol jupiter factor RD-F-001 score yellow collected_at 2026-04-29 11:51:25