Deployer address prior on-chain history
Jupiter's assessment for RD-F-114 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Jupiter programs are Solana BPF upgradeable; upgrade authority is a Squads multisig (specific address not publicly disclosed), not an individual EOA deployer. Prior on-chain history of individual multisig members is not publicly enumerable. The Drift hack post-mortem explicitly notes Jupiter has a 12-hour timelock on admin actions as a positive comparator. Categorized as yellow (partial evidence: no documented adverse prior history, but deployer identity gap due to multisig structure and non-EVM substrate).
Sources #
- URLhacksdatabase/hacks/drift-protocol-rekt.md line 86Drift hack database — Jupiter timelock comparator referenceretrieved 2026-04-29
- Managing Program Upgrades with Multisig: Case Study & Best Practices | SquadsSquads blog — Jupiter uses Squads multisig for program upgradesretrieved 2026-04-29
- Jupiter protocol profile — deployment addresses00-profile.md §3 — Deployments sectionretrieved 2026-04-29
Methodology #
Classify the deployer address history as: none (fresh address) / normal-dev-history (prior protocol deploys, non-flagged activity) / linked-to-prior-rug (deployer used in prior known rug).
See the full factor methodology and distribution across all protocols →