★ Reinitializable implementation (no _disableInitializers)

Jupiter's assessment for RD-F-143 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Solana programs do not use the EVM proxy+implementation pattern or OZ _disableInitializers(). Anchor programs use account discriminators that prevent re-initialization by construction (init constraint). Jupiter Lend's InitLendingAdmin and InitLending contexts use Anchor's standard init constraint. EVM proxy takeover pattern does not exist in the Solana BPF model. Gray due to substrate mismatch — analogous Solana risk not apparent but cannot be fully verified for closed-source core programs.

Sources #

GitHub
Jupiter Lend context.rs | Code4rena GitHubJupiter Lend context.rs — Anchor init constraint used for initializationretrieved 2026-04-29

Methodology #

Determine whether the implementation contract does not call `_disableInitializers()` in its constructor, leaving re-initialization possible.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol jupiter factor RD-F-143 score gray collected_at 2026-04-29 11:51:25