Dependency graph (protocols depended upon)
Sanctum's assessment for RD-F-050 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Multi-counterparty dependency is structurally novel. Sanctum's core dependency graph: (1) SPL Stake Pool program SPoo1Ku8WFXoNDMHPsrGSTSG1Y47rzgn41SLUNakuHy — canonical upstream program cross-invoked by Router and read by Infinity; audited OtterSec Jan 2023; upgrade authority = 11-member multisig. (2) Each partner LST's stake pool program (jitoSOL, mSOL, bSOL, jupSOL, BNSOL, bbSOL, and dozens more in Infinity basket) — each a distinct dependency; failure in any propagates proportionally into INF NAV. (3) Solana runtime / Agave consensus. (4) Gateway: RPCs, Jito bundles, Triton (delivery infra, non-TVL-affecting). Yellow because Infinity aggregates the risk of every LST it holds — a failure in any one partner LST pool propagates into INF NAV proportionally.
Sources #
- URLSanctum Infinity Ultimate GuideSanctum blog: INF holds a basket of LSTs; all LSTs have exchange rates readable from on-chain stake pool stateretrieved 2026-05-04
- anza-xyz security audits — OtterSec SPL Stake Pool audit 2023-01-20SPL Stake Pool program audited by OtterSec 2023-01-20; upgrade authority = 11-member multisig including Jito, Jupiter, Laine, Mango, MRGN, Solblaze, SolanaFM, Sanctumretrieved 2026-05-04
- 00-profile.md §7 and §11Profile §7: SPL Stake Pool program as core dependency; multi-LST aggregation risk note in §11retrieved 2026-05-04
Methodology #
List all external protocols whose failure would directly impair this protocol (LST providers, bridges, stablecoin issuers, keepers).
See the full factor methodology and distribution across all protocols →