★ Audit scope mismatch

Jito's assessment for RD-F-001 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Each program cluster has audits referencing explicit commit SHAs (Steward f4ea93a, Validator History fc34c25, Restaking f04242f/ecbe19a/3fdcd88, TipRouter ac76352/443368a). No public mismatch identified, but Solana BPF bytecode-to-commit verification tooling (solana-verify) is not Etherscan-equivalent; confirmation is medium confidence.

Sources #

GitHub
StakeNet Security Audits (OtterSec, commit SHAs documented)stakenet security-audits directory commit SHAs f4ea93a, fc34c25retrieved 2026-04-29
GitHub
Jito TipRouter Security Auditsjito-tip-router security_audits: Certora ac76352, Offside 443368aretrieved 2026-04-29
GitHub
Jito Restaking Security Auditsrestaking security_audits: OtterSec f04242f, Offside 60b3884, Certora ecbe19a+3fdcd88retrieved 2026-04-29
Audit
OtterSec SPL Stake Pool Audit (anza-xyz/security-audits)OtterSec SPL Stake Pool Audit 2023-01-20retrieved 2026-04-29

Methodology #

Check whether the commit SHA cited in the audit report matches the bytecode deployed at the production proxy/implementation address.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol jito factor RD-F-001 score yellow collected_at 2026-04-29 15:50:23