Reentrancy guard on external-calling functions

Jito's assessment for RD-F-014 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Solana runtime enforces max CPI depth 4 and account ownership rules, making reentrancy structurally infeasible. Certora formal verification covers state consistency invariants for restaking programs. No reentrancy finding in any published audit.

Sources #

Docs
Helius Solana Program Security GuideSolana runtime CPI depth limit and account ownership rules (helius.dev security guide)retrieved 2026-04-29

Methodology #

Determine whether all state-mutating functions that perform external calls carry `nonReentrant` or an equivalent reentrancy guard.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol jito factor RD-F-014 score green collected_at 2026-04-29 15:50:23