★ Post-audit code changes without re-audit

Jito's assessment for RD-F-139 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

[★] Multiple post-audit deployments identified: (a) StakeNet Steward: OtterSec audit at commit f4ea93a, deployed July 2024; (b) Restaking + Vault Programs: audited at specific commits by OtterSec/Offside/Certora Oct 2024; (c) TipRouter NCN: Certora audit Jan 2025, then production deployment; (d) JIP-16 (TDA v2, March 2025) proposes code changes — specific audit coverage for this upgrade not confirmed. Per-release OtterSec reviews for validator client are informal ongoing reviews, not full re-audits. Cannot confirm all deployed versions are covered by specific audit reports without direct on-chain bytecode verification.

Sources #

Audit
Jito TipRouter NCN Certora Audit — jito-foundation/jito-tip-router security_auditsCertora Tip Router NCN audit January 2025retrieved 2026-04-29
Governance
JIP-16: TipRouter and StakeNet Adjustments for Priority FeesJIP-16 proposes TDA v2 code changes — audit status unconfirmedretrieved 2026-04-29
Audit
StakeNet Steward OtterSec Audit — jito-foundation/stakenet security-auditsOtterSec StakeNet Steward audit at commit f4ea93a, 2024-07-29retrieved 2026-04-29

Methodology #

Count deployed changes to audited bytecode where no subsequent audit or spot-review covers the changed code.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol jito factor RD-F-139 score yellow collected_at 2026-04-29 15:50:23