Hot-patch deploys without timelock (last 30 days)

Jupiter Perpetual Exchange's assessment for RD-F-138 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Squads v4 time_lock=86400s (24 hours) confirmed on-chain. Any program upgrade in the last 30 days that routed through the Squads v4 multisig AxkJ8oH5... would have had a 24-hour delay before execution — not a hot-patch by the Squads definition. Whether any upgrades occurred in the last 30 days cannot be confirmed (Solscan 403). Prior assessment (structural absence of timelock, yellow) updated: timelock now confirmed for Squads-mediated upgrades. Scored yellow: timelock confirmed (not zero-delay); upgrade frequency in last 30d unverifiable; direct admin instruction paths (if any exist in closed source) could bypass the timelock.

Sources #

Internal
SOLANA_GOVERNANCE.md Squads v4 layoutSOLANA_GOVERNANCE.md: Squads v4 time_lock field enforced by the Squads program; BPFLoaderUpgradeable upgrade is immediate after multisig approval + timelock elapsedretrieved 2026-05-16
Tx
Squads v4 multisig config AxkJ8oH5 on SolscanOn-chain: Squads v4 multisig config AxkJ8oH5 time_lock=86400s; any upgrade via Squads multisig has 24h delay — not a hot-patch in the Squads-mediated pathretrieved 2026-05-16

Methodology #

Count upgrades executed in the last 30 days without going through the declared timelock path.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol jupiter-perps factor RD-F-138 score yellow collected_at 2026-05-16 01:53:11