Deployed bytecode reproducibility

Jupiter's assessment for RD-F-145 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Aggregator and perps programs: not reproducible by third parties — closed-source binary. Jupiter Lend (open-source): Code4rena repo specifies rustc 1.81.0 + Solana CLI 2.3.0, making reproducible build theoretically possible from published source. However no independent build verification is documented. Mixed: open-source Lend is yellow (spec provided but not verified); closed-source aggregator/perps are non-reproducible.

Sources #

GitHub
code-423n4/2026-02-jupiter-lend | GitHubJupiter Lend Code4rena — build spec (rustc 1.81.0, Solana CLI 2.3.0)retrieved 2026-04-29

Methodology #

Determine whether anyone can independently reproduce the deployed bytecode from the repo and declared build toolchain.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol jupiter factor RD-F-145 score yellow collected_at 2026-04-29 11:51:25