Permissionless-pool lending oracle
Jupiter's assessment for RD-F-181 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Jupiter Lend does not accept spot prices from permissionlessly-created DEX pools. Oracle providers are limited to curated, established providers: Pyth Network, Chainlink Data Feeds, Redstone, JupLend native exchange rates, and on-chain Solana staking program rates (StakePool/MsolPool/SinglePool). The Offside Labs Oracle and Flashloan audit (October 13-19, 2025) specifically reviewed the oracle configuration, consistent with a controlled oracle acceptance framework. The Code4rena audit brief (Feb-Mar 2026) confirms oracle sources include 'Pyth, Chainlink, and Solana-native pools' — with 'Solana-native pools' referring to staking programs (not permissionlessly-created AMM pools). F181 is not applicable to the Aggregator (DEX aggregator, not lending) or Perps (uses only push oracle providers). Green for Lend.
Sources #
- AuditOffside Labs — Jupiter Lend Oracle and Flashloan audit (Oct 2025)Offside Labs Oracle and Flashloan audit (Oct 2025) reviewed oracle configuration — existence of specialized oracle audit confirms controlled acceptance frameworkretrieved 2026-04-29
- Code4rena Jupiter Lend audit briefCode4rena audit confirms oracle sources include Pyth, Chainlink, Solana-native pools (staking, not permissionless DEX)retrieved 2026-04-29
- Oracles — Jupiter Lend Developer DocsLend oracle providers: Pyth, Chainlink, Redstone, JupLend, staking program rates — no permissionless pool acceptanceretrieved 2026-04-29
Methodology #
Determine whether the lending protocol accepts spot prices from a DEX where any user can permissionlessly create new pools, without requiring a TWAP window, liquidity floor, or token-age minimum on the venue side.
See the full factor methodology and distribution across all protocols →