Marinade Finance

Dual-product Solana liquid staking protocol. mSOL product: on-chain BPF stake-pool program issuing mSOL liquid staking tokens whose value derives from on-chain stake-pool state (no external oracle). Marinade Native product (launched July 2023): non-custodial delegated staking — no smart contract custody, SOL stays in user-controlled stake accounts. MNDE governance token with Realms DAO (SPL-Governance). First Solana LST, mainnet since August 2021. Program upgrade historically controlled by 6/13 Coral Multisig (ecosystem); transitioning to MNDE Realms DAO control.

Sector lst

TVL $602.3M

Reviewed May 16, 2026

Factors 184

Categories 13

Risk score 17.5

DeploymentsSolana · $602.3M

Risk profile at a glance

0 red · 5 yellow · 7 green

25 24 17 13 15 22 16 10 13 12 8 5 4

Categories & evidence

184 factors · 13 categories

Code & audits Yellow 33 25 of 25

RD-F-004 green Audit count Five distinct audit reports across four firms: Neodyme (2021 devnet, 2023 v2.0), Ackee Blockchain (2021), Kudelski Security (2021), Sec3 (2023 v2.0). For the currently deployed v2.0 bytecode: two distinct firms (Neodyme and Sec3) both audited in November 2023. Green threshold of 2 distinct firms met.

RD-F-006 green Audit-to-deploy gap The 2023 Neodyme + Sec3 audits were completed and the code merged on Nov 14, 2023 (commit dc43b02 is the merge PR for the anchor-0.27 branch). The blog post describes audits finalizing before governance vote and deployment. The merge commit and audit completion are same-day, implying minimal audit-to-deploy gap well within 60 days. Exact deployment transaction not retrievable (Solscan 403) so medium confidence.

RD-F-008 green Ignored bounty disclosure No prior exploits documented for Marinade in hack database, Rekt leaderboard, or OSINT (profile §10 confirms zero incidents). Without prior incidents, no post-mortem can document an ignored disclosure. Green: no evidence of ignored disclosure.

RD-F-022 green Public initialize() without initializer modifier Anchor BPF program uses #[account(zero)] constraint on the state account in the initialize instruction — this constraint requires the account to be zero-initialized before execution, and Anchor writes an 8-byte discriminator prefix on first initialization. Any subsequent initialize call fails because the account is no longer zero. This is the Solana-native functional equivalent of OZ initializer modifier. No #[account(init_if_needed)] misuse found for the main state initialization. The Neodyme + Sec3 2023 audits would have flagged any re-initialization vulnerability as a well-known Anchor security pattern.

Governance & admin Yellow 22 24 of 24

RD-F-032 red Timelock duration on upgrades No on-chain timelock exists on the upgrade path. Coral Multisig (custom_onchain, analogous to Squads v3) has no timelock field. Realms MNDE DAO has 3-day voting period but no documented instruction hold-up time for the main liquid staking program. The liquid staking program is not yet under Realms control (still Coral 6/13). Zero-delay execution after 6/13 threshold met. RD-F-033 red Timelock on sensitive actions No action category (mint/pause/rescue/upgrade) routes through a timelock. pause() and emergency_unstake() callable immediately by 4/7 Council; upgrades executable immediately after 6/13 consensus. No TimelockController equivalent exists in Solana for this protocol. RD-F-038 red Proposal execution delay < 24h Coral Multisig (controls upgrade): no voting delay or execution delay — can execute upgrade as soon as 6/13 threshold met. Realms MNDE DAO: 3-day voting period documented, no cool-off or instruction hold-up time found in public configuration. Total execution delay for any action: 0-3 days. Factor threshold is 48h for green. RD-F-025 yellow Admin key custody type Upgrade authority: custom_onchain Coral Multisig (6/13 ecosystem parties). Operational admin: 4/7 Marinade Council via Realms SPL-governance. Classification: multisig without timelock. No timelock exists on any governance action. RD-F-026 yellow Upgrade multisig signer configuration (M/N) Upgrade: 6/13 Coral Multisig. Operational/pause: 4/7 Marinade Council via Realms. MNDE DAO: quorum 20M of ~550M circulating. Coral is custom_onchain (non-Squads); no Safe API data available for Solana. RD-F-028 yellow Low-threshold multisig vs TVL 6/13 ecosystem multisig for upgrades at $602M TVL. Peer norm for top Solana LSTs at this TVL band is 5-9 of 10-13; 6/13 is within acceptable range but not top-tier. No timelock is the main gap. Marinade removed Alameda (FTX) from the multisig post-FTX, demonstrating signer hygiene. Upgrade authority not yet transferred to MNDE Realms. RD-F-030 yellow Hot-wallet signer flag Multisig members are institutional Solana ecosystem organizations (Jupiter, Phantom, Raydium, etc.). Behavioral hot-wallet heuristic cannot be assessed without per-signer Solana tx history via RPC. These are organizations not individual EOAs — likely hardware-wallet or institutional custody. Grading yellow for data gap, not confirmed finding. RD-F-040 yellow Emergency-veto multisig present 4/7 Marinade Council has config authority on the Realms governance instance and can manage Realms parameters. However no explicit veto/cancel role for the Coral Multisig upgrade path is documented. Partial emergency control exists (pause function via Council) but not a true proposal-veto on upgrade decisions. RD-F-041 yellow Rescue/emergencyWithdraw without timelock pause(), resume(), emergency_unstake(), and withdraw_stake_account() exist in the program. These are gated by pause_authority (4/7 Council) and/or admin_authority. No timelock on these functions — Council multisig signature is the only gate. Not a raw-EOA rescue path (multisig required) but timelock absence is a yellow finding. RD-F-047 yellow Governance token concentration (Gini) 95M MNDE locked in governance across 170+ wallets out of ~550M circulating. 20M quorum = ~3.6% threshold. Exact Gini coefficient not computed (no on-chain holder scan available via WebFetch). The 170+ locked wallets and 3.6% quorum threshold suggest reasonable distribution, but top-10 share is unknown without on-chain data.

RD-F-027 green Single admin EOA Upgrade authority 551FBXSXdhcRDDkdcb3ThDRg84Mwe5Zs6YjJ1EEoyzBp is off-curve PDA (is_on_curve=FALSE confirmed by orchestrator). Cannot be a single EOA — no private key exists for an off-curve address. Controlled by Coral Multisig program msigmtwzgXJHj2ext4XJjCDmpbcMuufFb5cHuwg6Xdt (6/13). Solana on-curve/off-curve discriminator correctly applied per SOLANA_GOVERNANCE.md.

RD-F-029 green Multisig signers co-hosted 11 distinct major Solana organizations (Jupiter, Mango, Orca, Phantom, Raydium, Solend, Solflare, Staking Facilities, Triton.one, Miton C, Marinade x3). These are independent entities with distinct infrastructure. Strong co-host separation inferred.

RD-F-031 green Signer rotation recency No signer rotation in trailing 90 days. Most recent relevant change was post-FTX (late 2022) when Alameda and Saber were replaced — a security-improvement-directed rotation. No threshold reductions. No DPRK-precursor pattern.

RD-F-034 green Guardian/pause-keeper distinct from upgrader pause_authority and admin_authority are distinct state fields in the program. upgrade_authority (6/13 Coral ecosystem) is separate from pause_authority (4/7 Council via Realms). admin_authority (operational params) = Eh8zjgsZgwpbgNq8XZzFZttaGUCPgFu5WuMJmd3fm2ig confirmed via epoch status reports. Three distinct role holders.

RD-F-035 green Role separation: upgrade ≠ fee ≠ oracle Upgrade: 6/13 Coral ecosystem multisig PDA. Admin/fees/params: 4/7 Council Realms (Eh8zjgsZgwpbgNq8XZzFZttaGUCPgFu5WuMJmd3fm2ig). Oracle role: not applicable (no external oracle — mSOL value derived from on-chain stake-pool state). Roles are distinct.

RD-F-036 green Flash-loanable voting weight veMNDE is non-transferable and non-fungible. Cannot be flash-loaned, borrowed, or transiently acquired. Obtaining governance power requires locking MNDE with a 30-day unlock cooldown. Voting power is lost during unlock period. Beanstalk-class governance attack structurally impossible.

RD-F-037 green Quorum achievable via single-entity flash loan Flash loan attack structurally impossible (veMNDE non-transferable). Quorum requires 20M MNDE locked (not spot balance). Even controlling 20M MNDE spot would not achieve quorum without locking and waiting through 30-day unlock. No single-entity flash-loan path to quorum.

RD-F-039 green delegatecall/call in proposal execution without allowlist Solana SPL-governance uses typed CPI (cross-program invocation) to specific program instruction handlers, not EVM-style delegatecall/call with arbitrary payload. Proposal execution calls defined program instructions through SPL-governance's native mechanism. The arbitrary-target delegatecall attack surface does not exist in Solana's execution model. Factor is N/A as defined but green on the underlying safety property.

RD-F-042 green Admin has mint() with unlimited max MNDE has a hard cap of 1,000,000,000 tokens. Circulating supply ~550M. mSOL minting is program-controlled (only on SOL deposit); admin cannot mint mSOL unilaterally. No unlimited admin mint function exists.

RD-F-043 green Admin = deployer EOA after 7 days Protocol launched August 2021. Governance multisig was in place from near-launch. 6/13 ecosystem multisig controlled upgrades from the first governance upgrade (December 2021). Protocol is 57 months old; admin has never been a solo deployer EOA at any governance-relevant time. Deployer-EOA-retaining-admin scenario does not apply.

RD-F-044 green Admin wallet interacts with flagged addresses Multisig members are established Solana ecosystem institutions. Marinade proactively removed Alameda (FTX-linked) from the multisig after FTX collapse (late 2022), demonstrating active watchlist management. No current flagged interactions identified.

RD-F-045 green Constructor args match governance proposal The 2023 v2 upgrade was publicly announced via blog post before deployment. Two independent audits (Neodyme + Sec3) verified the upgrade pre-deployment. Deploy executed via 6/13 multisig consensus. No evidence of constructor-arg deviation from announced parameters.

RD-F-046 green Contract unverified on Etherscan/Sourcify Source code is fully open-source on GitHub (marinade-finance/liquid-staking-program, Rust/Anchor). IDL is public. Multiple audits confirm source-to-bytecode correspondence. Solana uses anchor verify not Etherscan; the open-source + dual-audit combination satisfies the underlying factor intent (public ABI available, no opacity).

RD-F-167 green Deprecated contract paused but pause reversible by live admin Marinade v1 was upgraded in-place (same program ID MarBmsSgKXdrN1egZf5sqe1TMai9K1rChYNDJgjq7aD, new bytecode). No deprecated program address with retained admin pause exists. Single live program address.

Oracle & external dependencies Yellow 21 17 of 17

RD-F-050 yellow Dependency graph (protocols depended upon) Material external dependency: Marinade's off-chain delegation-strategy-2 pipeline (SAM) determines validator allocation each epoch using R-based statistical scoring + PostgreSQL + validators-api.marinade.finance. If this pipeline fails, stake rebalancing halts for the affected epoch(s) — existing delegations remain but underperforming validators cannot be removed. Secondary dependency: the update_price crank bot submits update_price each epoch; failure leaves on-chain mSOL rate stale. No documented redundancy for either off-chain component. Solana native Stake program and SPL Token program dependencies are consensus-level (low practical risk). RD-F-051 yellow Fallback behavior on oracle failure No external oracle to fail in the traditional sense. For validator failure, Marinade's PSR bond provides epoch-level coverage: validators must post a bond as collateral protecting staker yield against downtime and commission changes. SAM removes underperforming validators at each epoch rebalancing cycle. However, if the off-chain delegation pipeline fails, underperforming validators cannot be removed for that epoch. Emergency pause feature was added in the 2023 upgrade (audited by Neodyme and Sec3) but guards against program-level attack, not specifically validator failure. No explicit fallback oracle or secondary data source documented. RD-F-052 yellow Breakage analysis per dependency Breakage analysis: (1) delegation-strategy-2 pipeline failure: stake frozen at last epoch allocation; no rebalancing; underperforming validators retained; PSR bond protection remains but allocation is stuck; (2) update_price crank failure: on-chain mSOL rate is stale for affected epoch — on-chain swap calculations use wrong rate; (3) Solana Stake program failure: stake accounts cannot be delegated/deactivated (consensus-level catastrophic; not material practical risk); (4) SAM scoring pipeline failure: no validator scoring, no blacklisting of underperformers; stake concentration risk rises over extended failure. Most material risk: extended delegation pipeline failure causing stake to accumulate in underperforming or offline validators without PSR bond protection. RD-F-057 yellow Circuit breaker on price deviation No price-deviation circuit breaker identified for the mSOL exchange rate. The rate can only change by epoch rewards (monotonically increasing absent a slash), so manipulation is not a realistic attack vector via this path. However, no on-chain guard against anomalous lamport totals or update_price crank exploitation is documented. The 2023 upgrade added an emergency pause feature (audited by Neodyme/Sec3), which guards against program-level attack but is not specifically a price-deviation circuit breaker. Yellow rather than red because the oracle model (stake lamport state) has a natural upper bound on rate change per epoch. RD-F-062 yellow External keeper/relayer not redundant YELLOW — Two material off-chain keeper dependencies: (1) update_price crank bot that submits the update_price instruction each epoch to update the stored mSOL exchange rate; (2) delegation-strategy-2 SAM pipeline (R scripts + PostgreSQL + validators-api.marinade.finance) that submits stake rebalancing instructions each epoch. Neither is documented as having a redundant fallback operator, Gelato automation, Chainlink Automation, or equivalent failsafe. Single-operator failure of either component leaves the on-chain state stale or frozen for an epoch. No documentation of multi-operator keeper infrastructure or on-chain keeper incentivization. RD-F-054 n/a TWAP window duration Not applicable — Marinade does not use a DEX TWAP oracle. mSOL exchange rate is derived from stake-pool lamport accounting (total staked SOL / total mSOL supply), not a TWAP window from any DEX pool. Factor definition requires a TWAP oracle to be in use. RD-F-055 n/a Oracle pool depth (USD) Not applicable — no DEX pool underlies the mSOL price oracle. Factor measures liquidity depth of the DEX pool feeding an oracle; Marinade's oracle is the stake pool's own lamport state, not a DEX pool. RD-F-056 n/a Single-pool oracle (no medianization) Not applicable — no DEX pool-based oracle in use. Factor measures whether a single DEX pool is used without medianization. Marinade uses no DEX pool for mSOL pricing. RD-F-058 gray Max-deviation threshold (bps) No max-deviation threshold configured or applicable. Factor measures the bps threshold of a circuit breaker that does not exist for Marinade's stake-pool-ratio oracle model. The mSOL exchange rate can only increase monotonically with rewards; no threshold configuration exists to check. RD-F-059 n/a Oracle staleness check present Not applicable — the factor measures staleness checks on external oracle push feeds with timestamps. Marinade's mSOL exchange rate is derived from live Solana stake account lamport state via the update_price crank each epoch. There is no external push feed with a timestamp to check for staleness. The on-chain rate reflects consensus-level state. RD-F-060 n/a Chainlink aggregator min/max bound misconfig Not applicable — Marinade does not use any Chainlink aggregator. No Chainlink dependency in Cargo.toml; no Chainlink address in contract docs; no Chainlink CPI in the BPF program. RD-F-061 n/a LP token balanceOf used for pricing Not applicable — Marinade does not use LP token balanceOf for mSOL pricing. The mSOL exchange rate is derived from stake account lamport totals (total staked SOL) divided by total mSOL supply, not from an LP token balance in any contract. RD-F-180 n/a Immutable oracle address [★ CANDIDATE per PD-017 — NOT_APPLICABLE] No external oracle address embedded (immutable or otherwise) in the Marinade liquid staking program. mSOL value is computed from the stake pool's own lamport state via calc.rs. The PD-023 non-EVM extension of F180 (oracle source address not programmatically replaceable by admin action without full binary upgrade) does not engage because there is no exogenous oracle source reference. The protocol can update delegation targets but the mSOL rate calculation itself references only Solana consensus state, not any oracle contract address. PD-017 note: F180 is not_applicable for Marinade — true negative, not evasion. Orchestrator tracks for T-14 post-launch promotion pipeline. RD-F-181 n/a Permissionless-pool lending oracle Not applicable — Marinade is an LST protocol, not a lending protocol. Factor definition: lending protocol accepts spot prices from permissionlessly-created DEX pools as oracle, allowing worthless tokens to become acceptable collateral (Rhea Finance NEAR class). Marinade has no lending market, no collateral acceptance logic, no DEX oracle acceptance config. N/A by protocol type.

RD-F-048 green Oracle providers used No external oracle providers used. mSOL exchange rate is derived from on-chain stake-pool state (total_value / total_shares via calc.rs value_from_shares and shares_from_value functions). Cargo.toml lists only anchor-lang 0.27.0, anchor-spl 0.27.0, and solana-security-txt 1.1.1 — zero oracle package dependencies. Contract-addresses docs list no oracle contract addresses. Dependencies are Solana native programs (Stake program, SPL Token) only.

RD-F-049 green Oracle role per asset No oracle role assignment required. mSOL price is endogenous to the stake pool — derived from stake account lamport totals accumulated via Solana consensus. SOL staking rewards accrue via the Solana validator set, not an external feed. The update_price crank reads stake account lamports, not an external oracle. No primary/secondary/fallback oracle role structure exists.

RD-F-053 green Oracle source = spot DEX pool (no TWAP) [★ CRITICAL — GREEN] mSOL value is computed entirely from on-chain stake-pool state. calc.rs confirms value_from_shares() uses the formula: shares = amount_value * (total_shares / total_value), i.e., price = total_value / total_shares. No DEX pool price read, no external feed, no TWAP call anywhere in the program. Cargo.toml for the marinade-finance program contains only anchor-lang 0.27.0, anchor-spl 0.27.0, and solana-security-txt 1.1.1. Zero oracle package dependencies. Backend-Design.md confirms: Marinade Liquidity Pool always operates swaps with the exact mSOL price derived from stake pool state. This is the canonical safe LST pricing model — F053 does not fire.

Economic risk Green 11 13 of 13

RD-F-064 yellow TVL concentration (top-10 wallet share) mSOL has 150,000+ holders (broad retail distribution). However, Kamino held 647,145 mSOL at Q4 2025 end — approximately 26-28% of total mSOL supply (2.32-2.47M circulating). Single DeFi venue concentration above 25% is a meaningful finding: rapid Kamino deleveraging would spike instant-unstake pool pressure and depress mSOL/SOL on-chain price. On-chain top-10 wallet share % not programmatically accessible (Solscan 403, Dune 403); yellow based on venue-level concentration evidence. Broad holder count mitigates retail-concentration risk but does not offset DeFi-venue concentration. RD-F-066 n/a Utilization rate (lending protocols) Marinade is a Solana liquid staking protocol (LST type). It has no lending markets, no borrow function, and no utilization rate. Utilization rate is a lending-protocol-specific metric. Per taxonomy §Category 4 PD-024 resolution, RD-F-066 is lending-only and produces not_applicable for non-lending protocols. RD-F-067 n/a Historical bad-debt events Marinade has no lending markets and therefore no mechanism for bad debt socialization. Historical bad debt events is a lending-protocol-specific metric. No lending exposure, no collateral liquidations, no bad debt. Per PD-024, not_applicable for non-lending protocols. RD-F-068 n/a Collateralization under stress Marinade holds no leveraged positions, no borrow/collateral book. All staked SOL directly backs mSOL at the stake-pool exchange rate. Collateralization ratio stress testing applies only to lending/CDP protocols. Per PD-024, not_applicable for non-lending protocols. RD-F-069 n/a Algorithmic / under-collateralized stablecoin mSOL is not a stablecoin. It is a liquid staking receipt token backed by staked SOL with value growing per epoch staking rewards. Algorithmic/under-collateralized stablecoin design is inapplicable. Per PD-024, not_applicable for non-lending protocols. RD-F-070 n/a Empty cToken-style market (zero supply/borrow) RD-F-070 (empty cToken-style market, Compound V2 fork exploit pattern) is not applicable to Marinade. Marinade is a Solana BPF stake-pool protocol, not a Compound V2 fork. The empty-market donation-attack requires: (1) a Compound-fork market registry where a market can exist with zero totalSupply/totalBorrow, and (2) a cToken exchange rate computed from donated asset balance. Marinade uses a fundamentally different accounting: price of mSOL = total_staked_SOL / total_mSOL_supply, updated per epoch from on-chain validator rewards. No cToken-style market can be listed on Marinade, and the mSOL exchange rate is not manipulable by direct asset donation. Taxonomy explicitly restricts this factor to Compound-fork protocols (§Category 4 PD-024: Compound-fork-only subset). Context brief confirms: F070 = not_applicable for Marinade. RD-F-071 n/a Seed-deposit requirement for new market listing Marinade has no market-listing mechanism. Validator inclusion in the delegation set is governed by an algorithmic scoring formula (open-source, permissionless), not a governance-gated market listing with seed deposit requirements. Per PD-024, RD-F-071 is lending-only. RD-F-072 n/a Market-listing governance threshold Marinade has no market-listing governance threshold concept. Validator delegation adjustments happen via algorithmic formula updates (governed by DAO) rather than per-market listings. Per PD-024, RD-F-072 is lending-only. RD-F-073 n/a Oracle-manipulation-proof borrow cap Marinade has no borrowing function or borrow caps. mSOL price is derived entirely from on-chain stake-pool state (no external oracle). Oracle-manipulation-proof borrow cap is structurally inapplicable. Per PD-024, RD-F-073 is lending-only. RD-F-074 n/a ERC-4626 virtual-share offset (OZ ≥4.9) Marinade is a Solana BPF program written in Rust with Anchor framework. It is not an EVM ERC-4626 vault and does not use the OpenZeppelin library. The virtual-share-offset pattern (OZ >= 4.9) is EVM-specific and does not apply. Per PD-024, RD-F-074 is lending-specific and not_applicable for LST protocols. RD-F-075 n/a First-depositor / share-inflation guard Marinade is a Solana BPF stake-pool, not an ERC-4626 vault. The first-depositor / share-inflation attack requires an EVM vault where the first depositor can manipulate the share price by donating assets directly to the contract. Marinade's BPF program controls minting via the stake-pool instruction set (CPI to Solana Stake program), and the mSOL exchange rate is updated per epoch from on-chain validator rewards — not from arbitrary token balances. Direct donation manipulation of the exchange rate is not architecturally possible. Per PD-024 and the taxonomy Compound-fork-only note, this factor is not_applicable for LST protocols on non-EVM chains.

RD-F-063 green TVL (current + 30d trend) Current TVL $602.3M (DefiLlama API, 2026-05-16T08:08:12Z). 100% Solana, 100% SOL-denominated. 30-day trend: -4.04% (stabilizing after structural decline from $2.51B Jan-2025 peak, -76% over 12 months). Well above $100M coverage threshold. No stablecoins, no cross-chain assets, no long-tail collateral — pure SOL LST composition.

RD-F-065 green Liquidity depth per major asset Marinade maintains a protocol-owned instant-unstake SOL liquidity pool (historically ~400,000 SOL). Instant unstake fee: dynamic 0.1%-9% based on pool utilization. DEX routing via Jupiter for mSOL-to-SOL swaps. Market data: under 25 bps price impact for trades under 5,000 SOL on Raydium mSOL/SOL pair. This represents adequate liquidity for an LST of this size. Delayed unstake is free (epoch-based, 2-3 days). Exact 2%/5% slippage depth not available programmatically (Dune 403, Solscan 403) — medium confidence based on qualitative indicators. For an LST protocol with a dedicated unstake pool, the liquidity profile is appropriate.

Operational history Green 18 15 of 15

RD-F-089 red Insurance coverage active No active insurance coverage found for Marinade Finance on Nexus Mutual, Sherlock, or Unslashed. Nexus Mutual does not list Marinade as a covered Solana protocol. Sherlock focuses on EVM protocols. At $602M TVS, even a 5%-of-TVL coverage floor would require $30M of active cover — structurally unavailable for Solana LSTs at this scale. Structural red: Solana DeFi protocols at this TVL tier lack meaningful third-party insurance infrastructure. Pre-mark confirmed per process-learnings (F089 near-default red for Solana LSTs at $500M+). RD-F-077 yellow Prior exploit count One operational incident found: the May 2025 SAM (Stake Auction Mechanism) mechanism design bug. An inverted unstakePriority calculation allowed validators to reduce bid commitments after winning stake, resulting in ~37,000 SOL (~$5M) in missed staker rewards over ~126 epochs (May 2024 to May 2025). No principal theft; yield loss only. Rekt leaderboard: empty. hacksdatabase grep for marinade/mSOL/MNDE: no direct contract exploit entries. Mango Markets Oct 2022 (mSOL used as collateral) is a dependency-context event, not a Marinade incident. Solana network outages are excluded per assessment scope. RD-F-081 yellow Post-exploit response score Post-exploit response scored on SAM incident: (1) Compensation partial — bid reduction penalty implemented, >500 SOL redistributed, full restitution not confirmed; (2) Transparency poor — no official Marinade post-mortem; disclosure community-sourced; Marinade leadership initially unresponsive per forum thread; (3) Root-cause analysis absent from Marinade team; (4) Operational recovery slow — ~18 months between incident onset (May 2024) and governance-level fix (MIP-19, Dec 2025). Composite score ~2/5. Yellow. RD-F-082 yellow Post-mortem published within 30 days No official Marinade-authored post-mortem published for the SAM incident. Community (Shiroi project) published the incident report on 2025-05-09. Marinade's governance responded via MIP-19 in December 2025, approximately 7 months after the community disclosure and ~18 months after incident onset. No protocol-authored post-mortem document found as of 2026-05-16. RD-F-083 yellow Auditor re-engaged after last exploit No external security audit specifically covering the SAM delegation logic identified post-incident. The 2024 Neodyme audit covered the Validator Bond program (not SAM delegation calculation). The SAM logic is partially off-chain. MIP-19 proposes mechanism changes but does not reference a formal security audit. Yellow: re-audit not confirmed for the affected component; Neodyme 2024 is a post-incident audit but for a different component scope. RD-F-085 yellow Incident response time (minutes) The SAM mechanism bug accumulated over ~126 epochs before community disclosure on 2025-05-09. No single exploit transaction to measure. Marinade leadership was reportedly initially unresponsive to disclosure outreach via Twitter, Discord, and Telegram (per forum thread). No on-chain emergency response (pause or parameter change) was triggered. Days-scale response time, not hours. Yellow (no documented first official team statement within 240 minutes; mechanism required governance process, not on-chain emergency response).

RD-F-076 green Protocol age (days) Mainnet deploy 2021-08-02; 1749 days live as of 2026-05-16 (~57 months). Well above the 365-day green threshold for protocol age. First Solana LST on mainnet.

RD-F-078 green Chronic-exploit flag (≥3 incidents) 1 incident total (SAM mechanism bug May 2025). Below the 3-incident chronic threshold. No chronic flag.

RD-F-079 green Same-root-cause repeat exploit Only one incident identified. No repeat root-cause pattern possible with a single event. hacksdatabase and Rekt leaderboard confirm no second SAM-class or any other incident.

RD-F-080 green Days since last exploit SAM incident disclosed 2026-05-09. Days since disclosure as of 2026-05-16: ~372 days — above the 365-day green threshold. [?] Exact last-affected epoch not pinned to a specific calendar date; using public disclosure date as reference.

RD-F-084 green TVL stability (CoV over 90d) TVL CoV from data cache over trailing 90 days: 0.055 (mean $604.6M, std $33.4M, 90-sample window ending 2026-05-16). Well below the 0.15 green threshold. TVL has been stable despite the -4.04% 30d decline.

RD-F-086 green Pause activations (trailing 12 months) No emergency pause activations found on the Marinade liquid staking program in the trailing 12 months (2025-05-16 to 2026-05-16). The SAM incident did not trigger an emergency pause. Pause mechanism was added in the Nov 2023 upgrade but no activation documented.

RD-F-087 green Pause > 7 consecutive days No pause events identified in the last 12 months. Green by absence. The pause mechanism exists (added Nov 2023) but has not been activated.

RD-F-088 green Re-deployed to new addresses in last year No full redeployment to new contract addresses in the last 12 months. Program remains at MarBmsSgKXdrN1egZf5sqe1TMai9K1rChYNDJgjq7aD. Last GitHub commit 2026-02-20 (data cache). The Nov 2023 upgrade was in-place, outside the 12-month window.

RD-F-166 green Deprecated contracts still holding value No deprecated Marinade program address identified. The Nov 2023 upgrade was executed in-place at MarBmsSgKXdrN1egZf5sqe1TMai9K1rChYNDJgjq7aD via BPFLoaderUpgradeable — same address before and after. Users required no migration action. Profile deployments table lists only one program address. The has_legacy_v1=true flag in profile metadata refers to the pre-upgrade bytecode version, not a separate deprecated address. No deprecated contract holds residual TVL.

Real-time signals Green 13 22 of 22

RD-F-098 green TVL anomaly — % drop in <1h T-09 v1 launch signal (Tier-A). Threshold: TVL_now/TVL_baseline_30d < 0.70 over 60-minute window. Current posture: TVL $602.3M (2026-05-16); 30d change -4.04%; 1d change -1.32%. 30-day median TVL approximately $628M. Ratio: $602M/$628M = 0.96 -- well above 0.70 threshold. Secular decline from $2.51B Jan-2025 peak reflects competitive pressure from Jito/JitoSOL, not an anomalous drain event. Signal would NOT fire today. Suppression: no sector-wide LST collapse observed.

RD-F-101 green Large governance proposal queued T-09 v1 launch signal (Tier-B). Applicable: Marinade uses SPL-Governance on Realms (program GovMaiHfpVPw8BAM1mbdzgmSZYDw2tdP32J2fapoQoYs, realm 899YG3yk4F66ZgbNWLHriZHTXSKk9e1kvsKEquW7L6Mo). ProposalCreated events are monitorable on-chain. Current active proposals: MIP-6 (21M MNDE budget for 2025 growth initiatives, approved Mar 2025) and MIP-9 (validator blacklisting for sandwich attacks, 2025). Both are routine operational proposals with no admin-change calldata, no suspicious young-wallet proposer, no flash-loanable quorum attack pattern. No flagged-pattern fire criteria met. Advisory-tier (any ProposalCreated): no unusual proposal cadence observed.

RD-F-182 green Security-Council threshold reduction (RT) Batch-24 Cat 6B signal. Marinade Security-Council equivalent: Coral Multisig (msigmtwzgXJHj2ext4XJjCDmpbcMuufFb5cHuwg6Xdt) at 6/13 threshold, controlling upgrade authority PDA 551FBXSXdhcRDDkdcb3ThDRg84Mwe5Zs6YjJ1EEoyzBp. Signal fires on: threshold reduction (e.g., 6/13 to lower value), timelock removal, or new signer addition within 14 days of such changes. Current posture: no known Coral Multisig threshold reduction event in recent history. Oct 2023 governance blog announced transfer of upgrade authority to MNDE Realms DAO -- this is a planned transfer (announced, governance-approved), not a unilateral Security-Council weakening event. No Drift-class 3/5-to-2/5 threshold reduction observed. Signal would NOT fire today. Governance-admin-analyst must confirm current on-chain authority state; if authority has fully transferred to Realms, the monitoring target shifts to Realms proposal execution.

Dev identity & insider risk Green 5 16 of 16

RD-F-116 yellow Contributor tenure at admin-permissioned PR Lead deployer contributor (luciotato) accumulated 125 commits before the 2023-Q4 upgrade PR -- very long tenure. Ondrej Chaloupka (ochaloup/chalda) had 10 commits and is real-name doxxed. However, contributor 'aankor' (39 commits, second highest) is pseudonymous with no verified real-world identity. aankor is not an independent admin-key holder but is a significant code contributor whose admin-capable commit history cannot be fully verified against a real-world identity. Yellow for this mixed profile. RD-F-123 yellow Sudden admin-rescue/ACL change without discussion The 2023-Q4 upgrade (Anchor v0.27, emergency pause mechanism, redelegate instruction) was announced via blog post before multisig execution (Safety First blog, Oct-Nov 2023). Oct-4 2023 blog announced intent to transfer upgrade authority from Coral Multisig to Realms. These announcements constitute prior public discussion. However: (a) the emergency pause manager role (noted as hot wallet in Neodyme 2023 audit) was added without a standalone governance proposal or Realms vote; (b) the upgrade itself was ratified by 6/13 Coral Multisig, not an MNDE holder vote; (c) status of authority transfer completion is unconfirmed. Yellow: discussion existed pre-upgrade (blog-driven) but governance vote (Realms) was not the execution mechanism. No evidence of silent ACL change with zero prior discussion (which would be red). RD-F-117 n/a ENS/NameStone identity bound to deployer ENS (Ethereum Name Service) and NameStone are Ethereum-native name resolution systems. Marinade is a Solana-native protocol (primary_chain: solana, non_evm_substrate: true). Solana has no ENS registry. This factor is structurally inapplicable to all Solana substrates per U7 instruction. RD-F-122 n/a Contributor paid to DPRK-cluster wallet Marinade pays contributors via DAO treasury (MNDE token distributions via Realms governance proposals). The deployer (luciotato) and primary engineer (ochaloup) wallets show no DPRK-cluster routing in OSINT. However, the 4/7 Marinade Council (operational multisig via Realms) does not publish individual member wallet addresses. Without wallet addresses for all payment recipients, a 3-hop on-chain DPRK routing analysis cannot be completed. Scored not_assessed for this gap. RD-F-184 gray Real-capital social-engineering persona RD-F-184 is M-only OSINT: requires curator to positively flag a known social-engineering AI persona with >= $1M attributed deposits. The Drift Protocol UNC4736 incident is the reference class (attacker deposited $1M+ to Drift Ecosystem Vault over 6 months). No comparable curator-flagged pattern found for Marinade. Marinade's product profile (staking, not a perps/AMM exchange) differs structurally from the Drift attack surface. Gray assigned per instruction: do not attempt to prove absence of a no-public-trace pattern.

RD-F-111 green Team doxx status Core leadership fully real-name doxxed: Lucio Tato (Argentine, LinkedIn/IQ.wiki/Devpost), Michael Repetny (YC alumni 2014, podcast appearances), Marco Broeken (LinkedIn/Twitter/Triton co-founder), Ondrej Chaloupka (Czech, LinkedIn/GitHub/DevConf speaker). Team page lists 5 named individuals with LinkedIn icon links. One contributor (aankor) is consistent-pseudonym. Overall classification: real-name / consistent-pseudonym-with-track-record.

RD-F-112 green Team public accountability surface Multiple verifiable public trails per team member. Lucio Tato: LinkedIn, IQ.wiki, Devpost, Argentine engineering degree (UTNBA 1993), prior projects (Meta Pool, Narwallets). Michael Repetny: LinkedIn, YC alumni (Zeerat 2014 YC batch), multiple podcast appearances (Solana Validated, Solana Compass). Marco Broeken: LinkedIn, Twitter @mbroeken, Triton co-founder post-Marinade. Ondrej Chaloupka: LinkedIn, GitHub 40+ packages, npm, DevConf.cz 2019 speaker.

RD-F-113 green Team other-protocol involvement history Lucio Tato: co-founded Meta Pool (NEAR liquid staking, active and in good standing). Marco Broeken: co-founded Triton (Solana RPC infrastructure, reputable). No rug or exit-scam affiliations for any named team member found via OSINT. No adverse results in rekt.news, hacks database, or web search for team members. Data cache rekt.incidents: [].

RD-F-114 green Deployer address prior on-chain history Deployer (luciotato) had prior legitimate blockchain development history: Meta Pool on NEAR (liquid staking, 2020), Narwallets.com (NEAR wallet). Solana deploy on 2021-08-02 was funded by Solana Foundation/Serum hackathon grant ($80,000 public award). No rug-deployer pattern in hacks database or Rekt for deployer address. Deployer address classification: legitimate-dev-history.

RD-F-115 green Prior rug/exit-scam affiliation No team member linked to a prior rug or exit-scam via verified OSINT. Web search for Marinade Finance rug/scam/fraud returned only generic cryptocurrency scam articles with no Marinade-specific results. Lucio Tato's prior project (Meta Pool on NEAR) is active. No adverse results in rekt.news for Marinade team members.

RD-F-118 green Handle reuse across failed/rugged projects No evidence of social handle reuse from a prior rugged/failed project. @MarinadeFinance Twitter active continuously since 2021 under the same brand. No ZachXBT or REKT investigations targeting Marinade team handles. Named founders (Tato, Broeken, Repetny, Chaloupka) show consistent handle history across their careers.

RD-F-119 green Commit timezone consistent with stated geography GitHub commit timestamps are consistent with stated geographies. luciotato commits show -0300 offset (Argentina/South America timezone -- consistent with stated Argentine nationality). ochaloup commits use UTC (consistent with Czech engineering practice, common in European shops). No anomalous Asian-timezone commit bursts that would signal timezone-masking (DPRK-implant weak signal per taxonomy). Commit distribution spans European/American business hours.

RD-F-120 green Video-off/voice-consistency flag Michael Repetny appeared on video in multiple public podcast interviews (Validated by Austin Federa / Solana Media, Solana Compass). Lucio Tato has public LinkedIn photo and IQ.wiki profile. No curator-recorded video-off or voice-inconsistency concerns found via OSINT. Team members have appeared publicly at conferences.

RD-F-121 green Contributor OSINT depth score Curator OSINT depth scores: Lucio Tato 5/5 (30yr professional history, Argentine public records, prior NEAR ecosystem projects); Michael Repetny 5/5 (YC alumni, multiple podcast appearances, verified prior company Zeerat); Marco Broeken 4/5 (LinkedIn, Twitter, Triton co-founder post-Marinade); Ondrej Chaloupka 4/5 (LinkedIn, GitHub, DevConf.cz speaker, npm packages). Overall team depth: high. aankor: 1/5 (GitHub only). Net score driven by doxxed leadership.

RD-F-124 green Deployer wallet mixer-funded within 30 days Deploy date 2021-08-02. Solana had no Tornado Cash equivalent operational at that date (Tornado is EVM/Ethereum-native; Railgun does not operate on Solana). No OSINT evidence of any obfuscation-tool interaction for the deployer keypair (luciotato) within 30 days pre-deploy or post-deploy. Funding source was an $80,000 Solana Foundation/Serum hackathon grant -- a publicly documented institutional disbursement. OFAC SDN list search returned no results for Marinade-associated addresses. No mixer-equivalent funding path identified.

RD-F-125 green Deployer linked within 3 hops to DPRK/Lazarus No evidence of DPRK/Lazarus cluster proximity for any Marinade privileged address. OSINT search for Marinade Finance + DPRK/Lazarus/North Korea returned null. The Drift Protocol Apr-2026 UNC4736/Lazarus attack: the attacker deposited $1M+ into Drift Ecosystem Vault to build credibility -- Marinade's staking was one of the broader Solana staking venues available, but the attack vector was Drift's Security Council governance, not Marinade personnel. Per U4 instruction: attacker using Marinade staking as a deposit venue is NOT team contamination. Marinade team addresses show no OFAC SDN presence. No Chainalysis-published Lazarus cluster proximity found via public search.

Fork / dependency lineage Green 0 10 of 10

RD-F-126 n/a Is-a-fork-of Marinade is an original design, not a fork of any upstream protocol. Profile §5 confirms Not forked/original. GitHub README describes it as the first Solana liquid staking program. No bytecode similarity or GitHub fork relationship exists. Factor not_applicable: no upstream to identify. RD-F-127 n/a Upstream patch not merged Not applicable — Marinade is an original design with no upstream fork source whose security patches could propagate downstream. RD-F-128 n/a Upstream vulnerability disclosure (last 90d) Not applicable — no upstream fork source to disclose vulnerabilities affecting this protocol. RD-F-129 n/a Code divergence from upstream (%) Not applicable — no upstream codebase to measure code divergence from. RD-F-130 n/a Fork depth (generations from original audit) Not applicable — original protocol, fork depth = 0 (no fork at all, not even a first-generation fork). RD-F-131 n/a Fork retains upstream audit coverage Not applicable — original design; all audits are fresh independent audits of the Marinade codebase itself, not delta audits from an upstream. Fork audit coverage concept does not apply. RD-F-132 n/a Fork has different economic parameters than upstream Not applicable — no upstream economic parameters exist to compare against.

RD-F-133 green Dependency manifest uses unpinned versions Cargo.lock pins all dependencies to exact versions: anchor-lang 0.27.0, anchor-spl 0.27.0, solana-program 1.15.2, spl-token 3.5.0, borsh 0.9.3, solana-security-txt 1.1.1. Rust Cargo.lock is a deterministic lockfile that pins all transitive dependencies to exact content-hashed versions — stronger than npm or foundry pinning. No ^ or ~ version ranges apply in the deployed lockfile. All security-critical libraries are exactly pinned.

RD-F-134 green Dependency had malicious-release incident (last 90d) No malicious-release advisory found in the last 90 days for the pinned dependencies: anchor-lang 0.27.0, anchor-spl 0.27.0, solana-program 1.15.2, spl-token 3.5.0, borsh 0.9.3. These are stable packages from coral-xyz (Anchor) and Solana Labs organizations with established security track records. No GHSA or crates.io security alert found for these versions.

RD-F-135 green Shared-library version with known-vuln status Key shared library versions: anchor-lang 0.27.0, anchor-spl 0.27.0, spl-token 3.5.0. No CVE or GHSA advisory found for anchor-lang 0.27.0, anchor-spl 0.27.0, or spl-token 3.5.0 at high/critical severity. Note: anchor 0.27.0 is an older release (current is 0.30.x as of 2026) but not end-of-life and has no known active security advisories. The program code was frozen at the Nov 2023 audit state — dependency upgrade risk is a governance/ops concern rather than a current CVE finding.

Post-deploy hygiene & change mgmt Green 6 13 of 13

RD-F-145 yellow Deployed bytecode reproducibility Source code is open-source on GitHub (Rust/Anchor). Anchor provides deterministic build tooling. Two auditors reviewed the v2 upgrade pre-deployment. Exact anchor verify attestation not found in public evidence; reproducibility is strongly implied by dual-audit + open-source combination but not formally documented. RD-F-185 yellow Bridge rate-limiter / chain-pause as positive mitigant Marinade is not a bridge (F185 is bridge-centric) but has analogous protective controls: (1) pause() function in liquid staking program callable by 4/7 Council multisig halts protocol operations; (2) SOC 2 Type II compliance documents emergency procedures; (3) Solana network-level pause capability (validators can coordinate chain pauses). Partial positive mitigant. Factor scoring is bridge-oriented; LST context produces yellow not green. RD-F-143 gray Reinitializable implementation (no _disableInitializers) Solana BPF programs are not EVM proxies. There is no _disableInitializers() pattern and no OpenZeppelin Initializable proxy. Anchor programs use #[account(init)] guards on state accounts to prevent re-initialization. The EVM-proxy-takeover attack surface described in this factor does not exist in the Solana BPF execution model. Factor is structurally not applicable to this protocol substrate.

RD-F-136 green Deployed bytecode matches signed release tag Deployed bytecode corresponds to commit 1bd5133 (Nov-14-2023 merge). Two audits (Neodyme + Sec3) reviewed this commit pre-deployment. No commits in the source repo since Nov-2023. Source-to-bytecode correspondence confirmed by auditors.

RD-F-137 green Upgrade frequency (per 90 days) Zero upgrades in trailing 90 days. Last program upgrade was November 2023 (~18 months ago). Upgrade frequency = 0 per 90d. Appropriate for a mature stake pool.

RD-F-138 green Hot-patch deploys without timelock (last 30 days) No hot-patch deploys in last 30 days (last code commit November 2023). Zero bypass events.

RD-F-139 green Post-audit code changes without re-audit Last audit: Neodyme + Sec3, November 2023 (both covering the v2 upgrade commit). Last GitHub commit with functional code change: November 14, 2023 (same day as audit coverage). README update commit is the only post-merge activity (not a code change). Post-audit drift count = 0. This is a clean post-audit hygiene profile.

RD-F-140 green Fix-merged-but-not-deployed gap No open fix PRs for security-relevant issues pending deployment identified. GitHub shows 6 open PRs and 1 open issue; none appear to be security fixes based on available evidence.

RD-F-141 green Test-mode parameters in deploy Two independent audits (Neodyme: no issues above low severity; Sec3: clean) covered the deployed v2. Protocol operating with $602M TVL in production — test-mode params would have been detected. admin_authority is operational multisig (not deployer EOA).

RD-F-142 green Storage-layout collision risk across upgrades Solana BPF programs do not use EVM-style storage slots. Marinade uses Anchor with explicit typed account structs. The v2 upgrade (2023) maintained backward-compatible state layout; two auditors reviewed the upgrade. Anchor discriminator-based validation prevents account-type confusion across upgrades.

RD-F-144 green CREATE2 factory permits same-address redeploy Solana does not use CREATE2. BPF Loader Upgradeable enables bytecode upgrade at the same program ID but only when the upgrade_authority (6/13 Coral ecosystem multisig) signs. Not the same attack surface as EVM CREATE2 factory redeployment.

RD-F-146 green New contract deploys in last 30 days No new core program deploys in last 30 days. Last bytecode change was November 2023. Validator-bonds is a separate program deployed earlier (Neodyme audit March-April 2024 suggests pre-audit deployment in early 2024). No fresh attack surface in trailing 30 days.

RD-F-168 green Stale-approval exposure on deprecated router Marinade v1 was upgraded in-place at the same program ID. No deprecated router/contract with stale approvals exists. Solana SPL token approvals to the program address still apply but the in-place upgrade means v2 code now runs at that address. No orphaned legacy approval surface.

Cross-chain & bridge Gray 0 12 of 12

Threat intelligence & recon Yellow 44 8 of 8

RD-F-161 red Protocol-impersonator domain registered (typosquat) Marinade is a well-known Solana brand ($602M TVL, 5-year track record). Confirmed active impersonator domains: (1) staking-boost.com, (2) stake-boost.com, (3) rewards-marinade.finance -- all documented by PCRisk removal guide (last updated Dec 16 2025) as fraudulent Marinade impersonator sites designed to steal 12/24-word seed phrases. Domain rewards-marinade.finance directly incorporates the brand name. PCRisk update date: Dec 16 2025 -- approximately 5 months before assessment date (2026-05-16). Domains have been active beyond the strict 90-day taxonomy threshold window but represent a confirmed active phishing ecosystem. Delta from documented active date to assessment: approximately 150 days. Curator call: red given confirmed active impersonation (seed-phrase theft functionality, multiple domains, multiple variants). The well-known nature of the Marinade brand makes this a higher-risk impersonation surface. RD-F-158 yellow Known-threat-actor cluster has touched protocol T-09 phase-2 signal (Tier-C, advisory only). Lazarus/DPRK INCOGNITO cluster used Solana ecosystem infrastructure for Drift exploit (Apr 2026, $285M). Separately, Lazarus laundered $3.2M stolen Solana assets (May 2025, attributed by ZachXBT Jun 2025, routed through Ethereum and Tornado Cash). No confirmed public on-chain attribution of a known DPRK wallet directly interacting with Marinade program accounts (MarBmsSgKXdrN1egZf5sqe1TMai9K1rChYNDJgjq7aD) within 30 days of assessment. However, as a $602M SOL staking venue, Marinade is a plausible passive-venue routing layer for DPRK fund movement (U4: adversarial venue use). Yellow advisory posture. This is NOT team contamination (F125 scope); DPRK team linkage unconfirmed. Tier-C: advisory only, no grade flip. RD-F-159 gray Attacker wallet pre-strike probe (low-gas failing txs) Solana equivalent of mempool probe: low-fee failing transactions to Marinade program accounts from attacker-labeled wallets. No public report of such probing activity found. Requires Solana on-chain pattern monitoring with attacker cluster feed; not yet wired. RD-F-162 gray Known-exploit-template selector deployed by any address Applicable in principle: any Solana program deploying an Anchor discriminator pattern matching Marinade's stake-pool instructions could be a probe. No known LST-specific exploit-template discriminator pattern deployed targeting Marinade's program. No public Solana exploit-template DB exists at production scale. Requires specialized on-chain monitoring. RD-F-163 gray Avg attacker reconnaissance time for peer-class protocols Analytical benchmark factor: average days of reconnaissance activity by attacker-labeled wallets before strike on peer-class protocols (Solana LST class). Hack DB shows no Marinade-specific incident. Peer-class benchmark (Raydium Dec 2022 admin-key compromise: ~0 reconnaissance days visible on-chain) differs from Drift Apr 2026 DPRK pattern (78-day equivalent). No Marinade-specific reconnaissance timeline to anchor. Requires curator computation across the peer-class hack DB entries. RD-F-164 gray Leaked credential on paste/sentry site No public paste site or credential dump referencing Marinade API keys, RPC endpoints, or deployer private keys found via OSINT search as of 2026-05-16. Production monitoring requires a dedicated paste/credential-dump feed (e.g., HaveIBeenPwned API, Sentry-alt monitoring, IntelX). Not observable at static OSINT tier at production level. RD-F-165 gray Protocol social channel has scam-coordinator flag Marinade maintains official Discord (discord.com/invite/marinade) and forum (forum.marinade.finance). No public report of Marinade's official Discord admins being flagged on a scam-coordinator watchlist. Impersonation risk exists via fake Discord servers (a common Solana DeFi attack vector) but no specific confirmed instance found for Marinade's official channels. Requires curator social-watchlist monitoring against official Discord member list.

RD-F-160 green GitHub malicious-dependency incident touching protocol deps Marinade liquid staking program uses Anchor framework (v0.27.0 per 2023 upgrade) and Rust dependencies. No GitHub Security Advisory or public malicious-release incident flagging a malicious crate in Anchor, solana-program SDK, or core Marinade Cargo.toml dependencies as of 2026-05-16. Anchor framework maintained by Coral team; no supply-chain compromise incidents found in public sources. Green based on absence of advisory in public channels.

Tooling / compiler / AI Green 0 5 of 5

RD-F-170 n/a Solc version used (known-bug versions flagged) Marinade is a Rust/Anchor BPF program on Solana. No Solidity compiler (solc) is used. The relevant compiler is rustc targeting Solana BPF. No Solidity known-bug list applies. Anchor.toml specifies anchor_version=0.27.0 and solana_version=1.14.29. Structural not_applicable for non-EVM Rust program. RD-F-171 n/a Bytecode similarity to audited upstream with behavior deviation Marinade is an original design with no audited upstream to compare against for AI-copy risk. No EVM bytecode exists (BPF). Independent dual-firm audit (Neodyme + Sec3 2023) validates the codebase. Structural not_applicable: no audited upstream for bytecode similarity comparison and BPF not EVM. RD-F-174 n/a Dependency tree uses EOL Solidity version Marinade uses Rust, not Solidity. No Solidity EOL version check applies. Rust 2021 edition is fully supported. anchor-lang 0.27.0 and solana-program 1.15.2 are not end-of-life. Structural not_applicable for Solidity EOL dimension.

RD-F-172 green Repo shows AI-tool co-authorship in critical files All 10 recent GitHub commits (Oct-Nov 2023) attributed to named regular contributors: Ondra Chaloupka (ochaloup), Lucio M. Tato, and aankor — all with multi-year contribution histories in this repository. No GitHub Copilot co-authored-by trailers or ChatGPT Code Interpreter signatures detected in commit metadata. The 2023 v2.0 upgrade was a framework migration and feature addition by the established team, not AI-generated code.

RD-F-173 green Team self-disclosure of AI-generated Solidity No public disclosure by Marinade of AI-generated code in security-critical paths found via blog, GitHub, or docs search. The program is Rust, not Solidity — the factor specifically references AI-generated Solidity, making this doubly not-applicable in spirit, but assessed green (no disclosure rather than not_applicable because the factor language is technology-agnostic at the disclosure level).

Response & disclosure hygiene Yellow 33 4 of 4

RD-F-176 red Disclosure SLA public No acknowledgment-time SLA published. Neither the Immunefi program page nor Marinade docs state a specific acknowledgment timeline (e.g., 72h ack). The Immunefi platform default does not substitute for a protocol-specific SLA commitment. No prior response-time evidence found in public sources. Score: red (no SLA published). RD-F-177 yellow Prior known-ignored disclosure Forum incident report documents that the Shiroi project attempted to contact Marinade leadership via Twitter, Discord, and Telegram before publishing the May 9, 2025 community disclosure. Forum states no response was received from Marinade team. A GitHub issue documenting the vulnerability also appears to have been unactioned before public disclosure. This is directionally consistent with a delayed/ignored disclosure. However, the SAM bug was an ongoing operational drain (not a smart-contract exploit that exploded post-disclosure), so the risk profile differs from a classic ignored-disclosure-leading-to-exploit. Yellow: evidence of delayed response to a disclosed operational issue; below confirmed ignored-pre-exploit threshold.

RD-F-175 green Disclosure channel exists Active Immunefi bug bounty program at https://immunefi.com/bug-bounty/marinade/. Program live since at least 2022 (Medium announcement). Marinade docs link to Immunefi. Disclosure channel is public and accessible. Data cache confirms immunefi as platform.

RD-F-178 green CVE/GHSA advisory issued against protocol No CVE or GHSA advisory issued against Marinade Finance or its liquid staking program found via OSINT search (2026-05-16). The SAM incident was not published as a CVE or GHSA. No structured CVE data populated in data cache. GitHub Security Advisories for marinade-finance org show no public advisories.

rubric_version v1.7.0 graded_at 2026-05-16 11:30:13 factors 184 protocol marinade