defirisk.co
rubric v1.7.0

Static-analyzer high-severity count

Marinade Finance's assessment for RD-F-010 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Marinade is a Rust/Anchor BPF program on Solana. Slither, Mythril, and Semgrep are EVM-specific tools and cannot be run on Solana BPF bytecode or Rust source. Sec3's 2023 audit used their proprietary X-Ray static analysis tool (Solana-native), but findings are inside a binary PDF not parseable via WebFetch. No publicly available Solana-native static analysis output exists for this protocol. Gray: EVM-specific toolchain structurally inapplicable; Solana-equivalent analysis not publicly available as standalone output.

Sources #

  • Audit
    Sec3 Marinade 2023 AuditSec3 2023 audit uses Solana-native tooling but PDF not parseableretrieved 2026-05-16
  • Internal
    Marinade Protocol Profile §11 — code-security-analyst flagsProfile §11 flagging Solana BPF toolchain incompatibility with EVM static analyzersretrieved 2026-05-16

Methodology #

Count the number of unique high-severity detector findings from Slither + Mythril + Semgrep run against the deployed verified source (after deduplication across tools).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol marinade factor RD-F-010 score gray collected_at 2026-05-16 08:48:35