defirisk.co
rubric v1.7.0

CREATE2 factory permits same-address redeploy

Marinade Finance's assessment for RD-F-144 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Solana does not use CREATE2. BPF Loader Upgradeable enables bytecode upgrade at the same program ID but only when the upgrade_authority (6/13 Coral ecosystem multisig) signs. Not the same attack surface as EVM CREATE2 factory redeployment.

Sources #

  • Internal
    SOLANA_GOVERNANCE.md — BPF Loader UpgradeableSOLANA_GOVERNANCE.md — BPF Loader Upgradeable mechanism requires upgrade_authority signatureretrieved 2026-05-16

Methodology #

Determine whether a CREATE2 factory deployment allows redeployment to the same address with different bytecode (via selfdestruct + redeploy pattern).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol marinade factor RD-F-144 score green collected_at 2026-05-16 08:48:35