defirisk.co
rubric v1.7.0

Raydium

Multi-product Solana AMM and DEX. Operates four pool models: Standard AMM v4 (constant-product + OpenBook CLOB integration), CLMM (concentrated liquidity), CPMM (revamped constant-product with Token-2022 support), and Stable (Curve-style stableswap). Secondary products include LaunchLab (IDO launchpad) and Burn & Earn (permanent liquidity locker). Launched February 2021; experienced a December 2022 admin-key-compromise ($4.4M loss) and subsequently migrated to Squads V4 multisig admin with 24-hour timelock.

Sector dex
TVL $1.0B
Reviewed May 12, 2026
Factors 184
Categories 13
Risk score 10.2
DeploymentsSolana · $1.0B
01

Risk profile at a glance

0 red · 1 yellow · 11 green
25 24 17 13 15 22 16 10 13 12 8 5 4
02

Categories & evidence

184 factors · 13 categories
Code & audits Green 11 25 of 25
RD-F-001 yellow Audit scope mismatch 8 audit engagements with PDFs cover all 4 core programs. Solana BPF programs lack Etherscan-equivalent CBOR bytecode metadata for commit-SHA verification. CLMM received anchor upgrade to 0.32.1 (SHA a5a46ff, Dec 29 2025) post-Sec3 Q3 2025; Sec3 Q2 2026 covers CLMM new features. CPMM received fix commit (SHA ec3b20d, Nov 4 2025) partially post-Sec3 Q3 2025 audit. No confirmed mismatch but cryptographic bytecode-to-commit verification infeasible on Solana via public tooling. RD-F-002 yellow Audit recency Most recent audit: Sec3 Q2 2026 (CLMM, ~1 month old). CPMM: Sec3 Q3 2025 (~7 months). Standard AMM v4: MadShield Q2 2023 (~36 months) — weakest point but program changes are minimal. Stable AMM: OtterSec Q3 2022 (~42 months). RD-F-003 yellow Resolved-without-proof findings MadShield Q1 2024 CPMM audit: 2 Critical + 1 High — all resolved per public sources. OtterSec Q3 2022 CLMM: 2 Critical (OS-RAY-ADV-00/01) — remediated and confirmed via subsequent Immunefi engagement. Two Immunefi-discovered criticals (tick manipulation Jan 2024, liquidity drain Mar 2025) patched. Audit PDFs are binary so exact finding-by-finding commit verification is infeasible via WebFetch; Immunefi bugfix reviews confirm resolution for the two post-audit criticals. RD-F-005 yellow Audit firm tier All 5 firms are Tier-2. OtterSec and Sec3 are Solana-native and considered leading firms for SVM programs. Halborn is established Tier-2. No Tier-1 (ToB/OZ/ConsenSys/Certora/Sigma/Spearbit/Zellic) engagement identified. For Solana protocols, OtterSec is considered equivalent to a Tier-1 Solana auditor. RD-F-024 yellow Code complexity vs audit coverage 3 audit firms cover Standard AMM v4 (Kudelski, OtterSec, MadShield). 2 cover CLMM (OtterSec, Sec3). 2 cover CPMM (MadShield, Sec3). Coverage appears proportionate to complexity. LOC-per-audit-day not derivable from binary PDF. Marked yellow due to inability to compute precise metric. RD-F-009 gray Formal verification coverage No formal verification (Certora/Kani/Halmos) engagement found in public audit directory or documentation. Protocol relies on traditional manual audits and Immunefi bounty only. RD-F-010 gray Static-analyzer high-severity count Slither/Mythril/Semgrep do not run on Rust/BPF programs. No published automated scan output available. Published audit reports serve as proxy evidence. Two Immunefi-discovered criticals were patched; no known unpatched high-severity. Cannot produce tool-run evidence for non-EVM protocol. RD-F-011 n/a SELFDESTRUCT reachable from non-admin path SELFDESTRUCT opcode does not exist in Solana BPF/SBF. Solana programs can close accounts (lamport transfer) but this is admin-gated and not equivalent to Solidity SELFDESTRUCT. N/A for Solana. RD-F-012 n/a delegatecall with user-controlled target delegatecall does not exist in Solana. Solana uses CPI (cross-program invocation) with hardcoded or PDA-validated program IDs. CPI targets in Raydium are controlled, not user-supplied. N/A. RD-F-013 n/a Arbitrary call with user-controlled target No analogous arbitrary call with user-controlled target in Solana Rust programs. CPI targets are validated via account ownership and program ID checks. N/A for Solana. RD-F-015 n/a ERC-777/1155/721 hook without reentrancy guard ERC-777/ERC-1155/ERC-721 are Ethereum token standards with callbacks. Solana SPL Token has no transfer callbacks. Token-2022 transfer hooks exist but differ from ERC callbacks. CPMM Token-2022 support audited by Sec3 Q3 2025. N/A for ERC hook patterns. RD-F-019 n/a ecrecover zero-address return unchecked ecrecover is an Ethereum precompile; Solana uses ed25519 signatures via Solana runtime intrinsics. No ecrecover pattern present. N/A for Solana. RD-F-020 n/a EIP-712 domain separator missing chainId EIP-712 is an Ethereum signing standard. Solana uses ed25519 with blockhash-based replay protection. No domain separator needed. N/A. RD-F-021 n/a UUPS _authorizeUpgrade correctly permissioned UUPS is an EVM proxy pattern. Solana uses BPF Upgradeable Loader with Squads V4 upgrade authority. No UUPS _authorizeUpgrade needed. N/A. RD-F-023 n/a Constructor calls _disableInitializers() OZ _disableInitializers() is an EVM proxy pattern. Solana BPF Upgradeable Loader handles upgrades at the loader level, not via storage slot proxies. N/A for Solana.
RD-F-004 green Audit count 5 distinct audit firms: Kudelski Security, OtterSec, MadShield, Halborn, Sec3. 8 total engagements. All 4 core programs have at least 1 firm; CLMM and CPMM have multiple firms.
RD-F-006 green Audit-to-deploy gap Kudelski Q2 2021 at launch. CLMM OtterSec Q3 2022 concurrent with CLMM deployment. CPMM MadShield Q1 2024 concurrent with CPMM deployment (Jan 2024). Sec3 Q2 2026 concurrent with CLMM feature deployment. No material audit-to-deploy gap detected.
RD-F-007 green Bug bounty presence & max payout Active Immunefi program since 2023-04-25, last updated 2024-10-26. Max payout $505,000 (Critical). 74 assets in scope. $1.7M paid out historically. Median 2-day resolution time. Contact: security@reactorlabs.io.
RD-F-008 green Ignored bounty disclosure Two Immunefi criticals (tick manipulation Jan 2024, liquidity drain Mar 2025) patched promptly before exploitation. Dec 2022 incident was operational key compromise, not an ignored code disclosure. No evidence of any ignored disclosure.
RD-F-014 green Reentrancy guard on external-calling functions Solana single-threaded SVM prevents traditional reentrancy. Anchor 0.32.1 (used by CLMM and CPMM) includes built-in reentrancy guard. Standard AMM v4 (native Rust, non-Anchor) relies on Solana runtime single-threaded guarantees. No reentrancy exploit identified in any audit.
RD-F-016 green Divide-before-multiply pattern Slither divide-before-multiply detector N/A for Rust. Rust equivalent (integer rounding errors in math paths): Immunefi liquidity-drain finding (Mar 2025) was precisely this class — rounding error in lp_tokens_to_trading_tokens — patched and bounty paid. MadShield Q1 2024 also found critical rounding issues, all resolved. No known remaining precision issues.
RD-F-017 green Mixed-decimals math without explicit scaling AMM constant-product math uses explicit decimal scaling. CLMM tick-based accounting normalizes across decimals. Token-2022 ScaledUIAmount supported in CPMM (commit 835bc89). No cross-decimal un-normalized arithmetic identified in audits.
RD-F-018 green Signed/unsigned arithmetic confusion Rust's type system prevents silent signed/unsigned conversion (explicit casts required). OtterSec Q3 2022 CLMM found OS-RAY-ADV-00 (unchecked type casting) — remediated. No known remaining signed/unsigned issues post-remediation.
RD-F-022 green Public initialize() without initializer modifier Raydium uses Rust/Anchor on Solana — the OZ initializer modifier pattern does not exist. Anchor enforces initialization through account struct constraints (Signer<'info>, seeds, init). CPMM initialize requires creator Signer. Standard AMM v4 process_initialize2 checks is_signer explicitly. No open unguarded initialization vector found. EVM attack vector eliminated by architecture.
RD-F-183 green Bug bounty scope gap on highest-TVL contracts Immunefi program has 74 assets in scope. Exclusions are specific known-and-resolved findings from prior audits (not contract address exclusions). Standard AMM v4 ($1B+ TVL), CLMM, and CPMM are all in active bounty scope. $1.7M paid; median 2-day resolution. No high-TVL contract found explicitly excluded from bounty.
Governance & admin Green 15 24 of 24
RD-F-029 yellow Multisig signers co-hosted Docs state air-gapped cold devices with physically removed network cards for each signer. Sequential signing prevents conflicting parallel signatures. However, signer identities are pseudonymous and ASN-level co-hosting verification is not possible via OSINT. Cannot confirm geographic or custodial separation of the 4 upgrade multisig signers. RD-F-031 yellow Signer rotation recency No public record of signer-set changes since December 2022 Squads migration. Cannot confirm via OSINT (Solscan 403, Squads app 403). No threshold reduction events identified. Stable post-2022 posture is the documented intent. Low confidence due to data gap on Squads transaction history. RD-F-032 yellow Timelock duration on upgrades 24-hour timelock declared for program upgrades via Squads V4. This is the minimum review window before an upgrade can execute. 24h is shorter than best-practice recommendation of 48-72h but is meaningful. The timelock is enforced by the Squads protocol's transaction expiration mechanism, not a separate on-chain TimelockController. RD-F-033 yellow Timelock on sensitive actions 24h timelock applies to program upgrades. Admin fee collection functions (WithdrawPnl in AMM V4, collect_protocol_fee in CLMM) require multisig signatures but do not have an independent timelock on execution. Treasury multisig gates fee withdrawals but no dedicated timelock per-action confirmed for sensitive actions beyond upgrades. RD-F-034 yellow Guardian/pause-keeper distinct from upgrader No dedicated pause-keeper separate from the program upgrade multisig identified. Pool-level admin functions (update_pool_status in CLMM) require the same admin/owner multisig address. No evidence of a distinct guardian role with pause-only authority. Raydium has no separate pause mechanism independent of full admin authority. RD-F-040 yellow Emergency-veto multisig present No separate emergency-veto multisig identified distinct from the program upgrade multisig. The 24h Squads timelock window allows implicit veto by not broadcasting within the window, but there is no dedicated empowered veto role. Raydium's security model relies on the 24h review window and multisig threshold, not a distinct veto mechanism. RD-F-041 yellow Rescue/emergencyWithdraw without timelock WithdrawPnl in AMM V4 allows pnl_owner/amm_owner to extract accumulated protocol fees without an independent timelock (multisig threshold required but no separate time delay). CLMM collect_protocol_fee similarly has no independent timelock. These are limited to fee accruals, not full LP fund drainage. Post-Dec 2022 remediation removed the dangerous LP supply inflation + withdrawPNL combination. Current fee withdrawal is multisig-gated but not independently timelocked. RD-F-036 n/a Flash-loanable voting weight No on-chain Governor contract. No Realms-based governance. No token-weighted voting contract. Governance is pseudonymous team via Squads multisig. Discourse forum is advisory only. Flash-loanable voting weight attack surface does not exist for Raydium's governance architecture. RD-F-037 n/a Quorum achievable via single-entity flash loan No on-chain governor. Quorum via flash loan attack surface does not exist. Not applicable to Raydium's multisig governance model. RD-F-038 n/a Proposal execution delay < 24h No proposal execution mechanism (no on-chain governor). The 24h timelock applies to program upgrades specifically, not to governance proposal execution in the Compound Governor sense. Not applicable. RD-F-039 n/a delegatecall/call in proposal execution without allowlist Solana programs do not use delegatecall. No on-chain proposal execution path with arbitrary call/delegatecall. Squads executes BPF upgrade transactions via BPFLoaderUpgradeable, not arbitrary proposal payloads with target allowlists. EVM-specific attack vector does not apply. RD-F-042 n/a Admin has mint() with unlimited max Raydium is a DEX. LP tokens are minted by AMM PDA authority (programmatic, not admin-callable). RAY token mint authority is separate from AMM admin controls. No admin-callable mint function with unlimited supply cap found in AMM, CLMM, or CPMM programs. RD-F-044 n/a Admin wallet interacts with flagged addresses Treasury multisig GThUX1Atko4tqhN2NaiTazWSeFWMuiUvfFnyJyUghFMJ and Upgrade multisig FytDrVzDybM1TwFQPGb8qaxZR7dBCzNeqT3vtQsceZQK not found on standard mixer or flagged address watchlists. Historical compromised account HggGrUeg4ReGvpPMLJMFKV69NTXL1r4wQ9Pk9Ljutwyv was itself a victim of trojan attack, not connected to attacker clusters. [v1-deferred Pass 3] RD-F-045 n/a Constructor args match governance proposal Solana programs do not use Ethereum-style constructor arguments. BPF Loader deployments have no constructor arg verification analog. Not applicable to Solana deployment model. RD-F-047 n/a Governance token concentration (Gini) No on-chain governor. RAY token exists but there is no governance voting contract weighing token holdings. Governance power concentration analysis is not applicable without a voting contract.
RD-F-025 green Admin key custody type Multisig+timelock for program upgrades. Squads V4 3/4 upgrade multisig (FytDrVzDybM1TwFQPGb8qaxZR7dBCzNeqT3vtQsceZQK) with 24h timelock. Treasury multisig 3/5 (GThUX1Atko4tqhN2NaiTazWSeFWMuiUvfFnyJyUghFMJ). All signers use air-gapped devices with hardware key + TOTP authentication.
RD-F-026 green Upgrade multisig signer configuration (M/N) Program Upgrade Multisig: 3/4 threshold (Squads V4 address FytDrVzDybM1TwFQPGb8qaxZR7dBCzNeqT3vtQsceZQK). Treasury Multisig: 3/5 threshold. Both confirmed by official docs.
RD-F-027 green Single admin EOA Post-Dec 2022 incident: admin migrated from single EOA (HggGrUeg4ReGvpPMLJMFKV69NTXL1r4wQ9Pk9Ljutwyv, exploited) to Squads V4 3/4 multisig. Current admin is not a single EOA. The December 2022 exploit was caused by the single-EOA admin pattern; this was fully remediated.
RD-F-028 green Low-threshold multisig vs TVL Program Upgrade 3/4 with 24h timelock; Treasury 3/5. At $1B TVL, these thresholds are at the acceptable lower bound for the TVL tier. The 24h timelock compensates for the 3/4 threshold vs higher-N alternatives. No abnormally low threshold identified (e.g., 1/3 or 2/5 without timelock).
RD-F-030 green Hot-wallet signer flag Air-gapped signing protocol documented. Hot device only handles Squads transaction generation via custom browser extension; actual signing is performed on air-gapped cold devices with hardware wallets. No pure hot-wallet signers identified.
RD-F-035 green Role separation: upgrade ≠ fee ≠ oracle Program upgrade authority: Squads FytDrVzDybM1TwFQPGb8qaxZR7dBCzNeqT3vtQsceZQK (3/4). Protocol fee and admin: GThUX1Atko4tqhN2NaiTazWSeFWMuiUvfFnyJyUghFMJ (3/5 Treasury). Two distinct Squads multisig addresses for upgrade vs treasury/fee operations. Raydium is a DEX with no oracle admin role. Meaningful role separation between upgrade and fee collection authority.
RD-F-043 green Admin = deployer EOA after 7 days Protocol launched Feb 2021. Admin migrated to Squads multisig post-Dec 2022 incident (>7 days). As of 2026-04-29, 1,533+ days past deploy, admin is a Squads multisig not a deployer EOA. The 7-day window condition is well-satisfied.
RD-F-046 green Contract unverified on Etherscan/Sourcify Raydium programs (CLMM, CPMM, AMM V4) are open-source under Apache 2.0 and verified via Solana Verifiable Builds on Solscan and SolanaFM. Announced by @RaydiumProtocol Nov 2024. All three major programs have public verifiable builds. Current state is green.
RD-F-167 green Deprecated contract paused but pause reversible by live admin AcceleRaytor IDO launchpad is archived/deprecated per docs. No evidence that admin Squads multisig retains active admin control over AcceleRaytor's deprecated contracts holding material value. Standard AMM V4 is operational (not deprecated). LaunchLab is the active successor with its own audit coverage.
Oracle & external dependencies Green 4 17 of 17
RD-F-057 yellow Circuit breaker on price deviation No price-deviation circuit breaker present. For a pure AMM, no oracle deviation concept exists — the AMM price IS the market price. The yellow rating reflects the absence of a circuit-breaker mechanism (not that one is expected). An AMM-type carve-out analogous to Cat 4 lending-only applicability rules may be appropriate in v1.6. No docs.raydium.io or Cargo.toml reference to any price-deviation halt mechanism. RD-F-058 yellow Max-deviation threshold (bps) No max-deviation threshold configured — same basis as RD-F-057. Not applicable to AMM model. Yellow for absence of configuration (consistent with F057). RD-F-180 n/a Immutable oracle address [★ CRITICAL per T-14 rubric v1.4/v1.5 — PD-017 tracking flag] NOT_APPLICABLE. No external oracle address exists in any Raydium program — there is no oracle address to be immutable or replaceable. Batch-24 definition covers: (a) EVM immutable oracle address — N/A (Solana, not EVM); (b) non-EVM hardcoded oracle address — no oracle address hardcoded in any Cargo.toml or program source; (c) closed-source binary oracle embedding — Raydium source is open and contains no oracle. Orchestrator: this not_applicable does NOT count against the ★ critical total. RD-F-181 n/a Permissionless-pool lending oracle NOT_APPLICABLE. This factor applies to lending protocols that accept spot prices from permissionlessly-created DEX pools. Raydium is a DEX, not a lending protocol. No borrow/lend mechanics exist (data-cache borrow.present=false). Raydium does not take oracle reads from any pool — it is the pool. The Rhea Finance NEAR failure mode (fake pools seeded to manipulate spot oracle in a lending context) does not apply.
RD-F-048 green Oracle providers used No external oracle provider used. All swap pricing derives from on-chain pool reserve ratios (Standard AMM, CPMM) or tick math (CLMM) or stableswap curve (Stable). Three Cargo.toml files inspected: raydium-amm/program, raydium-clmm/programs/amm, raydium-cp-swap/programs/cp-swap — zero Pyth, Chainlink, or Switchboard dependencies. OpenBook serum_dex dependency is a CLOB liquidity venue, not an oracle.
RD-F-049 green Oracle role per asset No external oracle serves any asset. Each pool model is self-pricing from reserves. OpenBook serves as a secondary CLOB liquidity venue for Standard AMM v4, not as a price oracle.
RD-F-050 green Dependency graph (protocols depended upon) External dependencies: (1) OpenBook CLOB — Standard AMM v4 only, order-book routing; (2) SPL Token / Token-2022 — chain runtime, shared by all Solana DeFi; (3) Squads V4 — admin/upgrade multisig plane only. No oracle, bridge, or stablecoin issuer dependency. Serum→OpenBook migration (Q2 2023) demonstrates team can execute dependency swap under adversarial conditions.
RD-F-051 green Fallback behavior on oracle failure No external oracle to fail. Reserves-based pricing is always available while the Solana program is live. For OpenBook failure: Standard AMM v4 degrades to AMM-only routing; CLMM/CPMM/Stable unaffected. No formal fallback declaration needed given the architectural model.
RD-F-052 green Breakage analysis per dependency Breakage analysis: OpenBook fails → Standard AMM v4 CLOB routing halts, AMM swaps continue, CLMM/CPMM/Stable unaffected. SPL Token fails → all Solana DeFi halts (chain-level, not protocol-attributable). Squads V4 fails → admin operations blocked, LP positions continue. No oracle failure path exists.
RD-F-053 green Oracle source = spot DEX pool (no TWAP) [★ CRITICAL] GREEN. Raydium uses no external oracle. No spot DEX pool is read as a price source — Raydium IS the pool. The red condition requires reading a spot DEX pool as an oracle without TWAP/fallback; not applicable to a reserves-based AMM. Confirmed via Cargo.toml inspection: no Pyth, Chainlink, Switchboard, or Uniswap-TWAP deps in any core program.
RD-F-054 green TWAP window duration No TWAP oracle used. Not applicable to reserves-based AMM pricing model.
RD-F-055 green Oracle pool depth (USD) No external oracle pool is read. Protocol IS the pool — pool depth is a Cat 4 economic risk metric, not a Cat 3 oracle depth metric. Not applicable.
RD-F-056 green Single-pool oracle (no medianization) No external oracle pool consulted. Not applicable to reserves-based AMM. Medianization across venues is irrelevant when no venue is read as an oracle.
RD-F-059 green Oracle staleness check present No external oracle feed is read, so no staleness check is required. Solana slot time ~400ms means on-chain reserves are effectively real-time. Not applicable.
RD-F-060 green Chainlink aggregator min/max bound misconfig Chainlink not used. Not applicable.
RD-F-061 green LP token balanceOf used for pricing Raydium does not use LP token balanceOf for pricing. Reserve tracking uses explicit on-chain reserve accounts, not donation-manipulable balanceOf calls. Not applicable.
RD-F-062 green External keeper/relayer not redundant No external keeper or relayer required for core AMM swap execution. User transactions on Solana are self-initiated. No Gelato, Chainlink Automation, or equivalent dependency identified in any Cargo.toml. LaunchLab IDO admin calls are non-core and out of scope for this factor.
Economic risk Green 17 13 of 13
RD-F-065 yellow Liquidity depth per major asset SOL/USDC primary pool: $8.8M liquidity (GeckoTerminal 2026-04); 0.5% default slippage acceptable — implies solid 2% depth for retail trades. SOL/USDC 24h volume reached $14B at Q3 2025 peak (Blockworks). Long-tail meme pools structurally thin (<$10K many pools); 2% depth on long-tail assets could be <$500. Precise aggregate USD-at-2%-slippage not obtainable (DEX subgraph JS-rendered, Dune 403). Yellow for mixed depth profile: deep core, thin long-tail. No user funds are at risk of systematic liquidation cascades (DEX, not lending), but LP impermanent loss and price impact risk are elevated in long-tail pools. RD-F-064 gray TVL concentration (top-10 wallet share) Top-10 LP wallet concentration not quantifiable via available free tooling. Dune Analytics returns 403; Solana DEX subgraph not accessible. Thousands of permissionless pools preclude aggregate concentration measurement. Qualitatively: core pools (SOL/USDC) likely have institutional LP depth; long-tail meme pools may have 1-2 LPs each. No evidence of single-depositor dominance at protocol level. RD-F-066 n/a Utilization rate (lending protocols) Raydium is a DEX (AMM), not a lending protocol. No borrow/supply functionality. Data cache confirms borrow.present: false. N/A per taxonomy PD-024 (lending-only factor). RD-F-067 n/a Historical bad-debt events No lending markets; no bad debt in the lending sense. December 2022 exploit ($4.4M) was admin-key compromise causing LP pool drains — compensated 100% from treasury/team reserves. Not a lending-market bad debt event. N/A per taxonomy PD-024. RD-F-068 n/a Collateralization under stress No lending/CDP functionality. No collateral positions. No collateralization ratio applicable. N/A per taxonomy PD-024. RD-F-069 n/a Algorithmic / under-collateralized stablecoin Raydium does not issue stablecoins. RAY is a governance/utility token. No algorithmic or under-collateralized stablecoin design. N/A per taxonomy PD-024. RD-F-070 n/a Empty cToken-style market (zero supply/borrow) [★ CRITICAL — NOT_APPLICABLE] Raydium is not a Compound V2 fork. No cToken-style lending markets exist. Protocol is a Solana AMM (Standard AMM v4, CLMM, CPMM, Stable) using reserve-math pool accounting. CPMM explicitly requires initial liquidity at creation (cannot create empty pool). No donation-attack share-inflation surface. Critical flag does not trigger. N/A per taxonomy PD-024 (Compound-fork-only subset). RD-F-071 n/a Seed-deposit requirement for new market listing No lending market listing mechanism. DEX pool creation requires LP deposit (CPMM: mandatory initial liquidity; Standard AMM: initial LP deposit; CLMM: optional at creation). Seed-deposit requirement as a lending safeguard is N/A per taxonomy PD-024. RD-F-072 n/a Market-listing governance threshold No lending market listing governance. DEX pool creation is fully permissionless — any wallet can create Standard AMM, CLMM, or CPMM pool via a small SOL fee (0.06–0.19 SOL + 0.15 SOL protocol fee for CPMM). No whitelist, no governance vote, no listing threshold. N/A per taxonomy PD-024 (lending-only factor). RD-F-073 n/a Oracle-manipulation-proof borrow cap No borrowing functionality. No borrow caps. N/A per taxonomy PD-024 (lending-only factor). RD-F-074 n/a ERC-4626 virtual-share offset (OZ ≥4.9) Raydium is a Solana program (Rust/Anchor). No EVM, no Solidity, no OpenZeppelin dependency. ERC-4626 vault virtual-share offset is an EVM-specific mitigation. N/A per taxonomy PD-024 and non-EVM architecture. RD-F-075 n/a First-depositor / share-inflation guard First-depositor / share-inflation guard is an EVM vault factor (ERC-4626, cToken). Raydium is Solana-native. CPMM requires initial liquidity ('cannot create empty pool') — a functional equivalent. CLMM uses tick-math liquidity accounting immune to donation-attack share inflation. Standard AMM v4 uses reserve-math. No ERC-4626 share/totalAssets ratio vulnerability surface exists. N/A per taxonomy PD-024 and Solana architecture.
RD-F-063 green TVL (current + 30d trend) TVL $1.007B as of 2026-04-29 (+1.47% 30-day); 12-month peak ~$2.5B (Q3 2025). 59% drawdown from peak but stable above $1B. Meets coverage-list threshold on both branches. 100% Solana. TVL highly correlated with meme-coin cycle and integrator volumes.
Operational history Green 16 15 of 15
RD-F-089 red Insurance coverage active No active protocol-level insurance coverage identified from Nexus Mutual, Sherlock, Unslashed, or equivalent as of 2026-04-29. Nexus Mutual product 246 (URL found in search) could not be confirmed as Raydium-specific. Raydium security docs and official channels make no mention of insurance. Raydium TVL is $1.007B — at this scale, absence of any covered insurance is a notable gap. Immunefi bug bounty is a vulnerability-discovery program, not insurance. RD-F-077 yellow Prior exploit count 1 confirmed incident: December 16, 2022 admin-key compromise via trojan, ~$4.4M loss. Attacker-side recovery: zero (funds sent to Tornado Cash). LP-side: Raydium compensated 90–100% of principal + 20% bonus RAY from team vesting allocation (2,737,521.92 RAY distributed). Strict taxonomy score red (any unrecovered loss); scored yellow reflecting that user-side was fully compensated and only 1 incident exists. No further incidents through 2026-04-29. RD-F-081 yellow Post-exploit response score Curator score: 4/5. Compensation: 90–100% of principal + 20% bonus RAY from team vesting (strong). Transparency: detailed post-mortem published 1 day post-exploit with specific accounts and attack mechanic named (strong). Root-cause depth: trojan/remote-access suspected but exact intrusion vector not confirmed (moderate). Operational recovery: Squads multisig migration completed within ~24h (strong). User communication: Twitter + Medium + Discourse compensation proposal (strong). One deduction: unresolved intrusion vector ambiguity. 4/5 = yellow under the green ≥4/5-with-clean-remediation threshold. RD-F-084 yellow TVL stability (CoV over 90d) Daily TVL series not retrieved (DefiLlama HTML 403; API daily series response-size limited). Estimated from available data: current TVL $1.007B, 30-day change +1.47%, 1-day change +1.64% (recent stabilization). Profile notes peak of ~$2.5B in Q3 2025, implying a ~60% retrace to $1B over ~6 months. Raydium's TVL is subject to Solana memecoin cycle volatility (LaunchLab/PUMP.fun dynamics). Estimated trailing-90-day CoV: 0.15–0.30 (yellow range). Cannot confirm green (CoV <0.15) without daily series. Flagged as medium-confidence yellow. RD-F-085 yellow Incident response time (minutes) P2 factor. Hacksdatabase notes PRISM raised alarm ~40 minutes before Raydium's official announcement. Admin revocation executed on-chain Dec 16 14:16 UTC. Raydium confirmed patch same day. No automated monitoring was in place at time of exploit — response was community-triggered. Yellow: ~40–60 min response with no automated alerting. Green would require faster, automated response.
RD-F-076 green Protocol age (days) Raydium mainnet launched 2021-02-21 (Standard AMM v4 + RAY token genesis). As of 2026-04-29 that is ~1,893 days (~63 months) live. Green threshold is ≥365 days. Protocol exceeds green floor by ~5x.
RD-F-078 green Chronic-exploit flag (≥3 incidents) 1 confirmed incident total. Chronic flag requires ≥3 distinct incidents. Does not fire. Hacksdatabase confirms single entry; data cache rekt.incidents is empty (pipeline confirms no REKT leaderboard entry post-Dec 2022).
RD-F-079 green Same-root-cause repeat exploit Only 1 incident exists. Same-root-cause repeat requires ≥2 incidents in the same cluster. Does not fire. The two Immunefi whitehack findings (CLMM tick manipulation Jan 2024, CPMM liquidity drain May 2025) are pre-exploit discoveries in distinct programs and distinct vulnerability classes — not incidents, not root-cause repeats.
RD-F-080 green Days since last exploit Last incident: 2022-12-16. Days from 2022-12-16 to 2026-04-29 = ~1,230 days (~40 months). Green threshold: >365 days. Well above threshold.
RD-F-082 green Post-mortem published within 30 days Post-mortem published December 17, 2022 — 1 day after the exploit (December 16, 2022). Named specific accounts (Pool Owner EOA HggGrU..., authority 5Q544f..., LP v4 program 675kPX...), described attack mechanic (withdraw_pnl + SyncNeedTake manipulation), and announced remediation steps including Squads multisig migration. Well within the 30-day green threshold.
RD-F-083 green Auditor re-engaged after last exploit Exploit December 16, 2022. Post-incident external audits: MadShield Q2 2023 (Standard AMM updated + OpenBook migration), MadShield Q1 2024 (CPMM), Halborn Q4 2024 (Burn & Earn), Halborn Q2 2025 (LaunchLab), Sec3 Q3 2025 (CPMM update), Sec3 Q2 2026 (CLMM update). Multiple Tier-1/2 Solana audit firms continuously re-engaged. Green threshold = Tier-1/2 re-audit post-incident.
RD-F-086 green Pause activations (trailing 12 months) No deliberate pause activations identified on Raydium programs in the trailing 12 months (April 2025–April 2026). Protocol has been continuously operational. December 2022 halt (outside window) was resolved within ~24h. No reports of 2024–2025 halts from web search, profile, or data cache. Green: 0 pauses in trailing 12 months.
RD-F-087 green Pause > 7 consecutive days No pause exceeding 7 consecutive days identified in the last 12 months. The December 2022 halt was outside the trailing-12-month window and was resolved within ~24 hours anyway. No reports of extended pauses in 2024–2025.
RD-F-088 green Re-deployed to new addresses in last year No core program redeployment to new addresses in the last 12 months. All Raydium programs (Standard AMM v4, CLMM, CPMM, Stable) maintain their original addresses. Sec3 Q2 2026 CLMM upgrade and Sec3 Q3 2025 CPMM upgrade are in-place BPF Upgradeable Loader upgrades (same addresses) through Squads multisig — not address changes. New products (LaunchLab, Burn & Earn) are distinct program addresses but not redeployments of existing core programs.
RD-F-166 green Deprecated contracts still holding value AcceleRaytor is the only formally archived product. As an IDO launchpad, user funds flow through per-IDO deposit-and-withdraw cycles with no persistent TVL pool post-IDO. No evidence of stuck user assets in AcceleRaytor. Standard AMM v4 carries 'Legacy' commercial labeling but is NOT deprecated — it holds $1.007B TVL and is actively maintained (Squads multisig upgrade authority, Sec3 Q2 2026 audit). No protocol-announced deprecated contract holds >$100K in assets.
Real-time signals Green 6 22 of 22
RD-F-105 yellow DNS/CDN/frontend hash drift Cat 6B exploit-in-progress signal [T-09 v1 phase 2]. raydium.io is a traditional hosted frontend (JavaScript SPA). Signal applicable for DNS A/CNAME monitoring, TLS cert hash, and JS bundle hash drift detection. Threat environment elevated: (1) Multiple active phishing domains registered Sep-Oct 2025: raydiumn.icu (Sept 2025, PhishDestroy flagged), raydium-io.to (high-risk phishing, PhishDestroy), raydiumswap.site (Oct 2025 fake airdrop claim). (2) Bonk.fun domain hijacking March 12, 2026 — a Raydium-backed Solana launchpad had its domain hijacked with a wallet drainer planted. (3) Fake Raydium mobile apps on Apple App Store stealing recovery phrases (2025). Legitimate raydium.io: no DNS hijacking event identified at assessment date. TLS cert monitoring baseline not established. Signal is v1-phase-2 (not yet wired). Yellow because the active phishing ecosystem + Solana ecosystem DNS hijacking precedent (Bonk.fun) represents an elevated precursor environment for raydium.io, even though RD-F-091 n/a Partial-drain test transactions Cat 6A precursor signal (v1-deferred). Dec 2022 attack showed no partial-drain precursor — it was a single-session sweep using a compromised admin key calling withdraw_pnl across 9 pools. This function has been removed from the current AMM v4 program post-exploit upgrade (per Dec 17, 2022 program upgrade). Current admin drain now requires 3/4 Squads multisig approval + 24-hr timelock, making rapid partial-drain test sequences infeasible without multisig pre-authorization. No partial-drain test transactions observed on current AMM programs. RD-F-092 n/a Unusual mempool pattern from deployer wallet Cat 6A precursor signal (v1-deferred). Raydium is Solana-native; the 'deployer wallet' analog is the Squads V4 multisig (FytDrVzDybM1TwFQPGb8qaxZR7dBCzNeqT3vtQsceZQK) rather than an individual EOA. Standard Ethereum mempool monitoring for deployer wallet unusual patterns does not apply. Solana transaction monitoring via RPC is the equivalent but requires Squads-specific integration not defined in T-09 v1 signal spec. Last confirmed authorized activity: Sec3 Q2 2026 CLMM audit-covered changes. Cannot assess without Solana/Squads-specific monitoring tooling. RD-F-093 n/a Abnormal gas-price willingness from attacker wallet Cat 6A precursor signal (v1-deferred). Solana does not use gas price in the Ethereum sense. Solana uses compute unit prices (priority fees) which behave differently. The signal's threshold ('5x EMA baseline gas price') assumes EVM gas pricing architecture that does not exist on Solana. Signal is structurally incompatible with Raydium's Solana runtime environment. RD-F-094 n/a New contract with similar bytecode to exploit template Cat 6A precursor signal (v1-deferred). Raydium programs use Solana BPF bytecode (compiled Rust/Anchor), not EVM bytecode. EVM bytecode similarity detection tooling does not apply. The Drift April 2026 DPRK attack deployed a fake token (CVT) and a controlled price oracle — not a contract mimicking Raydium program bytecode. No Raydium-targeting exploit-contract deployment with similar bytecode identified. Concept is applicable in principle (attacker could deploy a contract mimicking Raydium instruction patterns) but Solana BPF similarity tooling is not defined in the T-09 signal spec. Assessed gray due to tooling gap. RD-F-095 n/a Known-exploit function-selector replay Cat 6A precursor signal (v1-deferred). The Dec 2022 exploit used withdraw_pnl + SyncNeedTake parameter manipulation. Both have been removed from the current AMM v4 program (post-exploit upgrade Dec 17, 2022). Any replay of the Dec 2022 exploit template would fail at the contract level — the instruction parameters no longer exist. Solana uses 8-byte Anchor instruction discriminators (not 4-byte EVM selectors), but the concept is applicable. No other known exploit-template instruction pattern specific to current Raydium programs (CLMM, CPMM, Stable) identified in public sources. RD-F-096 n/a New ERC-20 approval to unverified contract from whale Cat 6A precursor signal (v1-deferred). Raydium is Solana-native; Solana uses SPL token accounts with delegate authority model, not ERC-20 approve() model. The signal monitors 'new ERC-20 approval to unverified contract' which is structurally incompatible with Solana's token account architecture. No ERC-20 approval events exist on Solana. RD-F-097 n/a Sybil surge of identical-pattern transactions Cat 6A precursor signal (v1-deferred). Raydium's permissionless pool creation was exploited in the Drift April 2026 DPRK attack: attackers used a 423-wallet fan-out to seed CVT fake token pools and wash-trade across 3 weeks to build artificial price history. This is a confirmed sybil-transaction-surge pattern directly using Raydium's permissionless infrastructure. The attack was aimed at Drift (using Raydium as venue), not at Raydium itself, but demonstrates the structural vector. Yellow because: (a) the attack class has been executed through Raydium within 30 days of assessment; (b) Raydium's permissionless pool creation means this vector is always structurally available; (c) no signal wiring exists to detect sybil-pool-seeding activity on Raydium. Current posture: no active sybil surge targeting Raydium itself identified. RD-F-099 n/a Oracle price deviation >X% from secondary Cat 6B exploit-in-progress signal [T-09 v1 launch]. Raydium is a reserves-based AMM; no external oracle price feed is consumed for swap execution. Price discovery is endogenous (pool reserve ratios: constant-product, concentrated-liquidity, stableswap math). Data cache confirms oracle: null. No Chainlink, Pyth, or Switchboard dependency identified for core swap logic. The signal threshold ('primary oracle deviates >X% from secondary') has no applicable primary oracle to monitor. Note: LaunchLab parameter functions and Raydium admin functions were checked in profile §7 — no oracle dependency identified. F099 is N/A by design. RD-F-100 gray Flash loan >$10M targeting protocol tokens Cat 6B exploit-in-progress signal [T-09 v1 phase 2]. Solana does not have EVM-equivalent flash loan primitives (Aave V3 flashLoan, Balancer flashLoan). Solana composable transactions can achieve similar within-transaction economic effects but the flash-loan event class differs structurally — no FLASHLOAN event to scan. The Drift April 2026 DPRK attack used wash trading on Raydium over 3 weeks (not a flash loan against Raydium). Raydium pools are not flash-loan sources in the EVM sense. No flash-loan-class event against Raydium identified. Assessed gray due to Solana architectural incompatibility with EVM flash loan signal definition. RD-F-101 gray Large governance proposal queued Cat 6B exploit-in-progress signal [T-09 v1 launch]. Raydium has no on-chain Governor contract (no OpenZeppelin Governor, no Compound Governor, no Realms-based on-chain governance). Governance forum (raydium.discourse.group) is advisory only. Program upgrades use Squads V4 multisig (3/4 threshold, 24-hr timelock at FytDrVzDybM1TwFQPGb8qaxZR7dBCzNeqT3vtQsceZQK) — not a Governor with ProposalCreated events. Signal requires EVM Governor contract event monitoring which is structurally absent. Solana-adapted variant (monitoring Squads V4 transaction queue for malicious-pattern upgrade proposals) is technically feasible but not specified in T-09 v1. Signal would need Solana/Squads adaptation. Data cache governance.type: unknown; governor_address: null. RD-F-103 n/a Bridge signer-set change proposed/executed Cat 6B exploit-in-progress signal [T-09 v1 launch]. has_bridge_surface: false. Raydium is Solana-only with no bridge. No bridge signer set to monitor. N/A per protocol architecture. RD-F-106 n/a Cross-chain bridge unverified mint pattern Cat 6B signal (v1-deferred). has_bridge_surface: false. Raydium is Solana-only. No cross-chain bridge surface. N/A. RD-F-107 n/a Admin EOA signing from new geography/device Cat 6B signal (v1-deferred). Raydium's admin functions are handled by Squads V4 multisig with air-gapped cold devices (network cards physically removed). Individual signer EOA addresses are not publicly enumerated. Signing events are not associated with network-based geography signals because cold devices are offline. The signal requires off-chain signing telemetry that is not available through public on-chain data. Signal architecture assumes single admin EOA signing from a network-connected device — not applicable to Raydium's air-gapped Squads V4 multisig model. RD-F-108 n/a GitHub force-push to sensitive branch Cat 6B signal (v1-deferred). Raydium has active public GitHub repos: raydium-io/raydium-amm (last commit 2026-04-15), raydium-io/raydium-clmm, raydium-io/raydium-cp-swap. Force-push to main branches would be detectable via GitHub API events. No force-push or unauthorized sensitive-branch push events identified. Most recent activity includes Sec3 Q2 2026 CLMM audit-covered development cycle. All repos are under raydium-io org with expected protected branch policies. GitHub security.md present (data cache: security_md_present: true). No anomalous repo events detected. RD-F-109 n/a Social-media impersonation scam spike Cat 6B signal (v1-deferred). Raydium faces a persistent, elevated social media impersonation environment: (1) Fake Raydium Airdrop sites (raydium-usa.xyz and others); (2) Fake 'Raydium Staking' websites; (3) Fake Raydium mobile apps on Apple App Store stealing recovery phrases (users reported $2,000+ losses, Solflare wallets emptied); (4) RAY token imitated by scam tokens; (5) Multiple phishing domains (raydiumn.icu, raydium-io.to, raydiumswap.site) registered late 2025. Yellow (not red) because: no specific spike event identified at assessment date — this is a chronic baseline condition rather than an acute escalation. PCRisk and PhishDestroy have multiple Raydium-specific entries. Signal requires social-media monitoring feed for production wiring. RD-F-110 n/a Unusual pending/executed proposal ratio Cat 6B signal (v1-deferred). Raydium has no on-chain Governor contract with ProposalCreated/ProposalExecuted events. Discourse forum proposals are advisory only. Signal requires on-chain proposal event monitoring; structurally absent for Raydium. N/A.
RD-F-090 green Mixer withdrawal → protocol interaction Cat 6A precursor signal. Historical confirmed: Dec 2022 attacker (Solana: AgJddDJLt17nHyXDCpyGELxwsZZQPqfUsuwzoiqVGJwD; ETH: 0x7047912c295cd54d6617b5d0d6d8b324a11c91db) deposited ~1,774.5 ETH (~$2.7M) into Tornado Cash on 2023-01-19 via 42 transactions — confirmed laundering path post-exploit. The attacker's Solana funding source (5ndLnEYqSFiA5yUFHo6LVZ1eWc6Rhh11K5CfJNkoHEPs) is confirmed as a FixedFloat Exchange hot wallet (non-mixer). The Drift April 2026 DPRK wallets (UNC4736) interacted with Raydium pools in March 2026 for CVT wash trading, but did not use Tornado Cash for their Raydium interactions. No current active mixer-sourced wallet interacting with Raydium core contracts identified within 30-day threshold window as of 2026-04-29. Historical laundering event (Jan 2023) is outside the 30-day look-back threshold — current posture is green. T-09 v1 Phase 2 signal (not yet wired for Raydium).
RD-F-098 green TVL anomaly — % drop in <1h Cat 6B exploit-in-progress signal [T-09 v1 launch]. TVL at $1.007B as of 2026-04-29 (DeFiLlama API). 30d trend: +1.47%. Threshold: TVL_now / TVL_baseline_30d < 0.70 over 60-minute window. Current ratio: ~1.014 (far above 0.70). No anomaly. DeFiLlama tracks Raydium-AMM and Raydium-CLMM sub-slugs; Solana TVL polling is technically feasible for signal wiring. Signal not yet wired for Raydium specifically. Lead-time evidence from Dec 2022 hack: PRISM detected anomalous pool behavior ~40 min before Raydium's official response — consistent with a TVL-level signal firing with meaningful lead time. Post-exploit, Raydium migrated to Squads multisig which requires 3/4 approval + 24hr timelock for admin functions — any future admin-key-driven drain would now be preceded by a detectable multisig event, adding lead time that the 2022 attack lacked.
RD-F-102 green Admin/upgrade transaction in mempool Cat 6B exploit-in-progress signal [T-09 v1 phase 2]. Raydium's Solana equivalent: monitoring Squads V4 transaction queue at FytDrVzDybM1TwFQPGb8qaxZR7dBCzNeqT3vtQsceZQK for pending upgrade proposals. Post-Dec 2022 migration, all admin and program upgrade authority is held by Squads V4 multisig with 24-hr timelock. No pending unauthorized upgrade transactions observable as of 2026-04-29. Most recent authorized program activity: Sec3 Q2 2026 CLMM audit-covered changes (within normal development cycle). The 24-hr timelock provides an alert window — any pending malicious upgrade transaction would be visible in the Squads transaction queue for at least 24 hours before execution. Threshold: admin/upgrade tx in pending queue without matching authorized proposal. Current posture: no anomalous pending transactions. Score green; requires Solana/Squads monitoring integration for production wiring.
RD-F-104 green Stablecoin depeg >2% on shared-LP venue Cat 6B exploit-in-progress signal [T-09 v1 launch]. Raydium has large USDC/USDT paired liquidity pools (SOL-USDC, SOL-USDT, RAY-USDC etc.). A major USDC/USDT depeg would cause LP imbalance and impermanent loss, but NOT protocol insolvency — Raydium is a pure AMM, not a lending protocol with stablecoin collateral. Exposure category: LP value erosion (partial, not systemic). Dec 2025 USX stablecoin depeg event ($0.80) caused minor temporary imbalances on Raydium but no protocol-level failure. Current posture: USDC and USDT stable at $1.00 as of 2026-04-29. No active depeg. Signal applicable with reduced severity vs. lending protocols.
RD-F-182 green Security-Council threshold reduction (RT) Cat 6B exploit-in-progress signal [batch-24 v1.1 candidate]. Directly applicable to Raydium's Squads V4 Program Upgrade Multisig (FytDrVzDybM1TwFQPGb8qaxZR7dBCzNeqT3vtQsceZQK, 3/4 threshold, 24-hr timelock). The motivating incident for RD-F-182 — Drift April 2026 (3/5 → 2/5 SC threshold change + timelock removal, 6 days before $285M DPRK exploit) — is directly analogous to Raydium's Squads architecture. Threshold for RD-F-182: Security Council multisig executes threshold reduction, timelock removal, or new-signer addition within ≤14 days. Current posture: Squads V4 at 3/4 threshold with 24-hr timelock intact as of 2026-04-29 (confirmed via Raydium security docs). No threshold reduction or timelock removal events observed. Monitoring gap: Squads V4 transaction events on Solana are monitorable via on-chain program event subscription — this is a priority wiring target given the direct Solana ecosystem relevance and Drift precedent. Score green: current configuration intact; monitoring is
Dev identity & insider risk Green 11 16 of 16
RD-F-111 yellow Team doxx status Pseudonymous founders with consistent 5-year track record (AlphaRay, XRay, GammaRay, StingRay, RayZor). One confirmed real-name member: Timon Peng (co-founder / senior full-stack engineer, LinkedIn + GitHub verified). AlphaRay has public podcast appearances (Solana Validated Ep #40, TIE Podcast #2) and IQ.wiki profile. Team category: consistent-pseudonym-with-track-record for founders + one doxxed member. Not fully anonymous; not fully doxxed. RD-F-112 yellow Team public accountability surface AlphaRay: multiple audio podcast appearances, IQ.wiki profile, 5-year ecosystem presence. Timon Peng: LinkedIn (10+ years crypto, prior employers Pangu Jailbreak and MinerCloud), GitHub org member. XRay, GammaRay, StingRay, RayZor: minimal individual public trails — named in materials but no individual LinkedIn, conference slide, or prior employer records. raydium-io GitHub org shows only 1 public member (Timon Peng). Aggregate public accountability surface is below Tier-1 doxxed standard but above fully anonymous. RD-F-120 yellow Video-off/voice-consistency flag AlphaRay has participated in audio-only podcast appearances (Validated Ep #40, TIE Podcast #2) consistent with maintaining pseudonymity — common for pseudonymous DeFi founders. No video appearances identified. No voice-inconsistency or timezone-inconsistency reports in public discourse. Audio-only format is not independently a red flag for the pseudonymous-with-track-record archetype but is noted per factor definition. RD-F-121 yellow Contributor OSINT depth score Curator-scored 1–5 per team member: Timon Peng = 4 (LinkedIn with prior employers, GitHub org membership, pre-Raydium account history, location). AlphaRay = 2 (podcast appearances but no real name, no LinkedIn, no conference speaker slide). XRay/GammaRay/StingRay/RayZor = 1 each (named in public materials only, no individual profiles). Weighted average: approximately 2/5 across known team. Below threshold for well-doxxed team. Consistent with pseudonymous-with-track-record archetype. RD-F-125 yellow Deployer linked within 3 hops to DPRK/Lazarus [★ CRITICAL — YELLOW, medium confidence] No confirmed link found between Raydium protocol deployer, Squads multisig upgrade authority, or any named team member and the DPRK / Lazarus cluster within 3 hops. Search queries for 'Raydium DPRK Lazarus North Korea' return results about Drift Protocol April 2026 DPRK hack (Raydium pool used as execution venue by attacker — adversarial use, not team proximity) and general Solana ecosystem DPRK IT worker reports that do not name Raydium. GitHub commit timezone analysis consistent with Asia-based team; no DPRK holiday-gap pattern detected. Yellow (not green) because: (1) full 3-hop on-chain analysis of Squads multisig signer addresses is not possible without Chainalysis/TRM subscription; (2) signer identities not publicly disclosed. RD-F-125 is NOT red — no DPRK escalation. RD-F-117 gray ENS/NameStone identity bound to deployer Not applicable. Raydium is Solana-native with no EVM deployment. ENS and NameStone are Ethereum-specific. Solana Name Service (SNS/Bonfida) not referenced for any Raydium program address in public documentation. Gray = N/A for Solana protocol.
RD-F-113 green Team other-protocol involvement history No prior protocol roles found for pseudonymous founders pre-Raydium. AlphaRay background: commodity algorithmic trading 2017–2020, then DeFi summer 2020. XRay: 8-year TradFi/crypto low-latency systems architect. Timon Peng: Pangu Jailbreak (legitimate iOS security research), MinerCloud (mining infra). No prior rug or failed protocol affiliations identified for any team member. Clean slate — team first assembled for Raydium in 2020-2021.
RD-F-114 green Deployer address prior on-chain history Original admin EOA (HggGrUeg4ReGvpPMLJMFKV69NTXL1r4wQ9Pk9Ljutwyv) was a team-controlled key with normal-dev-history — no prior rug deployments linked. This key was compromised by trojan malware in December 2022 (not insider misconduct). Post-December 2022, upgrade authority transferred to Squads V4 3/4 multisig. Current authority is the Squads multisig, not an EOA. Historical EOA is categorized as normal-dev-history with the caveat of the compromise incident.
RD-F-115 green Prior rug/exit-scam affiliation No rug or exit-scam affiliation identified for any Raydium team member. Team has operated Raydium since February 2021 — 5+ years of continuous protocol operation with $1B+ TVL. Web search 'Raydium AlphaRay XRay rug exit scam' returns no relevant hits linking team to rug activity. The 93% soft-rug rate on Raydium-hosted pools (research finding) relates to third-party token deployers, not Raydium's team.
RD-F-116 green Contributor tenure at admin-permissioned PR On-chain Solana program upgrades are executed via the Squads multisig (not individual GitHub PRs with admin permissions). GitHub commit analysis of raydium-io/raydium-amm shows primary committer RainRaydium with 13 commits over 16+ months (May 2024–Sep 2025), indicating sustained team tenure. External one-time contributors made isolated fixes. No evidence of a short-tenure contributor authoring admin-permissioned code changes.
RD-F-118 green Handle reuse across failed/rugged projects No evidence of handle reuse across failed or rugged projects. AlphaRay, XRay, GammaRay, StingRay, RayZor handles appear to have been created specifically for Raydium (first public appearances ~2020-2021). Timon Peng's @timonpeng handle predates Raydium (GitHub account active since ~2013, prior legitimate employers documented) and no rug affiliation found.
RD-F-119 green Commit timezone consistent with stated geography GitHub commit timezone analysis of raydium-io/raydium-amm (20 most recent commits): dominant timezone +0800 (Asia/China Standard Time), consistent with team's implied Asia-based geography. Raydium publicly presents as an Asia-based team. AlphaRay background references Asian commodity markets. Primary committer RainRaydium commits consistently at +0800. No DPRK-specific anomaly (Chinese-holiday-aligned perfect commit gaps, strict Mon-Fri 8AM-6PM pattern) detected in the 20-commit sample.
RD-F-122 green Contributor paid to DPRK-cluster wallet No contributor wallet address publicly linked to any Raydium team member identified. No on-chain payment path to a DPRK-labeled cluster identified. The Drift Protocol April 2026 DPRK exploit used Raydium pools as execution infrastructure (attacker-created fake token seeded a Raydium pool), but this is adversarial use of open protocol — not a payment from Raydium to a DPRK cluster. No public reporting (TRM, Chainalysis, ZachXBT) links any Raydium contributor wallet to DPRK cluster.
RD-F-123 green Sudden admin-rescue/ACL change without discussion [★ CRITICAL — GREEN] December 2022 admin migration (single EOA to Squads 3/4 multisig) was publicly communicated: (a) Twitter announcement on December 16, 2022 within hours of the exploit; (b) detailed Medium post-mortem explaining the migration rationale and implementation; (c) governance forum compensation proposal (thread #15 on raydium.discourse.group) which included discussion of the new security posture. While executed reactively under emergency conditions (appropriate for an active exploit), public discussion requirement for F123 is satisfied by post-incident disclosure within 24-48 hours. No subsequent undisclosed ACL change identified.
RD-F-124 green Deployer wallet mixer-funded within 30 days [★ CRITICAL — GREEN, medium confidence] No evidence found of any Raydium program deployer wallet receiving funds from Tornado Cash, Railgun, or equivalent mixer within 30 days before any program deployment. Key distinction: documented mixer interaction is from the ATTACKER (January 2023, ~$2.7M to Tornado Cash from address 0xb98ac...) not from the team or deployer. This is the attacker moving stolen funds post-exploit — not a deployer funding pattern. Solana Feb 2021 predates Tornado Cash on Solana. Solscan direct access unavailable (403) introducing verification gap, but no affirmative mixer-funding evidence in any secondary source. Confidence: medium.
RD-F-184 green Real-capital social-engineering persona No evidence found of a 'team contributor' or 'external integrator' persona using >= $1M of real-capital deposits to Raydium or peer protocols to build credibility ahead of a social-engineering attack. The UNC4736 Drift Protocol DPRK attack (April 2026) involved this pattern targeting Drift — not Raydium. Raydium's team has been stable since 2021 with no late-arriving contributor persona flagged in any threat intelligence report. Confidence is low because this factor is M-only (manual curator) and requires affirmative curator investigation to confirm absence.
Fork / dependency lineage Green 0 10 of 10
RD-F-126 n/a Is-a-fork-of Not a fork. Raydium is an original Solana AMM built from scratch in Rust. No upstream fork attribution in any repo README. Conceptual math inspiration from Uniswap v3 CLMM does not constitute code fork. RD-F-127 n/a Upstream patch not merged N/A — no upstream fork identified (see F126). RD-F-128 n/a Upstream vulnerability disclosure (last 90d) N/A — no upstream fork identified (see F126). RD-F-129 n/a Code divergence from upstream (%) N/A — no upstream fork to compute divergence against. RD-F-130 n/a Fork depth (generations from original audit) N/A — original protocol, fork depth = 0 (not applicable as a fork depth metric). RD-F-131 n/a Fork retains upstream audit coverage N/A — no upstream. All 8 audit engagements are fresh audits of original code. RD-F-132 n/a Fork has different economic parameters than upstream N/A — no upstream to compare economic parameters against.
RD-F-133 green Dependency manifest uses unpinned versions CLMM: anchor-lang =0.32.1, anchor-spl =0.32.1, bytemuck 1.19.0 — all exact pinning. Exception: uint is a git dep from raydium-io/parity-common (Raydium-controlled org, no external supply-chain risk). CPMM: anchor-lang 0.32.1, anchor-spl 0.32.1 — exact. Standard AMM: solana-program =2.1.0, spl-token =7.0.0 — exact. Dev deps (test-only) use ranges. All production security-critical dependencies are exactly pinned.
RD-F-134 green Dependency had malicious-release incident (last 90d) No malicious-release advisory found in RustSec for anchor-lang, anchor-spl, solana-program, spl-token, or bytemuck in the 90 days preceding assessment. The uint git dependency (raydium-io/parity-common) is under Raydium's own GitHub org — not an external supply-chain risk. Recent audits (Sec3 Q3 2025, Sec3 Q2 2026) provide additional coverage.
RD-F-135 green Shared-library version with known-vuln status anchor-lang =0.32.1: No published RustSec/GHSA advisory found. 0.32.1 is the current patch release (race condition fix from 0.32.0). solana-program =2.1.0: current stable SDK, no known high-severity advisory. spl-token =7.0.0: current, no advisory. serum_dex 0.5.10 from raydium-io/openbook-dex fork: no GHSA advisory.
Post-deploy hygiene & change mgmt Green 13 13 of 13
RD-F-137 yellow Upgrade frequency (per 90 days) Active development cadence. In trailing 90 days: CLMM anchor upgrade Dec 2025; CPMM anchor upgrade + audit fix Nov-Dec 2025. AMM V4 last commit Sept 2025. Roughly 1-3 upgrades per 90 days across programs. Moderate frequency reflecting an active protocol with ongoing feature development. RD-F-139 yellow Post-audit code changes without re-audit Active re-audit cadence (8 engagements, 5 firms, 2021-Q2 2026). However: (1) Jan 2024 tick manipulation bug patch deployed without confirmed re-audit of specific fix; Sec3 Q2 2026 CLMM audit post-dates it. (2) CLMM anchor upgrades (0.31 May 2025, 0.32.1 Dec 2025) between audit cycles. (3) Allowlist feature (Jul 2025) and reward authority update (Jul 2025) before Sec3 Q2 2026. No commit-SHA-to-audit-coverage mapping published. Yellow not red because re-audit cadence is active and most recent audits post-date material changes. RD-F-146 yellow New contract deploys in last 30 days LaunchLab (LanMV9sAd7wArD4vJFi2qDdfnVhFxYSUg6eADduJ3uj) is an active deployed program, audited by Halborn Q2 2025. No new major program deploys in trailing 30 days, but CLMM and CPMM received anchor framework upgrades in Dec 2025 (within trailing ~120 days). The allowlist feature for CLMM (Jul 2025) added new surface. Yellow due to active feature additions creating new surface but not extreme frequency. RD-F-185 yellow Bridge rate-limiter / chain-pause as positive mitigant Raydium is not a bridge. Raydium programs do not implement per-window outflow rate limiters or circuit breakers. Solana blockchain has demonstrated chain-level pause capability via coordinated validator restarts, which provides a chain-level emergency response mechanism but is not Raydium-specific. Partially applicable as a positive mitigant (chain-level pause) but not a protocol-level rate limiter. RD-F-142 n/a Storage-layout collision risk across upgrades Solana BPF Upgradeable Loader does not use EVM storage slots. Account state is stored in separate data accounts, not implementation storage. The EVM storage-layout collision risk pattern does not apply to Solana's account model. Anchor framework handles account discriminators separately. RD-F-143 n/a Reinitializable implementation (no _disableInitializers) Solana has no proxy/implementation pattern. BPF Upgradeable Loader directly upgrades program bytecode. _disableInitializers() risk class does not apply. Raydium AMM V4 checks if amm.status != AmmStatus::Uninitialized to prevent re-init of existing pools (Solana-native protection). No proxy takeover vector. RD-F-144 n/a CREATE2 factory permits same-address redeploy Solana does not use CREATE2. Program addresses on Solana are determined by keypairs, not bytecode hashes. No CREATE2 redeploy-to-same-address risk.
RD-F-136 green Deployed bytecode matches signed release tag Solana Verifiable Builds confirmed for CLMM, CPMM, and AMM V4 on Solscan and SolanaFM. Announced Nov 2024. Open-source repos under Apache 2.0 enable independent reproducible builds via cargo build-sbf. This is the Solana-native equivalent of signed release-tag bytecode matching.
RD-F-138 green Hot-patch deploys without timelock (last 30 days) No evidence of hot-patch deploys bypassing the Squads 24h timelock in the last 30 days. The Nov 2025 CPMM audit fix commit followed the Sec3 Q3 2025 audit process and was deployed through the documented Squads multisig upgrade path. All program changes go through the 3/4 Squads multisig with 24h timelock.
RD-F-140 green Fix-merged-but-not-deployed gap No evidence of fix-merged-but-not-deployed gap. Both Immunefi-disclosed bugs (tick manipulation Jan 2024, liquidity drain Mar 2025) were patched and deployed. No open security PRs with undeployed fixes identified in the public repos.
RD-F-141 green Test-mode parameters in deploy CLMM defines distinct devnet (DRayqG9R...) and mainnet (GThUX1Atko...) admin addresses. AMM V4 similarly separates devnet/mainnet amm_owner via config_feature. Proper environment separation in deploy configuration. No test-mode parameters found in mainnet programs.
RD-F-145 green Deployed bytecode reproducibility Solana Verifiable Builds confirmed for CLMM, CPMM, AMM V4 (announced @RaydiumProtocol Nov 2024). Users can reproduce deployed bytecode from open-source repos using cargo build-sbf. Verification available on Solscan and SolanaFM. Full build reproducibility confirmed.
RD-F-168 green Stale-approval exposure on deprecated router AcceleRaytor IDO launchpad is archived/deprecated. Solana SPL token approvals are per-transaction and not infinite like EVM approvals. No material stale-approval surface identified. Solana's token model does not create the same ERC-20 infinite approval risk.
Cross-chain & bridge Gray 0 12 of 12
RD-F-147 n/a Protocol has bridge surface Raydium is Solana-only. has_bridge_surface: false, is_a_bridge: false, cross_chain: false per profile meta. No bridge surface exists. RD-F-148 n/a Bridge validator count (M) No bridge exists. Not applicable. RD-F-149 n/a Bridge validator threshold (k-of-M) No bridge exists. Not applicable. RD-F-150 n/a Bridge validator co-hosting No bridge validator set. Not applicable. RD-F-151 n/a Bridge ecrecover checks result ≠ address(0) [★ CRITICAL] NOT_APPLICABLE. No EVM bridge code exists. Raydium is Solana-only. ecrecover is an EVM precompile; it does not exist in Solana programs. The Wormhole-class vulnerability pattern does not apply. RD-F-152 n/a Bridge binds message to srcChainId No cross-chain messaging. Not applicable. RD-F-153 n/a Bridge tracks nonce-consumed mapping No bridge inbox, no nonce mapping. Not applicable. RD-F-154 n/a Default bytes32(0) acceptable as valid root [★ CRITICAL] NOT_APPLICABLE. No Merkle root bridge pattern. Raydium is Solana-only with no cross-chain message inbox. The Nomad $190M bug class (bytes32(0) accepted as valid root) does not apply. RD-F-155 n/a Bridge validator-set rotation recency No bridge validator set. Not applicable. RD-F-156 n/a Bridge uses same key custody for >30% validators No bridge validators. Not applicable. RD-F-157 n/a Bridge TVL per validator ratio No bridge TVL segregation or validator set. Not applicable. RD-F-179 n/a LayerZero OFT DVN config (count, threshold, diversity) NOT_APPLICABLE. No LayerZero OFT adapter deployed. data-cache layerzero.present=false. Raydium is Solana-only with no LayerZero integration.
Threat intelligence & recon Yellow 33 8 of 8
RD-F-158 yellow Known-threat-actor cluster has touched protocol Cat 11 threat intel signal [T-09 v1 phase 2]. DPRK/UNC4736-attributed wallets interacted with Raydium pools in March 2026 as part of the Drift Protocol attack infrastructure. Confirmed: attackers seeded CVT fake token on Raydium with minimal liquidity (~$500 initial seed) and conducted 3 weeks of wash trading across Raydium pools using a 423-wallet network. Interaction type: state change (pool creation, swap execution). The Drift hack executed April 1, 2026 — 28 days before this assessment (2026-04-29), within the 30-day look-back threshold. Attribution sources: Chainalysis blog (2026-04), TRM Labs (2026-04), Halborn (2026-04) — 3 independent sources with medium-high confidence. Tier-C advisory signal: does not flip letter grade, but confirmed threat-actor interaction within 30 days. Yellow (not red) because: (a) Raydium was used as venue, not targeted; (b) tier-C designation; (c) no threat actor interaction with Raydium core admin functions. Requires proprietary threat-actor cluster l RD-F-159 n/a Attacker wallet pre-strike probe (low-gas failing txs) Cat 11 threat intel signal (v1-deferred). Solana equivalent of mempool probe: failed transactions or compute-unit-exhausting transactions from threat-actor wallets targeting Raydium core instruction set. The Drift DPRK attack used successful transactions (wash trades, pool seeding) on Raydium, not failing probe transactions. No Solana-equivalent mempool-probe pattern from threat-actor wallets identified against Raydium core programs (AMM v4: 675kPX9..., CLMM: CAMMCzo5..., CPMM: CPMMoo8...) at assessment date. Requires partner feed + Solana RPC subscription for production monitoring. RD-F-160 n/a GitHub malicious-dependency incident touching protocol deps Cat 11 threat intel signal (v1-deferred). Raydium core programs are compiled Rust/Anchor; runtime dependencies: Anchor framework, SPL Token, SPL Token-2022, Squads V4. npm/PyPI attack vectors do not apply to compiled Rust on-chain programs. Frontend (raydium-io/raydium-frontend) uses JavaScript/TypeScript with npm dependencies — a relevant surface for supply-chain attacks. Data cache: security_md_present: true (raydium-io/raydium-amm). No active GitHub security advisory or Cargo/npm malicious-release incident identified affecting Raydium's dependencies as of 2026-04-29. No GHSA flagged in available public data. Gap: full Cargo.toml dependency enumeration not performed — would require reading raydium-io/raydium-amm Cargo.toml for comprehensive assessment. RD-F-161 n/a Protocol-impersonator domain registered (typosquat) Cat 11 threat intel signal (v1-deferred). Multiple confirmed active typosquat domains documented: (1) raydiumn.icu — registered September 2025, PhishDestroy brand impersonation warning (phishdestroy.io/domain/raydiumn.icu); (2) raydium-io.to — high-risk phishing domain using 'Swap Raydium | Solana' branding (phishdestroy.io/domain/www.raydium-io.to); (3) raydiumswap.site — fake 'Raydium Airdrop Claim' page registered October 2025 (phishdestroy.io/domain/raydiumswap.site). Additionally: fake Raydium mobile apps on Apple App Store (2025) stealing recovery phrases; fake staking websites (PCRisk catalogued). At least 2–3 domains registered within last 6 months. Threshold: typosquat of official domain registered within last 90 days — multiple domains qualify. Raydium's brand is heavily impersonated. Yellow (not red) because: impersonation targets users, not protocol infrastructure directly; signal is threat-intel rather than exploit-in-progress. This is structurally elevated for Raydium vs. RD-F-162 n/a Known-exploit-template selector deployed by any address Cat 11 threat intel signal (v1-deferred). Dec 2022 exploit template (withdraw_pnl + SyncNeedTake manipulation) has been removed from current AMM v4 program via post-exploit upgrade (Dec 17, 2022). Any exploit-template contract mimicking Dec 2022 patterns would fail against current bytecode. No new exploit-template instruction pattern specific to current Raydium programs (CLMM, CPMM, Stable) identified in public post-mortems or security research. The Drift April 2026 attack used a fake token + oracle (not an exploit-template against Raydium programs). Solana instruction discriminator monitoring differs from EVM selector monitoring but concept is applicable. Green because: primary historical exploit template is mitigated at contract level; no current template identified. RD-F-163 n/a Avg attacker reconnaissance time for peer-class protocols Cat 11 threat intel signal (v1-deferred). Curator-assessed from hack DB and peer-class comparison. Dec 2022 attack: compressed reconnaissance (off-chain trojan, not multi-week on-chain reconnaissance; single session execution once key obtained; funding via FixedFloat 5ndLnEYqSFiA5yUFHo6LVZ1eWc6Rhh11K5CfJNkoHEPs, a no-KYC exchange). Attacker wallet linked to prior Solana NFT rug projects and wallet draining — suggests opportunistic threat actor, not state-sponsored APT. For Solana DeFi peer class: DPRK attacks average 3–6 months social engineering (Drift: 6 months; Lazarus prior patterns: 1–3 months). Requires manual curator input for peer-class reconnaissance time computation. Gray per taxonomy (M curation mode, S cadence — static assessment only). RD-F-164 n/a Leaked credential on paste/sentry site Cat 11 threat intel signal (v1-deferred). No public paste-site or Sentry credential dump referencing Raydium infrastructure endpoints or API keys identified in available public sources as of 2026-04-29. Raydium has a published SECURITY.md (data cache: security_md_present: true) indicating responsible disclosure channel. No credential leak for Raydium infra (Discord, Telegram admin, GitHub org keys, frontend API keys) identified. Gap: production monitoring requires automated credential-dump feed (e.g., HaveIBeenPwned, IntelligenceX), which is a proprietary tool dependency per the taxonomy (M curation mode). Assessment based on public OSINT only. RD-F-165 n/a Protocol social channel has scam-coordinator flag Cat 11 threat intel signal (v1-deferred). Raydium has active Telegram (t.me/raydiumprotocol official, t.me/raydium community) and Discord (44,718+ members) communities. Social channel compromise is a documented vector for Solana projects. No specific Telegram/Discord channel admin confirmed on curator scam-coordinator watchlist for Raydium's official channels at assessment date. However, the widespread fake Raydium airdrop and phishing ecosystem (PCRisk, PhishDestroy entries) represents a high-risk adjacent environment. Gray because: signal requires curator social watchlist with regular refresh — a proprietary feed dependency (M curation mode); cannot confirm or deny official channel infiltration from public OSINT alone. Public evidence shows active scam ecosystem adjacent to Raydium, not confirmed infiltration of official channels.
Tooling / compiler / AI Green 0 5 of 5
RD-F-171 n/a Bytecode similarity to audited upstream with behavior deviation Raydium is an original protocol — no audited upstream exists to compare bytecode against. BPF bytecode diff against Uniswap v3 (EVM/Solidity) is meaningless. No AI-copy risk pattern applicable.
RD-F-170 green Solc version used (known-bug versions flagged) Raydium uses Rust cargo build-sbf (Solana Bytecode Format) — not Solidity/solc. Solidity bug list N/A. Rust 1.81.0 specified in CLMM and CPMM setup docs — current stable release, no known high-severity Rust compiler bug for BPF target. Anchor 0.32.1 is current stable. Standard AMM uses cargo build-sbf with standard SBF toolchain.
RD-F-172 green Repo shows AI-tool co-authorship in critical files Recent commits in raydium-clmm (a5a46ff), raydium-cp-swap (609780f), and raydium-amm (3b087ad) inspected. Primary committers are RainRaydium and 0x777A (core team). No Co-authored-by: GitHub Copilot, Co-authored-by: Claude, or other AI tool co-author trailers detected in commit messages.
RD-F-173 green Team self-disclosure of AI-generated Solidity No public disclosure (blog, tweets, docs, GitHub discussions) found where Raydium team discloses AI-generated Rust/Solana code in security-critical contract paths. Web search and medium/docs review found no AI disclosure.
RD-F-174 green Dependency tree uses EOL Solidity version Rust 1.81.0 is a current stable release (released Sep 2024, within active support window as of Apr 2026). Solidity EOL check N/A (not a Solidity protocol). No EOL compiler version in use.
Response & disclosure hygiene Green 0 4 of 4
RD-F-175 green Disclosure channel exists Active Immunefi bug bounty program live since 2023-04-25 with 74 assets in scope, max payout $505K. Direct email channel security@reactorlabs.io documented in SECURITY.md (raydium-amm and raydium-clmm repos). Dual-channel disclosure (Immunefi platform + direct email). Operationally proven: two max-payout whitehack bounties paid ($505K tick manipulation July 2024; $505K liquidity drain May 2025).
RD-F-176 green Disclosure SLA public SECURITY.md explicitly states: 'We will reach back out within 24 hours with additional questions or next steps.' This is a publicly stated ≤72h acknowledgment SLA. Immunefi program also shows 'Med. Resolution Time: 2 days.' Two critical bug payouts at max ($505K each) demonstrate the process has been honored. Green threshold: SLA ≤72h acknowledgment publicly stated and honored. Both conditions met.
RD-F-177 green Prior known-ignored disclosure No evidence of any disclosed vulnerability being ignored before exploitation. The December 2022 exploit was an operational/key-management failure, not a code vulnerability that had been disclosed and ignored. Both Immunefi whitehack findings (CLMM tick manipulation Jan 2024; CPMM liquidity drain, disclosed/published May 2025) were patched before exploitation and maximum bounties paid. No post-mortem references a prior disclosure that was disregarded.
RD-F-178 green CVE/GHSA advisory issued against protocol No CVE or GHSA advisory issued against Raydium as of 2026-04-29. GitHub security advisories page for raydium-io/raydium-amm explicitly states 'There aren't any published security advisories.' CVEdetails.com search for Raydium returned vendor listing but no CVE entries for the protocol. Both critical bugs were handled as whitehack responsible disclosures via Immunefi (not formal CVE/GHSA pathway).
rubric_version v1.7.0 graded_at 2026-05-12 04:38:07 factors 184 protocol raydium