★ Public initialize() without initializer modifier

Raydium's assessment for RD-F-022 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Raydium uses Rust/Anchor on Solana — the OZ initializer modifier pattern does not exist. Anchor enforces initialization through account struct constraints (Signer<'info>, seeds, init). CPMM initialize requires creator Signer. Standard AMM v4 process_initialize2 checks is_signer explicitly. No open unguarded initialization vector found. EVM attack vector eliminated by architecture.

Sources #

GitHub
Standard AMM v4 — is_signer check on initializationraydium-amm processor.rs (process_initialize2 is_signer check)retrieved 2026-04-29
GitHub
CPMM initialize instruction (Signer constraint)raydium-cp-swap lib.rs (initialize requires creator Signer<'info>)retrieved 2026-04-29

Methodology #

Determine whether any implementation contract exposes `initialize(…)` without the OpenZeppelin `initializer` modifier or equivalent initialization lock.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol raydium factor RD-F-022 score green collected_at 2026-04-29 12:31:55