AGORA
Audit packs
Audit pack

Marinade Finance (demo target)

Program
MarBmsSgKXdrN1egZf5sqe1TMtaiTJp4n4FAW9z9bWmF
Scanned
2026-05-24
Exposure gradeLOW

Low exposure

Weighted index 17

Findings by tier

High
1
Medium
1
Info
1

Top authorities by blast radius

  • CA-0022 edges
  • CA-0042 edges
  • CA-0011 edge

This grade is a single-baseline exposure snapshot, not a portfolio certification. It reflects one scanned target at one point in time and does not aggregate or certify exposure across multiple programs.

Blast-radius map

Each authority fans out to the instructions, accounts, and calls it gates. Edge colour marks the region the reach crosses into.

Blast-radius reach mapCA-004 Holds crypto:ed25519:vault-authority (On-chain program reach)CA-004 Uses service:vault-signer (On-chain program reach)CA-002 Uses crypto:ed25519:vault-authority (Off-chain service reach)CA-002 DependsOn app:vault-console (Off-chain service reach)CA-001 DerivedFrom crypto:ed25519:vault-authority (Client reach)CA-004CA-004 authority (On-chain program, High)CA-002CA-002 authority (Off-chain service, Medium)CA-001CA-001 authority (Client, Info)vault-authorityvault-authority (On-chain program reach)vault-signervault-signer (On-chain program reach)vault-consolevault-console (Off-chain service reach)
  • On-chain program
  • Off-chain service
  • Client

Findings summary

High
1
Medium
3
Info
12

Top findings

CA-004High

Mint authority on Ed25519 single signer

programs/marinade-finance/src/state/liq_pool.rs:142

CA-002Medium

Stake authority held by single signer

programs/marinade-finance/src/lib.rs:88

CA-001Info

Ed25519 verification site enumerated

programs/marinade-finance/src/checks.rs:33

CA-001Info

Sha256 hash site enumerated

programs/marinade-finance/src/state/list.rs:71

CA-003Medium

CPI assumes Ed25519 on callee authority

programs/marinade-finance/src/cpi.rs:25

Artefacts