We scanned the top 15 Solana DeFi protocols using on-chain data. The results are alarming.
Key Findings
- 13 out of 15 protocols have upgrade authority keys
- 8 authority wallets show zero recent transactions (dormant)
- Raydium CPMM and AMM v4 share the SAME authority key (377 SOL)
- Only Orca Token Swap and Mango Markets v3 are fully immutable
The Tool
We built solscan-cli, an open-source Rust CLI that extracts upgrade authorities directly from Solana program accounts. No APIs, no third parties.
Try the web version: SolScan Web
Protocol Breakdown
| Protocol | Status | Authority SOL | Activity |
|---|---|---|---|
| Orca Token Swap | Immutable | - | - |
| Mango Markets v3 | Immutable | - | - |
| Jupiter v6 | Active | 0.33 | 100+ txs |
| Orca Whirlpool | Active | 4.18 | 100+ txs |
| Raydium CPMM | Shared | 377 | 100+ txs |
| Raydium AMM v4 | Shared | 377 | Same key |
| Solend | Dormant | 12.01 | 0 txs |
| Drift | Dormant | 0.23 | 0 txs |
| Marinade | Dormant | 0 | 0 txs |
Why This Matters
Upgradeability allows bug fixes but is a trust assumption. When you deposit into a protocol, you trust the authority won't drain pools or change logic.
Full Report
Built with solscan-cli - open source, MIT license. Contributions and tips welcome.
Top comments (0)