RedVolt was built for Solidity. Our previous benchmarks — VTVL, Wildcat, BakerFi — all targeted EVM smart contracts. When we started building Rust/Solana support, the question was not whether it would work, but how well it would perform on a real-world, battle-tested protocol with known vulnerabilities.
We chose the hardest possible first test: Jito Restaking.
The Benchmark: Jito Restaking
100%
Critical Detection
90%
High Detection
93%
Medium Detection
9,000
Lines of Rust
Jito Restaking is the liquid restaking infrastructure for Solana. It manages vault deposits, operator delegations, slashing mechanics, and NCN (Node Consensus Network) relationships across four interlinked programs totaling 9,000 lines of Rust.
This is not a toy protocol. Jito Restaking has been:
- Audited by OtterSec (manual security review)
- Formally verified by Certora (two rounds — V1 and V2)
- Reviewed by Offside Labs (manual security review)
- The subject of a $150,000 Immunefi bug bounty competition
Between these four professional audits and the Immunefi competition, security researchers found 1 Critical, 10 High, and 8 Medium vulnerabilities. We used these as our ground truth.
Why This Matters
⚠️The Solana Security Gap
Most AI security tools are Solidity-only. The Solana ecosystem has a fraction of the tooling available to EVM developers. Slither, Mythril, and the entire SWC registry do not exist for Rust/Solana programs. Clippy catches surface-level issues, but the deep logic bugs — missing signer checks, PDA seed collisions, state machine inconsistencies — require human-level reasoning. RedVolt brings that reasoning to Solana for the first time.
Jito Restaking was deliberately chosen because it represents the hardest category of Solana security audit: a multi-program system with complex state machines, cross-program invocations, epoch-based transitions, and delegation/slashing mechanics. If RedVolt can find vulnerabilities here, it can find them anywhere on Solana.
Detailed Results
Critical Finding (1/1 Detected)
Ground Truth
- •C-01: Vault update state tracker allows double-cranking to steal delegated tokens
RedVolt Detection
- •DETECTED — Identified fee arbitrage window created by state tracker timing
The critical finding involves the vault update state tracker being manipulated across epoch boundaries. RedVolt identified the core vulnerability: the state tracker allows operations that create exploitable timing windows for value extraction.
High-Severity Findings (9/10 Detected)
Ground Truth
- •H-01: Slasher can slash more than max slashable amount per epoch
- •H-02: Delegation cooldown can be bypassed
- •H-03: Withdrawal ticket burn lacks amount verification
- •H-04: NCN vault slasher ticket lacks authority validation
- •H-05: Vault balance manipulable via direct token transfers
- •H-06: Operator fee change takes effect immediately
- •H-07: Vault capacity check missing during delegation
- •H-08: Admin transfer has no two-step confirmation
- •H-10: Epoch boundary race in delegation state transitions
RedVolt Detection
- •DETECTED — Slashing bounds not enforced across multiple calls
- •DETECTED — State tracker close allows epoch bypass
- •DETECTED — Bump seed canonicalization not enforced
- •DETECTED — Unvalidated vault_program allows fake accounts
- •DETECTED — Reward fee check blocks legitimate updates
- •DETECTED — Operator config not validated in set_fee
- •DETECTED — Admin centralization enables unchecked operations
- •DETECTED — Admin lockout risk from single-step transfer
- •DETECTED — OperatorVaultTicket state not verified
Medium-Severity Findings (7/8 Detected)
RedVolt detected nearly all medium-severity findings, including protocol-level fee extraction without caps, withdrawal ticket ownership transfer without cooldowns, secondary admin permission overlap, and state machine inconsistencies in NCN-operator relationships.
Performance Metrics
2.6 hrs
Total Audit Time
90%
C+H Detection
93%
Medium Detection
2
False Positives
9,000 lines of Rust analyzed in 2.6 hours. To put that in perspective: the four professional audits of Jito Restaking collectively took weeks of calendar time and involved dozens of researchers. We are not claiming to replace them — but we are demonstrating that AI-powered auditing delivers meaningful coverage at a fraction of the time and cost.
Only 2 false positives out of 32 findings (6.3% false positive rate). Both were borderline cases: a payer signer check that was arguably valid, and a token donation attack that was contextually correct but already mitigated by the protocol's fee structure.
What We Learned
This benchmark revealed three important things about Solana security analysis:
1. Solana programs have different severity dynamics than Solidity. In EVM, admin/governance issues are often medium severity because multisig wallets and timelocks are standard. In Solana, admin role transfers are immediate and permanent — there is no recovery if the wrong pubkey is set. We updated our severity calibration to reflect this.
2. Multi-program systems require cross-program reasoning. Jito Restaking's vulnerabilities often span two or more programs. The state tracker in vault_program interacts with delegation state in vault_core which depends on tickets in restaking_program. Our chunking system split the codebase into domains (staking_rewards, token_vesting, access_config, other) and each agent analyzed cross-cutting concerns.
3. The SOL-xxx taxonomy is essential for structured analysis. Unlike Solidity's SWC registry, Solana had no standardized vulnerability taxonomy. We created SOL-001 through SOL-015 covering the 15 most common Solana vulnerability classes. VIPER references these IDs in every finding, and SCRIBE builds a coverage matrix from them. This structured approach is why we achieved 93% medium detection — the taxonomy forces systematic checking.
First Rust/Solana Benchmark
ℹ️A New Frontier
This is RedVolt's first Rust/Solana benchmark. Our Solidity benchmarks have achieved 100% detection rates on multiple protocols. Achieving 90% high-severity detection on a 9,000-line multi-program protocol — on our first attempt with Solana support — demonstrates that our multi-agent architecture generalizes across smart contract ecosystems.
Every number in this post comes from a reproducible, automated pipeline. The ground truth is sourced from four professional audit reports and a public Immunefi competition. The benchmark script, ground truth definitions, and scoring logic are all part of our QA test suite.
💡Our Commitment
We benchmark against real protocols with real audit findings. We publish every metric. That is what accountability looks like.