Appearance
Security and Transparency
JPool is built on the principle that users should never have to trust a single operator with their funds. This page covers the audits, architecture, and operational practices that protect your stake.
Smart contract audits
JPool runs on the Solana Stake Pool Program, an open-source, immutable on-chain program maintained by Solana Labs. The program has undergone 9 independent security audits by leading firms:
| Auditor | Report |
|---|---|
| Kudelski | Jul 2021 |
| Neodyme | Oct 2021 |
| Quantstamp | Oct 2021 |
| Neodyme (2nd) | Dec 2022 |
| OtterSec | Jan 2023 |
| Halborn | Jan 2023 |
| Neodyme (3rd) | Jan 2023 |
| Neodyme (4th) | Nov 2023 |
| Halborn (2nd) | Dec 2023 |
TIP
All audit reports are published in the Stake Pool Program documentation. The full source code is open for anyone to review.
Non-custodial architecture
JPool never has access to user funds. All staking, unstaking, and rebalancing operations are executed by the on-chain program with no intermediary.
- No custody risk. SOL deposited into JPool is managed entirely by the Stake Pool Program. No private key held by JPool operators can move user funds.
- Frontend-independent. Users can interact with the pool directly via the CLI even if the JPool website is unavailable.
- Always redeemable. JSOL can be burned to withdraw SOL at any time. Withdrawals are never blocked by JPool.
Multisig governance
Pool admin keys (manager and staker) are protected by a Squads multisig wallet with a 2-of-3 signing threshold. This means:
- No single operator can change pool parameters, add or remove validators, or update fees.
- Every administrative action requires approval from at least two key holders.
- Pool authority keys are stored on offline hardware wallets for additional protection.
Infrastructure security
JPool's web infrastructure follows industry best practices:
- Encryption in transit. All connections use TLS 1.3.
- DDoS and WAF protection. Cloudflare shields the frontend and API endpoints.
- Access controls. SSH access requires hardware security keys. All admin accounts use multi-factor authentication. Access follows the principle of least privilege.
- Secrets management. API keys and credentials are stored in a managed vault, never in source code.
- Monitoring. Prometheus and Grafana provide real-time alerting on system health and on-chain pool metrics.
Incident response
JPool maintains an incident response plan to handle security events quickly:
- Deposit pause. Deposits can be paused as a precaution. Withdrawals always remain open so users can exit at any time.
- On-call rotation. The operations team runs 24/7 alerting with defined escalation paths.
- Validator action. Underperforming or malicious validators can be removed and stake rebalanced within one epoch.
- Public disclosure. Severity-1 incidents are disclosed publicly after mitigation.
- Security contact. Report vulnerabilities or concerns to admin@jpool.one.