new lesson: JupLend Security

[mu1titudes]

Written by slorg.

[tpompon]

📚 Lesson review — jupiter-lend-security.mdx

Automated review by the Academy lesson agents. Read-only — nothing was changed. Reviewed commit 6e2b156.

Summary: 🔴 5 blockers · 🟡 17 suggestions across 4 checks

🖼️ Integrity (illustrations · video · links · frontmatter · glossary)

Verdict: 0 blockers, 6 suggestions

Sev	Where	Finding	Suggested fix
🟡	line 19	Internal link [Jupiter Lend](/lessons/jupiter-earn) — link text says "Jupiter Lend" but the target lesson is titled "Maximizing Passive Returns with Jupiter Earn". Display text and destination mismatch. (Also raised by quality as a blocker.)	Change link text to "Jupiter Earn", or point to the correct Jupiter Lend lesson if one exists/planned
🟡	line 17	DeFi used in prose, not wrapped in <Term id="defi"> (glossary entry exists)	Wrap first occurrence: <Term id="defi">DeFi</Term>
🟡	line 23	flash loans and liquidation not wrapped in <Term> (glossary entries exist)	Wrap: <Term id="flash-loan">flash loans</Term>, <Term id="liquidation">liquidation</Term>
🟡	line 37	smart contract not wrapped in <Term id="smart-contract"> (glossary entry exists)	Wrap first occurrence
🟡	line 47	Oracle used throughout Layer 3 but never wrapped in <Term id="oracle"> (glossary entry exists)	Wrap first prose occurrence
🟡	line 54	Liquid staking tokens not wrapped in <Term id="liquid-staking-token"> (glossary entry exists)	Wrap first occurrence

🔎 Accuracy vs docs.jup.ag

Verdict: 1 blocker, 4 to verify

Docs consulted:

• https://developers.jup.ag/docs/resources/audits
• https://docs.jup.ag/user-docs/earn/lend/liquidity-layer-and-risk-management.md
• https://docs.jup.ag/user-docs/earn/lend/protocol-details.md
• https://docs.jup.ag/user-docs/earn/lend/faq.md
• https://www.certora.com/

Sev	Lesson says (line)	Docs say (source)	Action
🔴	"These ceilings adjust continuously based on protocol activity" (l.60)	"The ceiling expands/decreases gradually every 6 hours by up to 25% (up to 50% for some vaults)" — liquidity-layer-and-risk-management.md	Replace "adjust continuously" with "adjust every 6 hours by up to 25% (up to 50% for some vaults)"
🟡	"Program upgrades require 4 of 7 multisig signers" (l.37)	Not stated in official docs; jup.ag/lend/transparency (live app) is the intended source but not machine-readable	Confirm threshold against transparency page or team
🟡	"Non-program upgrades require 6 of 10 signers" (l.40)	Not stated in official docs	Confirm threshold
🟡	"Program upgrades require verifications from 3 independent parties" (l.39)	Not stated in official docs	Confirm number of required verifiers
🟡	"All multisig transactions require at least three independent verifications" (l.41)	Not stated in official docs; X post confirms the concept but not the count	Confirm count

Confirmed accurate: 7 audits across 4 firms (Zenith, Offside Labs, Mixbytes, OtterSec); Certora formal verification ($100B+ secured, covers Aave/Uniswap/Coinbase); fully open-source since December 2025; 12-hour timelock; oracle stack Chainlink/Pyth/Redstone; contract-based LST pricing.

✍️ Quality (language · coherence)

Verdict: 4 blockers, 8 suggestions

Sev	Where	Finding	Suggested fix
🔴	line 15	Heading "The Security of Jupiter Lend" doesn't match frontmatter title "How Jupiter Lend Keeps Your Funds Safe"; siblings mirror the title	Change heading to ## How Jupiter Lend Keeps Your Funds Safe
🔴	line 19	[Jupiter Lend](/lessons/jupiter-earn) labels the link "Jupiter Lend" but routes to the Jupiter Earn lesson	Change anchor text to "Jupiter Earn" (or link a real Lend overview if it exists)
🔴	line 51	Subject-verb disagreement: "Three independent price sources … means…"	Replace "means" with "mean"
🔴	line 43	"The layers are designed to fail independently, not together" inverts the intended defense-in-depth meaning	Replace with "Each layer is designed to hold independently — a breach of one does not cascade to the others."
🟡	whole lesson	No <Term> components anywhere; siblings use 5–10	Wrap at least DeFi, multisig, oracle, liquidation
🟡	whole lesson	No closing takeaway/recap; lesson ends mid-thought on the circuit breaker	Add a short closing section summarising how the four layers interlock
🟡	whole lesson	No image — structural outlier vs corpus	Add a four-layer security-stack diagram
🟡	line 25	Ambiguous pronoun: "over $100B in secured assets across their portfolio"	Rewrite: "a firm whose portfolio covers over $100B in secured assets across Aave, Uniswap, Coinbase, and others"
🟡	line 39 vs 41	Bullets 3 and 5 both describe "three independent verifications" but aren't distinguished	Add clarifying parentheticals: "(pre-deployment code verification)" / "(transaction-level signing verification)"
🟡	line 39	Circular phrasing: "submitted upgrade is exactly the same as the one about to go live"	Rewrite: "the code approved by the multisig matches the binary that will actually be deployed"
🟡	line 47	"unjust liquidations" — wrong register	Replace with "erroneous liquidations"
🟡	line 39 & 41	Inconsistent quote style ("hash" vs 'signing-UI manipulation')	Standardise to double straight quotes

🧠 Quiz (proposed)

Verdict: proposed 4-question quiz — for the app repo, not this content repo.

• Q1 — covers "Layer 1: Code-Level Security" (formal verification vs audits)
• Q2 — covers "Layer 2: Operational Security" (12-hour timelock purpose)
• Q3 — covers "Layer 3: The Oracle Stack" (LST contract-based pricing)
• Q4 — covers "Layer 2: Operational Security" (signing-UI manipulation defense)

Proposed quiz JSON

{
  "questions": [
    {
      "question": "What makes formal verification fundamentally different from a traditional security audit?",
      "options": [
        "It is performed by a larger team of reviewers",
        "It mathematically proves that specific properties hold for every possible input",
        "It checks the protocol against a list of known exploit patterns",
        "It requires the codebase to be open-source before it can run"
      ],
      "correctAnswer": 1,
      "explanation": "Unlike an audit where a reviewer searches for issues they can think to test, formal verification uses mathematical proofs to guarantee that certain properties hold across all possible inputs."
    },
    {
      "question": "Why does Jupiter Lend enforce a 12-hour timelock on program upgrades even after the multisig has approved a change?",
      "options": [
        "To give the Solana network time to propagate the new bytecode",
        "To allow independent verifiers to recompute the price oracle feeds",
        "To give the community a window to inspect the pending upgrade and respond if something looks wrong",
        "To comply with regulatory requirements on smart contract deployments"
      ],
      "correctAnswer": 2,
      "explanation": "The timelock separates approval from execution so that any suspicious or malicious upgrade can be identified and challenged before it takes effect."
    },
    {
      "question": "How does Jupiter Lend price liquid staking tokens (LSTs) to protect against short-term market depegs?",
      "options": [
        "By averaging the price across all three oracle providers",
        "By using a time-weighted average price from the largest DEX liquidity pool",
        "By rejecting any price that falls outside a predefined confidence band",
        "By sourcing the price directly from the LST contract's onchain redemption rate"
      ],
      "correctAnswer": 3,
      "explanation": "Contract-based pricing anchors LST valuations to their actual onchain redemption value rather than secondary market prices, making them immune to temporary depegs."
    },
    {
      "question": "What threat does the requirement for 3 independent verifications of a multisig transaction specifically defend against?",
      "options": [
        "A single compromised signer acting unilaterally to push an upgrade",
        "Stale oracle prices being accepted during periods of low network activity",
        "Signing-UI manipulation, where a transaction looks legitimate in the interface but executes different instructions",
        "Rapid liquidity drains caused by a smart contract vulnerability"
      ],
      "correctAnswer": 2,
      "explanation": "Requiring multiple independent parties to verify the underlying transaction ensures that what signers see in their interface matches what will actually be executed on-chain."
    }
  ]
}

App maintainer: save to src/data/quizes/jupiter-lend-security.quiz.json in academy.jup.ag and run pnpm sync-quizzes.

---

🤖 Ready-to-use prompt for Claude Code

Copy this into Claude Code on the PR branch to apply the fixes:

Apply the Jupiter Academy lesson review for lessons/jupiter-lend-security.mdx.

Blockers (must fix):
1. Line 60: Replace "These ceilings adjust continuously based on protocol activity" with "adjust every 6 hours, expanding or contracting by up to 25% (up to 50% for certain vaults)". Source: https://docs.jup.ag/user-docs/earn/lend/liquidity-layer-and-risk-management.md
2. Line 15: Change the heading "## The Security of Jupiter Lend" to "## How Jupiter Lend Keeps Your Funds Safe" to match the frontmatter title.
3. Line 19: The link [Jupiter Lend](/lessons/jupiter-earn) mislabels its target (the Jupiter Earn lesson). Change the anchor text to "Jupiter Earn", or repoint to a real Jupiter Lend overview lesson if one exists.
4. Line 51: Fix subject-verb agreement — "Three independent price sources from three separate providers means" → "...mean".
5. Line 43: Replace "The layers are designed to fail independently, not together." with "Each layer is designed to hold independently — a breach of one does not cascade to the others."

Suggestions (apply if you agree):
1. Lines 37, 39-41: The multisig thresholds (4-of-7, 6-of-10) and "3 independent verifications" counts are not in the official docs. Confirm against the live jup.ag/lend/transparency page or with the Jupiter Lend team before publishing.
2. Wrap key terms in <Term>: <Term id="defi">DeFi</Term> (line 17), <Term id="flash-loan">flash loans</Term> + <Term id="liquidation">liquidation</Term> (line 23), <Term id="smart-contract">smart contract</Term> (line 37), <Term id="oracle">oracle</Term> (line 47), <Term id="liquid-staking-token">Liquid staking tokens</Term> (line 54).
3. Add a closing takeaway/recap section summarising how the four security layers interlock — the lesson currently ends mid-thought on the circuit breaker.
4. Add at least one illustration (e.g. a four-layer security-stack diagram) to match sibling lesson conventions.
5. Line 25: Resolve the ambiguous pronoun — rewrite "with over $100B in secured assets across their portfolio" to "a firm whose portfolio covers over $100B in secured assets across Aave, Uniswap, Coinbase, and others".
6. Lines 39/41: Distinguish the two "three independent verifications" bullets with parentheticals like "(pre-deployment code verification)" and "(transaction-level signing verification)".
7. Line 39: Rewrite the circular phrasing "the submitted upgrade is exactly the same as the one about to go live" to "the code approved by the multisig matches the binary that will actually be deployed".
8. Line 47: Replace "unjust liquidations" with "erroneous liquidations".
9. Line 41: Standardise quote style to double straight quotes ("signing-UI manipulation").

Then commit and push to this PR branch. Do not invent facts — cite docs.jup.ag where the review did. Keep the Academy tone (educational, no financial advice).

(Quiz proposal in the comment above is for the app repo — not this content repo.)

_{Re-run with /review-lesson-pr 20 after pushing — this comment updates in place.}

[mu1titudes]

Agentic feedback addressed. No further comments.

• softened language on ceiling movement
• title update
• minor corrections on grammar, punctuation, syntax