Skip to content

az0mb13/awesome-solana-security

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
README.md
README.md
 
 

Repository files navigation

Awesome Solana Security

Contributions are most welcome

Blogs on Audit Techniques and Vulnerabilities

Soteria/Sec3 Series

How to audit Solana smart contracts

  1. Part 1: A systematic approach - (https://medium.com/coinmonks/how-to-audit-solana-smart-contracts-part-1-a-systematic-approach-56a434f6c9ed)
  2. Part 2: automated scanning - (https://medium.com/coinmonks/how-to-audit-solana-smart-contracts-part-2-automated-scanning-ceb88830ae6d)
  3. Part 3: penetration testing - (https://medium.com/coinmonks/how-to-audit-solana-smart-contracts-part-3-penetration-testing-a315b3bbb2d3)
  4. Part 4: the Anchor framework - (https://medium.com/coinmonks/how-to-audit-solana-smart-contracts-part-4-the-anchor-framework-ef42d944f086)

BlockSec Series

Secure the Solana Ecosystem

  1. Hello Solana - (https://blocksecteam.medium.com/secure-the-solana-ecosystem-1-hello-solana-bb7ecc1e6b21)
  2. Calling Between Programs - (https://blocksecteam.medium.com/secure-the-solana-ecosystem-2-calling-between-programs-5fa3d947c4ed)
  3. Program Upgrade - (https://blocksecteam.medium.com/secure-the-solana-ecosystem-3-program-upgrade-5590c746016)
  4. Account Validation - (https://blocksecteam.medium.com/secure-the-solana-ecosystem-4-account-validation-2e28b062de0b)
  5. Multi-Sig - (https://blocksecteam.medium.com/secure-the-solana-ecosystem-5-multi-sig-99b74bbb3bfe)
  6. Multi-Sig2 - (https://blocksecteam.medium.com/secure-the-solana-ecosystem-6-multi-sig2-ef3e8d6cfe6f)
  7. Type Confusion - (https://blocksecteam.medium.com/secure-the-solana-ecosystem-7-type-confusion-90dbc19cd0cb)

Blogs and Articles

  1. Solana Smart Contracts: Common Pitfalls and How to Avoid Them - (https://blog.neodyme.io/posts/solana_common_pitfalls/)
  2. From Ethereum smart contracts to Solana programs: two common security pitfalls and beyond - (https://medium.com/coinmonks/from-ethereum-smart-contracts-to-solana-programs-two-common-security-pitfalls-and-beyond-ea5b919ade1c)
  3. Sealevel Attacks - Common Solana Exploit Codes and Recommendations - (https://github.com/coral-xyz/sealevel-attacks)
  4. 10 vulnerabilities - A twitter thread about Sealevel Attacks - (https://twitter.com/pencilflip/status/1483880018858201090)
  5. How to Hack Solana Smart Contracts/Programs - (https://halborn.com/how-to-hack-solana-smart-contracts-programs/)
  6. Solana: An Auditor's Introduction - (https://osec.io/blog/tutorials/2022-03-14-solana-security-intro/)
  7. The Story of the Curious Rent Thief - (https://osec.io/blog/reports/2022-08-19-solend-rent-thief/)
  8. Breakpoint 2021: Think Like an Attacker: Bringing Smart Contracts to Their Break(ing) Point - (https://www.youtube.com/watch?v=vbkhhgeP30I)
  9. Solana Program Security - Part 1 - (https://research.kudelskisecurity.com/2021/09/15/solana-program-security-part1/)
  10. Typical and Unique Issues for the NEAR Protocol - (https://0xguard.com/near_protocol/tpost/ja553x8db1-typical-and-unique-issues-for-the-near-p)

Audit Reports

  1. Bonafida Security Assessment by Kudelski Security - (https://github.com/Bonfida/token-vesting/blob/master/audit/Bonfida_SecurityAssessment_Vesting_Final050521.pdf)
  2. Solana Quantstampt Stake Pool Audit - (https://solana.com/SolanaQuantstampStakePoolAudit.pdf)
  3. SPL Stake Pool by Neodyme - (https://solana.com/SolanaNeodymeStakePoolAudit.pdf)
  4. Stake Pool - Solana Foundation by Kudelski Security - (https://solana.com/SolanaKudelskiStakePoolAudit.pdf)
  5. Solido Audit by Bramah Systems - (https://github.com/ChorusOne/solido/blob/main/audit/2021-07-05-bramah-systems.pdf)
  6. Lido on Solana - Neodyme - (https://github.com/ChorusOne/solido/blob/main/audit/2021-08-03-neodyme.pdf)
  7. Anker on Solana - Neodyme - (https://github.com/ChorusOne/solido/blob/main/audit/2022-04-06-neodyme.pdf)
  8. Saber.so Audit by Bramah Systems - (https://github.com/saber-hq/stable-swap/blob/master/audit/bramah-systems.pdf)
  9. Quarry by Quantstamp - (https://github.com/QuarryProtocol/quarry/blob/master/audit/quantstamp.pdf)
  10. Cega Vault by Ottersec - (https://github.com/otter-sec/cega-vault-report/blob/main/cega-vault-audit-public.pdf)
  11. Port Finance Sundial by Ottersec - (https://github.com/port-finance/sundial/blob/master/audits/port-finance-sundial-audit-public.pdf)
  12. Jet Governance by Ottersec - (https://github.com/jet-lab/jet-governance/blob/master/reports/jet-governance-audit-public.pdf)
  13. Marinade Finance by Kudelski - (https://solana.com/solana-security-audit-2019.pdf)

Solana Real-life Exploits and Hacks

Scanners and Tools

  1. Soteria - (https://medium.com/coinmonks/soteria-a-vulnerability-scanner-for-solana-smart-contracts-cc202cf17c99)
  2. Siderophile - (https://github.com/trailofbits/siderophile)
  3. List of Cargo crates and Tools for auditing rust - (https://www.reddit.com/r/rust/comments/ufwryc/comment/i6w629y/)
  4. L3X, AI-driven Smart Contract Static Analyzer - (https://github.com/VulnPlanet/l3x)
  5. First and only fuzzing framework for Solana smart contracts. Performs manually-guided fuzzing with flow-based sequences and property-based testing to discover vulnerabilities - Trident
  6. RegPilot (https://regpilot.io) - Consumer-friendly token safety platform for Solana. Instant 0-100 trust score covering smart contract risk, liquidity depth, holder distribution, audit status and on-chain red flags. Free. No wallet required.
  7. Sharpe Rug Check (https://www.sharpe.ai/rug-check) - Free multi-chain token safety scanner and rug pull checker. 0-100 risk score for Solana (SPL + Token-2022) with mint/freeze/update authority checks, Raydium LP lock verification, Jupiter-based honeypot simulation, and holder-concentration analysis. Also covers Ethereum, Base, BSC, Arbitrum, and Polygon. Public REST API and MCP server. No wallet required.

CTFs

  1. Solana CTF Framework by Ottersec - (https://github.com/otter-sec/sol-ctf-framework)
  2. Solana CTF Challenges by Neodyme - (https://github.com/neodyme-labs/solana-ctf)
  3. Neodyme Workshop - (https://workshop.neodyme.io/)

Interesting Github Repositories

  1. Solana POC Framework - (https://github.com/otter-sec/solana-poc-framework)
  2. Awesome Solana - (https://github.com/avareum/awesome-solana)

Beginner-friendly Development Resources

  1. Setting-up Solana Development Environment - (https://github.com/LearnWithArjun/solana-env-setup)
  2. How to Build & Deploy Smart Contracts on Solana - (https://www.leewayhertz.com/build-solana-smart-contracts/)
  3. learn-web3-dapp - (https://github.com/figment-networks/learn-web3-dapp)
  4. Learning Rust - (https://learning-rust.github.io/docs/a3.hello_world.html)

About

A curated list of awesome Solana security resources

Topics

security ethereum smart-contracts solidity evm smart-contract-tools security-tools smart-contract solana security-tool security-audits

Resources

Readme
Activity

Stars

72 stars

Watchers

1 watching

Forks

15 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors