Skip to content

az0mb13/awesome-solana-security

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

29 Commits
 
 

Repository files navigation

Awesome Solana Security

Contributions are most welcome

Blogs on Audit Techniques and Vulnerabilities

Soteria/Sec3 Series

How to audit Solana smart contracts

  1. Part 1: A systematic approach - (https://medium.com/coinmonks/how-to-audit-solana-smart-contracts-part-1-a-systematic-approach-56a434f6c9ed)
  2. Part 2: automated scanning - (https://medium.com/coinmonks/how-to-audit-solana-smart-contracts-part-2-automated-scanning-ceb88830ae6d)
  3. Part 3: penetration testing - (https://medium.com/coinmonks/how-to-audit-solana-smart-contracts-part-3-penetration-testing-a315b3bbb2d3)
  4. Part 4: the Anchor framework - (https://medium.com/coinmonks/how-to-audit-solana-smart-contracts-part-4-the-anchor-framework-ef42d944f086)

BlockSec Series

Secure the Solana Ecosystem

  1. Hello Solana - (https://blocksecteam.medium.com/secure-the-solana-ecosystem-1-hello-solana-bb7ecc1e6b21)
  2. Calling Between Programs - (https://blocksecteam.medium.com/secure-the-solana-ecosystem-2-calling-between-programs-5fa3d947c4ed)
  3. Program Upgrade - (https://blocksecteam.medium.com/secure-the-solana-ecosystem-3-program-upgrade-5590c746016)
  4. Account Validation - (https://blocksecteam.medium.com/secure-the-solana-ecosystem-4-account-validation-2e28b062de0b)
  5. Multi-Sig - (https://blocksecteam.medium.com/secure-the-solana-ecosystem-5-multi-sig-99b74bbb3bfe)
  6. Multi-Sig2 - (https://blocksecteam.medium.com/secure-the-solana-ecosystem-6-multi-sig2-ef3e8d6cfe6f)
  7. Type Confusion - (https://blocksecteam.medium.com/secure-the-solana-ecosystem-7-type-confusion-90dbc19cd0cb)

Blogs and Articles

  1. Solana Smart Contracts: Common Pitfalls and How to Avoid Them - (https://blog.neodyme.io/posts/solana_common_pitfalls/)
  2. From Ethereum smart contracts to Solana programs: two common security pitfalls and beyond - (https://medium.com/coinmonks/from-ethereum-smart-contracts-to-solana-programs-two-common-security-pitfalls-and-beyond-ea5b919ade1c)
  3. Sealevel Attacks - Common Solana Exploit Codes and Recommendations - (https://github.com/coral-xyz/sealevel-attacks)
  4. 10 vulnerabilities - A twitter thread about Sealevel Attacks - (https://twitter.com/pencilflip/status/1483880018858201090)
  5. How to Hack Solana Smart Contracts/Programs - (https://halborn.com/how-to-hack-solana-smart-contracts-programs/)
  6. Solana: An Auditor's Introduction - (https://osec.io/blog/tutorials/2022-03-14-solana-security-intro/)
  7. The Story of the Curious Rent Thief - (https://osec.io/blog/reports/2022-08-19-solend-rent-thief/)
  8. Breakpoint 2021: Think Like an Attacker: Bringing Smart Contracts to Their Break(ing) Point - (https://www.youtube.com/watch?v=vbkhhgeP30I)
  9. Solana Program Security - Part 1 - (https://research.kudelskisecurity.com/2021/09/15/solana-program-security-part1/)
  10. Typical and Unique Issues for the NEAR Protocol - (https://0xguard.com/near_protocol/tpost/ja553x8db1-typical-and-unique-issues-for-the-near-p)

Audit Reports

  1. Bonafida Security Assessment by Kudelski Security - (https://github.com/Bonfida/token-vesting/blob/master/audit/Bonfida_SecurityAssessment_Vesting_Final050521.pdf)
  2. Solana Quantstampt Stake Pool Audit - (https://solana.com/SolanaQuantstampStakePoolAudit.pdf)
  3. SPL Stake Pool by Neodyme - (https://solana.com/SolanaNeodymeStakePoolAudit.pdf)
  4. Stake Pool - Solana Foundation by Kudelski Security - (https://solana.com/SolanaKudelskiStakePoolAudit.pdf)
  5. Solido Audit by Bramah Systems - (https://github.com/ChorusOne/solido/blob/main/audit/2021-07-05-bramah-systems.pdf)
  6. Lido on Solana - Neodyme - (https://github.com/ChorusOne/solido/blob/main/audit/2021-08-03-neodyme.pdf)
  7. Anker on Solana - Neodyme - (https://github.com/ChorusOne/solido/blob/main/audit/2022-04-06-neodyme.pdf)
  8. Saber.so Audit by Bramah Systems - (https://github.com/saber-hq/stable-swap/blob/master/audit/bramah-systems.pdf)
  9. Quarry by Quantstamp - (https://github.com/QuarryProtocol/quarry/blob/master/audit/quantstamp.pdf)
  10. Cega Vault by Ottersec - (https://github.com/otter-sec/cega-vault-report/blob/main/cega-vault-audit-public.pdf)
  11. Port Finance Sundial by Ottersec - (https://github.com/port-finance/sundial/blob/master/audits/port-finance-sundial-audit-public.pdf)
  12. Jet Governance by Ottersec - (https://github.com/jet-lab/jet-governance/blob/master/reports/jet-governance-audit-public.pdf)
  13. Marinade Finance by Kudelski - (https://solana.com/solana-security-audit-2019.pdf)

Solana Real-life Exploits and Hacks


Scanners and Tools

  1. Soteria - (https://medium.com/coinmonks/soteria-a-vulnerability-scanner-for-solana-smart-contracts-cc202cf17c99)
  2. Siderophile - (https://github.com/trailofbits/siderophile)
  3. List of Cargo crates and Tools for auditing rust - (https://www.reddit.com/r/rust/comments/ufwryc/comment/i6w629y/)
  4. L3X, AI-driven Smart Contract Static Analyzer - (https://github.com/VulnPlanet/l3x)
  5. First and only fuzzing framework for Solana smart contracts. Performs manually-guided fuzzing with flow-based sequences and property-based testing to discover vulnerabilities - Trident
  6. RegPilot (https://regpilot.io) - Consumer-friendly token safety platform for Solana. Instant 0-100 trust score covering smart contract risk, liquidity depth, holder distribution, audit status and on-chain red flags. Free. No wallet required.
  7. Sharpe Rug Check (https://www.sharpe.ai/rug-check) - Free multi-chain token safety scanner and rug pull checker. 0-100 risk score for Solana (SPL + Token-2022) with mint/freeze/update authority checks, Raydium LP lock verification, Jupiter-based honeypot simulation, and holder-concentration analysis. Also covers Ethereum, Base, BSC, Arbitrum, and Polygon. Public REST API and MCP server. No wallet required.
  8. Pumpora — Telegram bot that scores pump.fun tokens across 10 on-chain signals (dev wallet history, bundled supply, freeze authority, liquidity lock). Returns a 0–100 risk score in 3 seconds.
  9. TWZRD Agent Intel - Solana-native MCP server for AI agent trust scoring and x402 receipt verification. Free preflight trust assessment + signed V5 receipts at https://intel.twzrd.xyz

CTFs

  1. Solana CTF Framework by Ottersec - (https://github.com/otter-sec/sol-ctf-framework)
  2. Solana CTF Challenges by Neodyme - (https://github.com/neodyme-labs/solana-ctf)
  3. Neodyme Workshop - (https://workshop.neodyme.io/)

Interesting Github Repositories

  1. Solana POC Framework - (https://github.com/otter-sec/solana-poc-framework)
  2. Awesome Solana - (https://github.com/avareum/awesome-solana)

Beginner-friendly Development Resources

  1. Setting-up Solana Development Environment - (https://github.com/LearnWithArjun/solana-env-setup)
  2. How to Build & Deploy Smart Contracts on Solana - (https://www.leewayhertz.com/build-solana-smart-contracts/)
  3. learn-web3-dapp - (https://github.com/figment-networks/learn-web3-dapp)
  4. Learning Rust - (https://learning-rust.github.io/docs/a3.hello_world.html)

About

A curated list of awesome Solana security resources

Topics

Resources

Stars

74 stars

Watchers

1 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors