Solana Security
Technical topics related to writing and auditing Solana program security.
shazow pfp

@shazow.eth

https://warpcast.com/chaskin.eth/0xf9e9025c
0 reply
0 recast
0 reaction
shazow pfp

@shazow.eth

Interesting that Compute Units capacity is dropping because transactions are overestimating their needed CU so it's prematurely saturating blocks. https://x.com/_weidai/status/1881114478382862487
1 reply
0 recast
2 reactions
androidsixteen pfp

@androidsixteen.eth

https://warpcast.com/typeof.eth/0xc7c29450
1 reply
1 recast
1 reaction
shazow pfp

@shazow.eth

https://x.com/optimizoor/status/1862575263126888617
0 reply
1 recast
0 reaction
gilbert pfp

@0xgib

When transferring all SOL out of an account on Solana (aka "closing" the account), the account doesn't actually get removed until the end of the transaction. Done naively, this allows attackers to reuse or reinitialize the account, potentially draining funds from the protocol 🫢
1 reply
3 recasts
6 reactions
gilbert pfp

@0xgib

Solana's official "Token Program", released in 2020, serves as an "ERC-20"-like program for creating fungible and non-fungible tokens. Interestingly, a new "Token-2022 Program" was developed, stemming from an issue with Solana's programming model.
0 reply
0 recast
2 reactions
gilbert pfp

@0xgib

Solana programs do not have overflow/underflow checks on by default. You must enable them by setting `overflow-checks = true` in your Cargo.toml
1 reply
0 recast
0 reaction
gilbert pfp

@0xgib

Meant to post this in this channel:
0 reply
0 recast
2 reactions
@ pfp

@emr.eth

hi we are starting a new educational program in collaboration with the solana foundation: Solana Auditors Bootcamp https://warpcast.com/ackee/0xde3231fe
0 reply
0 recast
0 reaction
@ pfp

@emr.eth

are there any continuous monitoring services for Solana that are open-source?
0 reply
0 recast
2 reactions
Ackee Blockchain Security pfp

@ackee

Fuzz test your Solana Programs with /trident https://ackee.xyz/blog/introducing-trident-the-first-open-source-fuzzer-for-solana-programs/
0 reply
0 recast
4 reactions
shazow pfp

@shazow.eth

https://twitter.com/0xMert_/status/1768317310295556199
0 reply
0 recast
1 reaction
gilbert pfp

@0xgib

Solana uses a fixed size stack frame of 4KB. This means if a function call uses more than 4KB of parameters, local vars, etc. then the program (thankfully) crashes
1 reply
0 recast
2 reactions
gilbert pfp

@0xgib

One way to bridge assets (or send messages in general) to/from Solana is to use the Wormhole protocol. Wormhole has an off-chain network of "Guardians" that pass these messages across chains. However, there are exactly 19, and only 19... anyone know something about this? https://wormhole.com/blockchains/#guardians
1 reply
0 recast
0 reaction
gilbert pfp

@0xgib

On Solana, you can have a single transaction that makes multiple top-level program calls. In contrast, an EVM tx only supports sending calldata to a single contract address.
2 replies
0 recast
1 reaction