Solana Security (Sealevel)
Scope
Use this skill for:
- •Solana program auditing (Anchor/native)
- •Solana account model pitfalls
- •Solana-focused fuzzing / tooling / security references
Key Concepts
- •Account model (mutable accounts, ownership, rent/exempt)
- •Program Derived Addresses (PDA) and seeds
- •Cross-Program Invocation (CPI) security
- •Signer vs authority checks
- •Serialization, discriminators, and account layout assumptions
Common Bug Classes
- •Missing signer/authority validation
- •Incorrect PDA derivation or seed collisions
- •CPI to untrusted programs
- •Account confusion (wrong account passed, mismatched owner)
- •Arithmetic / precision issues in token math
Tooling
- •Anchor framework and security patterns
- •Fuzzers / harnesses (e.g., Trident)
- •Program analyzers and disassemblers
Where to Add Links in README
- •Solana SDKs/tools:
Development → SDK/Development → Tools - •Solana audit checklists:
Security - •Solana learning guides:
Blockchain Guide
Rules
- •Use English descriptions
- •Avoid duplicates across categories
Data Source
For detailed and up-to-date resources, fetch the full list from:
code
https://raw.githubusercontent.com/gmh5225/awesome-web3-security/refs/heads/main/README.md