Solana Security (Sealevel)

Scope

Use this skill for:

• Solana program auditing (Anchor/native)

• Solana account model pitfalls

• Solana-focused fuzzing / tooling / security references

Key Concepts

• Account model (mutable accounts, ownership, rent/exempt)

• Program Derived Addresses (PDA) and seeds

• Cross-Program Invocation (CPI) security

• Signer vs authority checks

• Serialization, discriminators, and account layout assumptions

Common Bug Classes

• Missing signer/authority validation

• Incorrect PDA derivation or seed collisions

• CPI to untrusted programs

• Account confusion (wrong account passed, mismatched owner)

• Arithmetic / precision issues in token math

Tooling

• Anchor framework and security patterns

• Fuzzers / harnesses (e.g., Trident)

• Program analyzers and disassemblers

Where to Add Links in README

• Solana SDKs/tools: Development → SDK / Development → Tools

• Solana audit checklists: Security

• Solana learning guides: Blockchain Guide

Rules

• Use English descriptions

• Avoid duplicates across categories

Data Source

For detailed and up-to-date resources, fetch the full list from:

https://raw.githubusercontent.com/gmh5225/awesome-web3-security/refs/heads/main/README.md