osec-solana-auditor-introduction
Osec — Solana: An Auditor’s Introduction (reference)
Educational routing only. This skill does not reproduce the full article or code excerpts. Read the live post for complete detail.
Canonical URL
- Solana: An Auditor’s Introduction — osec.io blog, 14 March 2022.
Publisher: Otter Sec / Otter Audits LLC (smart contract security audits; per site footer).
What the article covers (outline)
The post frames Solana program security from a researcher / auditor lens: how the runtime executes contracts, where trust boundaries sit, and what an attacker can influence.
| Theme | Topics (high level) |
|---|---|
| Execution model | Programs as eBPF ELF loaded via BPF Loader; accounts as pubkey-addressed state; invocations = program id + account list + instruction data; no EVM-style “methods” at the syscall boundary—dispatch via instruction bytes (e.g. enums). Memory map regions (code/stack/heap/inputs) at a glance; Rust reducing typical memory-corruption focus. |
| Entry / deserialization | Common entrypoint and deserialization helpers; distinction between data serialized by the runtime vs fields under attacker control (e.g. instruction data; account list selection)—and metadata enforced by the runtime (signers, writable, owner). Links type confusion / wrong-account issues to lack of execution-level typing (mitigations such as hardcoded pubkeys, discriminators—often formalized today via Anchor). |
| Native programs | System Program and illustrative CreateAccount vs Transfer signer requirements; ownership constraints (e.g. SPL token accounts vs system-owned accounts). |
The introduction explicitly recommends Neodyme’s Security Workshop for hands-on vulnerability classes; this article complements it with fundamentals-first runtime context.
How to combine with blockint
| Need | Skill |
|---|---|
| Hands-on vulnerable levels | neodyme-solana-security-workshop |
| Anchor exploit/mitigation snippets | sealevel-attacks-solana |
| Audit / review workflow | solana-defi-vulnerability-analyst-agent |
| Doc indexes & tooling | solana-onchain-intelligence-resources |
Guardrails
- Staleness — published 2022; Solana runtime, program IDs, and best practices evolve—cross-check Solana documentation and current SIMD / release notes for material facts.
- Not a specification — blog is pedagogical; final authority is source code and on-chain behavior.
- Ethics — use understanding for defense, audits, and responsible disclosure, not theft or unauthorized exploitation.
Goal: a stable pointer to osec.io Solana security intro for runtime-aware Solana security reasoning in blockint.
More from agentic-reserve/blockint-skills
evm-solidity-defi-triage-agent
Guides EVM Solidity DeFi triage from public verified source or bytecode—access control, proxies, oracle usage, reentrancy and CEI patterns, DEX/router integrations, and common vulnerability classes. Use when the user asks for Ethereum or L2 smart contract security review, Solidity audit triage, OpenZeppelin proxy risks, or EVM-specific DeFi patterns—not for live exploits or private keys.
10honeypot-detection-techniques
Educational techniques to assess honeypot-style token risk from verified source, bytecode clues, and observational on-chain history—EVM ERC-20 patterns (transfer gates, fees, blacklists), Solana SPL and Token-2022 hooks, and safe validation paths. Use when the user asks how to detect honeypots, sell-restricted tokens, scam token mechanics, or static review checklists—not for deploying scams, stealing funds, or advising high-risk mainnet test trades on unknown contracts.
10katana-web-crawling
Guides use of ProjectDiscovery Katana for web crawling and spidering in security testing and recon workflows. Covers installation, standard vs headless mode, scope and rate limits, JSONL output, and piping from httpx or URL lists. Use when the user mentions Katana, projectdiscovery/katana, web crawling, spidering, endpoint discovery, attack surface mapping, or chaining crawlers in automation pipelines.
10solana-defi-vulnerability-analyst-agent
Guides discovery and documentation of Solana DeFi protocol risks from public code and chain state—Anchor/native programs, PDAs, CPIs, oracles, pools, SPL mechanics, and historical tx reconstruction. Use when the user asks for Solana program security review, DeFi vulnerability triage, PDA or CPI safety, oracle or liquidity-pool risk, launchpad/bonding-curve issues, or evidence-backed severity findings without exploits or private keys.
10solana-tracing-specialist
Guides Solana-specific on-chain forensics—ATA resolution, SPL instruction parsing, transaction history via RPC and indexers (e.g. Helius-style APIs), fund-flow graphs, Solana clustering heuristics, and program authority review. Use when the user investigates Solana wallets, SPL tokens, DEX/Jito flows, rug or phishing patterns on Solana, or needs evidence-structured tracing reports with public data only.
10risk-exposure-screening-concepts
Educational map of risk exposure screening—typical risk indicator taxonomies, exposure value and percentage, address-level vs transaction-level engines, and common template families (entity label, multi-hop interaction, blacklist). Use when the user asks how commercial screening tools reason about labeled addresses, tainted flows, or deposit vs withdrawal checks—not for legal sanctions determinations or substituting a vendor’s live rules.
10