Solana Security (Sealevel)

Scope

Use this skill for:

• Solana program auditing (Anchor/native)
• Solana account model pitfalls
• Solana-focused fuzzing / tooling / security references

Key Concepts

• Account model (mutable accounts, ownership, rent/exempt)
• Program Derived Addresses (PDA) and seeds
• Cross-Program Invocation (CPI) security
• Signer vs authority checks
• Serialization, discriminators, and account layout assumptions

Common Bug Classes

• Missing signer/authority validation
• Incorrect PDA derivation or seed collisions
• CPI to untrusted programs
• Account confusion (wrong account passed, mismatched owner)
• Arithmetic / precision issues in token math

Tooling

• Anchor framework and security patterns
• Fuzzers / harnesses (e.g., Trident)
• Program analyzers and disassemblers

Where to Add Links in README

• Solana SDKs/tools: Development → SDK / Development → Tools
• Solana audit checklists: Security
• Solana learning guides: Blockchain Guide

Rules

• Use English descriptions
• Avoid duplicates across categories

Data Source

For detailed and up-to-date resources, fetch the full list from:

https://raw.githubusercontent.com/gmh5225/awesome-web3-security/refs/heads/main/README.md