GithubHelp home page GithubHelp logo

awesome-solana-security's Introduction

Awesome Solana Security

Contributions are most welcome

Blogs on Audit Techniques and Vulnerabilities

Soteria/Sec3 Series

How to audit Solana smart contracts

  1. Part 1: A systematic approach - (https://medium.com/coinmonks/how-to-audit-solana-smart-contracts-part-1-a-systematic-approach-56a434f6c9ed)
  2. Part 2: automated scanning - (https://medium.com/coinmonks/how-to-audit-solana-smart-contracts-part-2-automated-scanning-ceb88830ae6d)
  3. Part 3: penetration testing - (https://medium.com/coinmonks/how-to-audit-solana-smart-contracts-part-3-penetration-testing-a315b3bbb2d3)
  4. Part 4: the Anchor framework - (https://medium.com/coinmonks/how-to-audit-solana-smart-contracts-part-4-the-anchor-framework-ef42d944f086)

BlockSec Series

Secure the Solana Ecosystem

  1. Hello Solana - (https://blocksecteam.medium.com/secure-the-solana-ecosystem-1-hello-solana-bb7ecc1e6b21)
  2. Calling Between Programs - (https://blocksecteam.medium.com/secure-the-solana-ecosystem-2-calling-between-programs-5fa3d947c4ed)
  3. Program Upgrade - (https://blocksecteam.medium.com/secure-the-solana-ecosystem-3-program-upgrade-5590c746016)
  4. Account Validation - (https://blocksecteam.medium.com/secure-the-solana-ecosystem-4-account-validation-2e28b062de0b)
  5. Multi-Sig - (https://blocksecteam.medium.com/secure-the-solana-ecosystem-5-multi-sig-99b74bbb3bfe)
  6. Multi-Sig2 - (https://blocksecteam.medium.com/secure-the-solana-ecosystem-6-multi-sig2-ef3e8d6cfe6f)
  7. Type Confusion - (https://blocksecteam.medium.com/secure-the-solana-ecosystem-7-type-confusion-90dbc19cd0cb)

Blogs and Articles

  1. Solana Smart Contracts: Common Pitfalls and How to Avoid Them - (https://blog.neodyme.io/posts/solana_common_pitfalls/)
  2. From Ethereum smart contracts to Solana programs: two common security pitfalls and beyond - (https://medium.com/coinmonks/from-ethereum-smart-contracts-to-solana-programs-two-common-security-pitfalls-and-beyond-ea5b919ade1c)
  3. Sealevel Attacks - Common Solana Exploit Codes and Recommendations - (https://github.com/coral-xyz/sealevel-attacks)
  4. 10 vulnerabilities - A twitter thread about Sealevel Attacks - (https://twitter.com/pencilflip/status/1483880018858201090)
  5. How to Hack Solana Smart Contracts/Programs - (https://halborn.com/how-to-hack-solana-smart-contracts-programs/)
  6. Solana: An Auditor's Introduction - (https://osec.io/blog/tutorials/2022-03-14-solana-security-intro/)
  7. The Story of the Curious Rent Thief - (https://osec.io/blog/reports/2022-08-19-solend-rent-thief/)
  8. Breakpoint 2021: Think Like an Attacker: Bringing Smart Contracts to Their Break(ing) Point - (https://www.youtube.com/watch?v=vbkhhgeP30I)
  9. Solana Program Security - Part 1 - (https://research.kudelskisecurity.com/2021/09/15/solana-program-security-part1/)
  10. Typical and Unique Issues for the NEAR Protocol - (https://0xguard.com/near_protocol/tpost/ja553x8db1-typical-and-unique-issues-for-the-near-p)

Audit Reports

  1. Bonafida Security Assessment by Kudelski Security - (https://github.com/Bonfida/token-vesting/blob/master/audit/Bonfida_SecurityAssessment_Vesting_Final050521.pdf)
  2. Solana Quantstampt Stake Pool Audit - (https://solana.com/SolanaQuantstampStakePoolAudit.pdf)
  3. SPL Stake Pool by Neodyme - (https://solana.com/SolanaNeodymeStakePoolAudit.pdf)
  4. Stake Pool - Solana Foundation by Kudelski Security - (https://solana.com/SolanaKudelskiStakePoolAudit.pdf)
  5. Solido Audit by Bramah Systems - (https://github.com/ChorusOne/solido/blob/main/audit/2021-07-05-bramah-systems.pdf)
  6. Lido on Solana - Neodyme - (https://github.com/ChorusOne/solido/blob/main/audit/2021-08-03-neodyme.pdf)
  7. Anker on Solana - Neodyme - (https://github.com/ChorusOne/solido/blob/main/audit/2022-04-06-neodyme.pdf)
  8. Saber.so Audit by Bramah Systems - (https://github.com/saber-hq/stable-swap/blob/master/audit/bramah-systems.pdf)
  9. Quarry by Quantstamp - (https://github.com/QuarryProtocol/quarry/blob/master/audit/quantstamp.pdf)
  10. Cega Vault by Ottersec - (https://github.com/otter-sec/cega-vault-report/blob/main/cega-vault-audit-public.pdf)
  11. Port Finance Sundial by Ottersec - (https://github.com/port-finance/sundial/blob/master/audits/port-finance-sundial-audit-public.pdf)
  12. Jet Governance by Ottersec - (https://github.com/jet-lab/jet-governance/blob/master/reports/jet-governance-audit-public.pdf)
  13. Marinade Finance by Kudelski - (https://solana.com/solana-security-audit-2019.pdf)

Solana Real-life Exploits and Hacks

Scanners and Tools

  1. Soteria - (https://medium.com/coinmonks/soteria-a-vulnerability-scanner-for-solana-smart-contracts-cc202cf17c99)
  2. Siderophile - (https://github.com/trailofbits/siderophile)
  3. List of Cargo crates and Tools for auditing rust - (https://www.reddit.com/r/rust/comments/ufwryc/comment/i6w629y/)
  4. L3X, AI-driven Smart Contract Static Analyzer - (https://github.com/VulnPlanet/l3x)

CTFs

  1. Solana CTF Framework by Ottersec - (https://github.com/otter-sec/sol-ctf-framework)
  2. Solana CTF Challenges by Neodyme - (https://github.com/neodyme-labs/solana-ctf)
  3. Neodyme Workshop - (https://workshop.neodyme.io/)

Interesting Github Repositories

  1. Solana POC Framework - (https://github.com/otter-sec/solana-poc-framework)
  2. Awesome Solana - (https://github.com/avareum/awesome-solana)

Beginner-friendly Development Resources

  1. Setting-up Solana Development Environment - (https://github.com/LearnWithArjun/solana-env-setup)
  2. How to Build & Deploy Smart Contracts on Solana - (https://www.leewayhertz.com/build-solana-smart-contracts/)
  3. learn-web3-dapp - (https://github.com/figment-networks/learn-web3-dapp)
  4. Learning Rust - (https://learning-rust.github.io/docs/a3.hello_world.html)

awesome-solana-security's People

Contributors

az0mb13 avatar yevh avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.