Resources

Security guides and best practices

For Developers

Solana Program Security Guide

Comprehensive guide to writing secure Solana programs, covering common vulnerabilities and best practices.

For Protocols

Security Incident Response Plan

How to prepare and respond to security incidents in the Solana ecosystem, including templates and procedures.

For Users

Wallet Security Best Practices

Essential security practices for Solana wallet users, including key management and phishing prevention.

Common Solana Vulnerabilities

Signature Spoofing

Occurs when an attacker is able to bypass signature verification on an instruction, allowing unauthorized transactions.

// Vulnerable code pattern
if (pubkey.equals(expectedSigner)) { 
  // proceed with transaction
}

Prevention:

Always verify signatures using Solana's native signature verification functions. Never rely on manual comparison without cryptographic verification.

Account Validation Failures

When a program doesn't properly validate the ownership or properties of accounts, allowing attackers to supply malicious accounts.

// Missing ownership check
function process(account) {
  // directly use account data without ownership validation
}

Prevention:

Always verify account ownership, check all account relationships, and validate account data before processing transactions.

Price Oracle Manipulation

Occurs when attackers manipulate price feeds used by lending protocols to create artificial price movements.

// Vulnerable approach
function calculateLTV(asset, price) {
  // using price without validation or time-weighted checks
  return assetAmount * price;
}

Prevention:

Use time-weighted average prices (TWAP), implement circuit breakers, and cross-check prices from multiple sources.