Security Audit of Solana Smart Contracts

THINK LIKE A HACKER!

A concrete auditor must have a mindset of hackers and understand their incentives. For example, a hacker thinks:

  • How can I steal tokens from the smart contract?
  • How can I freeze the contract, such as lock user funds, disable the depositing/withdrawing process, or disable the upgrade?
  • How can I make the smart contract to send money to the wrong user?
  • How can I change the smart contract’s critical states, such as changing the owner or the validator list?
  • How can I infect the smart contract’s code?
  • How can I claim more refunds than deserved?
  • How can I buy more tokens than permitted?

IDENTIFY POTENTIAL ATTACK SURFACES

Solana contracts have a single entry point defined by the entrypoint! macro, wheres in Solidity every public or external function can be invoked by hackers!

entrypoint!(processX);fn processX(
program_id: &Pubkey,
accounts: &[AccountInfo],
_data: &[u8],
) -> ProgramResult
pub fn processX(program_id: &Pubkey, accounts: &[AccountInfo], input: &[u8]) -> ProgramResult {
let instruction = DeFiInstruction::try_from_slice(input)?;
match instruction {
DeFiInstruction::Initialize {…} => _initialize(…),
DeFiInstruction::Deposit {…} => _deposit(…),
DeFiInstruction::StakeDeposit { … } => _stake_deposit(…),
...
}

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Mo Ashouri

Mo Ashouri

Mo has a Ph.D. in Cyber Security and is the founder of ByteScan.net, a blockchain audit firm. Mo specializes in Solidity, Rust, and Golang.