solana-security

# Solana Security Auditing

Systematic security review framework for Solana programs, supporting both Anchor and native Rust implementations.

## Review Process

Follow this systematic 5-step process for comprehensive security audits:

### Step 1: Initial Assessment

Understand the program's context and structure:

- **Framework**: Anchor vs Native Rust (check for `use anchor_lang::prelude::*`)
- **Anchor version**: Check `Cargo.toml` for compatibility and known issues
- **Dependencies**: Oracles (Pyth, Switchboard), external programs, token programs
- **Program structure**: Count instructions, identify account types, analyze state management
- **Complexity**: Lines of code, instruction count, PDA patterns
- **Purpose**: DeFi, NFT, governance, gaming, etc.

### Step 2: Systematic Security Review

For each instruction, perform security checks in this order:

1. **Account Validation** - Verify signer, owner, writable, and initialization checks
2. **Arithmetic Safety** - Check all math operations use `checked_*` methods
3. **PDA Security** - Validate canonical bumps and seed uniqueness
4. **CPI Security** - Ensure cross-program invocations validate target programs
5. **Oracle/External Data** - Verify price staleness and oracle status checks

**→ See [references/security-checklists.md](references/security-checklists.md) for detailed checklists**

### Step 3: Vulnerability Pattern Detection

Scan for common vulnerability patterns:

- Type cosplay attacks
- Account reloading issues
- Improper account closing
- Missing lamports checks
- PDA substitution attacks
- Arbitrary CPI vulnerabilities
- Missing ownership validation
- Integer overflow/underflow

**→ See [references/vulnerability-patterns.md](references/vulnerability-patterns.md) for code examples and exploit scenarios**

### Step 4: Architecture and Testing Review

Evaluate overall design quality:

- PDA design patterns and collision prevention
- Account space allocation and rent exemption
- Error handling approach