← ClaudeAtlas

solana-securitylisted

Audit Solana programs (Anchor or native Rust) for security vulnerabilities. Use when reviewing smart contract security, finding exploits, analyzing attack vectors, performing security assessments, or when explicitly asked to audit, review security, check for bugs, or find vulnerabilities in Solana programs.
tenequm/skills · ★ 28 · AI & Automation · score 85
Install: claude install-skill tenequm/skills
# Solana Security Auditing Systematic security review framework for Solana programs, supporting both Anchor and native Rust implementations. ## Review Process Follow this systematic 5-step process for comprehensive security audits: ### Step 1: Initial Assessment Understand the program's context and structure: - **Framework**: Anchor vs Native Rust (check for `use anchor_lang::prelude::*`) - **Anchor version**: Check `Cargo.toml` for compatibility and known issues - **Dependencies**: Oracles (Pyth, Switchboard), external programs, token programs - **Program structure**: Count instructions, identify account types, analyze state management - **Complexity**: Lines of code, instruction count, PDA patterns - **Purpose**: DeFi, NFT, governance, gaming, etc. ### Step 2: Systematic Security Review For each instruction, perform security checks in this order: 1. **Account Validation** - Verify signer, owner, writable, and initialization checks 2. **Arithmetic Safety** - Check all math operations use `checked_*` methods 3. **PDA Security** - Validate canonical bumps and seed uniqueness 4. **CPI Security** - Ensure cross-program invocations validate target programs 5. **Oracle/External Data** - Verify price staleness and oracle status checks **→ See [references/security-checklists.md](references/security-checklists.md) for detailed checklists** ### Step 3: Vulnerability Pattern Detection Scan for common vulnerability patterns: - Type cosplay attacks - Account reloading issues