Engineering
solana-vulnerability-scanner avatar

solana-vulnerability-scanner

Scans Solana programs (native/Anchor) for 6 critical vulnerabilities, including arbitrary CPI, improper PDA validation, and missing ownership checks, providing detailed fix recommendations.

CourseVibe Coding & Tech Startup CourseTurn ideas into shipped products with AI-assisted coding and startup essentials—structured lessons, hands-on builds, and a clear path from prototype to launch. Open the course page for the full syllabus, format, and how to join.View syllabus & course details →

Introduction

The Solana Vulnerability Scanner is a specialized security tool designed for auditors, developers, and security researchers working with the Solana blockchain. It automates the detection of common, high-impact security pitfalls found in both native Rust programs and those developed using the Anchor framework. By identifying patterns related to account validation, cross-program invocation (CPI), and program-derived addresses (PDA), this skill helps secure smart contracts before deployment or during periodic security assessments. It provides a systematic workflow to ensure that account authorization, owner checks, and instruction introspection logic adhere to security best practices.

  • Detects 6 critical Solana-specific vulnerability patterns: Arbitrary CPI, Improper PDA Validation, Missing Ownership Checks, Missing Signer Checks, Sysvar Account Spoofing, and Improper Instruction Introspection.

  • Provides actionable remediation guidance, including file-specific locations and suggested code fixes for detected vulnerabilities.

  • Facilitates platform-specific security reviews, confirming correct usage of anchor-lang and solana-program entrypoints.

  • Integrates with standard developer workflows, allowing for local execution against Anchor.toml projects, Cargo.toml dependencies, and specific program directories.

  • Validates secure account validation patterns, checking for proper usage of Signer, Account, and Seeds constraints.

  • Best suited for pre-launch audits, ongoing program security maintenance, and code review processes.

  • Operates by scanning Rust source files and program logic, requiring standard access to the project structure and build files.

  • Users should expect output in a structured format, highlighting the vulnerability type, severity, location in the code, and a description of the risk.

  • Requires familiarity with Solana development terminology such as Program Derived Addresses, CPI calls, Sysvars, and Anchor constraints to effectively interpret findings.

  • Constrained to Solana ecosystem security; it is intended to complement manual code reviews and Trail of Bits Solana Lints, not replace deep architectural analysis.

Repository Stats

Stars
4,882
Forks
424
Open Issues
21
Language
Python
Default Branch
main
Sync Status
Idle
Last Synced
Apr 29, 2026, 12:56 PM
View on GitHub