Contributions are most welcome
How to audit Solana smart contracts
- Part 1: A systematic approach - (https://medium.com/coinmonks/how-to-audit-solana-smart-contracts-part-1-a-systematic-approach-56a434f6c9ed)
- Part 2: automated scanning - (https://medium.com/coinmonks/how-to-audit-solana-smart-contracts-part-2-automated-scanning-ceb88830ae6d)
- Part 3: penetration testing - (https://medium.com/coinmonks/how-to-audit-solana-smart-contracts-part-3-penetration-testing-a315b3bbb2d3)
- Part 4: the Anchor framework - (https://medium.com/coinmonks/how-to-audit-solana-smart-contracts-part-4-the-anchor-framework-ef42d944f086)
Secure the Solana Ecosystem
- Hello Solana - (https://blocksecteam.medium.com/secure-the-solana-ecosystem-1-hello-solana-bb7ecc1e6b21)
- Calling Between Programs - (https://blocksecteam.medium.com/secure-the-solana-ecosystem-2-calling-between-programs-5fa3d947c4ed)
- Program Upgrade - (https://blocksecteam.medium.com/secure-the-solana-ecosystem-3-program-upgrade-5590c746016)
- Account Validation - (https://blocksecteam.medium.com/secure-the-solana-ecosystem-4-account-validation-2e28b062de0b)
- Multi-Sig - (https://blocksecteam.medium.com/secure-the-solana-ecosystem-5-multi-sig-99b74bbb3bfe)
- Multi-Sig2 - (https://blocksecteam.medium.com/secure-the-solana-ecosystem-6-multi-sig2-ef3e8d6cfe6f)
- Type Confusion - (https://blocksecteam.medium.com/secure-the-solana-ecosystem-7-type-confusion-90dbc19cd0cb)
- Solana Smart Contracts: Common Pitfalls and How to Avoid Them - (https://blog.neodyme.io/posts/solana_common_pitfalls/)
- From Ethereum smart contracts to Solana programs: two common security pitfalls and beyond - (https://medium.com/coinmonks/from-ethereum-smart-contracts-to-solana-programs-two-common-security-pitfalls-and-beyond-ea5b919ade1c)
- Sealevel Attacks - Common Solana Exploit Codes and Recommendations - (https://github.com/coral-xyz/sealevel-attacks)
- 10 vulnerabilities - A twitter thread about Sealevel Attacks - (https://twitter.com/pencilflip/status/1483880018858201090)
- How to Hack Solana Smart Contracts/Programs - (https://halborn.com/how-to-hack-solana-smart-contracts-programs/)
- Solana: An Auditor's Introduction - (https://osec.io/blog/tutorials/2022-03-14-solana-security-intro/)
- The Story of the Curious Rent Thief - (https://osec.io/blog/reports/2022-08-19-solend-rent-thief/)
- Breakpoint 2021: Think Like an Attacker: Bringing Smart Contracts to Their Break(ing) Point - (https://www.youtube.com/watch?v=vbkhhgeP30I)
- Solana Program Security - Part 1 - (https://research.kudelskisecurity.com/2021/09/15/solana-program-security-part1/)
- Typical and Unique Issues for the NEAR Protocol - (https://0xguard.com/near_protocol/tpost/ja553x8db1-typical-and-unique-issues-for-the-near-p)
- Bonafida Security Assessment by Kudelski Security - (https://github.com/Bonfida/token-vesting/blob/master/audit/Bonfida_SecurityAssessment_Vesting_Final050521.pdf)
- Solana Quantstampt Stake Pool Audit - (https://solana.com/SolanaQuantstampStakePoolAudit.pdf)
- SPL Stake Pool by Neodyme - (https://solana.com/SolanaNeodymeStakePoolAudit.pdf)
- Stake Pool - Solana Foundation by Kudelski Security - (https://solana.com/SolanaKudelskiStakePoolAudit.pdf)
- Solido Audit by Bramah Systems - (https://github.com/ChorusOne/solido/blob/main/audit/2021-07-05-bramah-systems.pdf)
- Lido on Solana - Neodyme - (https://github.com/ChorusOne/solido/blob/main/audit/2021-08-03-neodyme.pdf)
- Anker on Solana - Neodyme - (https://github.com/ChorusOne/solido/blob/main/audit/2022-04-06-neodyme.pdf)
- Saber.so Audit by Bramah Systems - (https://github.com/saber-hq/stable-swap/blob/master/audit/bramah-systems.pdf)
- Quarry by Quantstamp - (https://github.com/QuarryProtocol/quarry/blob/master/audit/quantstamp.pdf)
- Cega Vault by Ottersec - (https://github.com/otter-sec/cega-vault-report/blob/main/cega-vault-audit-public.pdf)
- Port Finance Sundial by Ottersec - (https://github.com/port-finance/sundial/blob/master/audits/port-finance-sundial-audit-public.pdf)
- Jet Governance by Ottersec - (https://github.com/jet-lab/jet-governance/blob/master/reports/jet-governance-audit-public.pdf)
- Marinade Finance by Kudelski - (https://solana.com/solana-security-audit-2019.pdf)
- Soteria - (https://medium.com/coinmonks/soteria-a-vulnerability-scanner-for-solana-smart-contracts-cc202cf17c99)
- Siderophile - (https://github.com/trailofbits/siderophile)
- List of Cargo crates and Tools for auditing rust - (https://www.reddit.com/r/rust/comments/ufwryc/comment/i6w629y/)
- L3X, AI-driven Smart Contract Static Analyzer - (https://github.com/VulnPlanet/l3x)
- Solana CTF Framework by Ottersec - (https://github.com/otter-sec/sol-ctf-framework)
- Solana CTF Challenges by Neodyme - (https://github.com/neodyme-labs/solana-ctf)
- Neodyme Workshop - (https://workshop.neodyme.io/)
- Solana POC Framework - (https://github.com/otter-sec/solana-poc-framework)
- Awesome Solana - (https://github.com/avareum/awesome-solana)
- Setting-up Solana Development Environment - (https://github.com/LearnWithArjun/solana-env-setup)
- How to Build & Deploy Smart Contracts on Solana - (https://www.leewayhertz.com/build-solana-smart-contracts/)
- learn-web3-dapp - (https://github.com/figment-networks/learn-web3-dapp)
- Learning Rust - (https://learning-rust.github.io/docs/a3.hello_world.html)