How to audit Solana smart contracts Part 3: penetration testing
In this article, we introduce a few penetration testing tools to help detect vulnerabilities in Solana or Rust programs in general.
- Solana PoC Framework: a framework for creating PoCs for Solana Smart Contracts developed by Neodyme.
- afl.rs: a fuzz testing tool for Rust programs based on AFL
- cargo-fuzz:
cargo
subcommand for fuzzing withlibFuzzer
and LLVM sanitizers. - cargo-tarpaulin: a code coverage reporting tool for Rust projects
Solana PoC Framework
The poc-framework provides a convenient way to simulate transactions in a local environment. To illustrate its usage, we will use an example provided by Neodyme on Github.
We first run soteria -analyzeAll .
to get a list of potential vulnerabilities, for which we then use the poc-framework to construct exploits. In particular, Soteria reports the following issue:
In fact, this is a known vulnerability (line 104 a missing ownership check) in the level0 contract. In the next three steps, we will construct a PoC to exploit this…