Soteria — A vulnerability scanner for Solana smart contracts
Published in
3 min readOct 8, 2021
Solana is a fast-growing blockchain with a unique type of smart contracts — called Solana programs. This article introduces Soteria, a security tool that automatically scans Solana programs to detect common security pitfalls.
Common pitfalls in Solana smart contracts
Neodyme recently collected a list of common pitfalls in Solana smart contracts, falling into five categories:
- Missing ownership check
- Missing signer check
- Solana account confusions
- Arbitrary signed program invocation
- Integer overflow & underflow
As an example, the code below illustrates a common pitfall of missing signer check.
fn update_admin(accounts: &[AccountInfo], admin: [u8; 32]) -> ProgramResult {
let acc_iter = &mut accounts.iter();
let admin_info = next_account_info(acc_iter)?;
let staking_info = next_account_info(acc_iter)?;
// if !admin_info.is_signer {
// return Err(ProgramError::MissingRequiredSignature);
// }
let mut staking = StakingInfo::try_from_slice(&staking_info.data.borrow())?;
if staking.admin == [0; 32] {
staking.admin = admin;
} else if staking.admin == admin_info.key.to_bytes() {
staking.admin = admin;
} else {
return…