Resources to help you build better and more secure Solana programs. Kept up to date.
- Solana docs
- Solana courses
- Solana cookbook
- Solana examples supporting multiple frameworks
- Solana bootcamp 2024
- SPL (Solana Program Library) docs: SPL is an official collection of programs to help you build your own Solana program.
If you need a primer on Rust, these resources are for you:
We highly recommend using Anchor, a framework for building secure Solana programs.
- RareSkills' Solana course for Ethereum developers
- 0xkowloon's Anchor for EVM developers
- S3v3ru5's Solana Beginner Notes
-
Helius's blog: Frequently publishes Solana-related content
-
Pine Analytics's Substack: Focuses on deep diving into features of Solana protocols
-
Lucrative_Panda's highly detailed research article that covers all of Solana's security incidents
-
Farouk ELALEM's explanation of how Solana programs work under the hood
-
AlexAlekhinEth's high-level explanation of Solana network architecture
-
Exo Tech's guide for developers on creating auditor-friendly architecture documentation
-
Solana's general common vulnerabilities:
- Solana security course
- Urataps's program examples with vulnerabilities
- Helius's common vulnerabilities
- ImmuneBytes's common Solana attack vectors
- Slowmist's Solana best practices
- Exvul's Solana security guide
- Zigtur's Solana security walkthrough
- M4rio's Solana security walkthrough
- Nirlin's advanced Solana vulnerabilities
-
Token-2022 Security resources:
- Offside's Token-2022 best practices Part 1 and Part 2
- Neodyme's Token-2022 security
Essential:
- Anchor framework
- Solana system program
- Solana token program
- Solana token-2022 program
- Solana ATA (Associated Token Account) program
- Solana token metadata program
- Metaplex's token metadata program
Optional:
- Raydium program: AMM protocol
- Kamino program: Lending protocol
- Squads program: Multisig protocol
- Solana Upgradeable BPF Loader program
- Solana Address Lookup Table program
- Solana playground
- Rust playground
- Sec3's IDL Guesser: Reverse engineers IDL from onchain programs for easier integration
- Trail of Bits's Anchor X-ray: Visualizes accounts in Anchor programs
- John Saigle's Anchor version detector: Helps figure out which versions of Rust, Solana, and Anchor are compatible with a given Anchor project.
- Ackee's Trident: Fuzzing framework for Solana
- Ackee's Solana IDE extension: Automatically detects common security issues in Solana programs and visualizes Trident fuzzing coverage
Solana security audits that are publicly available:
- Orderly on Sherlock: 2 High and 1 Medium
- WOOFi on Sherlock: 2 High and 3 Medium
- Pump Science on Code4rena: 2 High and 3 Medium
- Token22 Confidential Transfer on Code4rena: 7 Low
- Meteora on Code4rena: 2 Medium
NOTE: Contact 0xmorph in the Cantina Discord server to gain read access if you don't have it.
- Grass on Cantina: 13 High and 6 Medium
- Olas on Cantina: 2 High and 3 Medium
- Tensor on Cantina: 5 High and 10 Medium
- ZetaChain on Cantina: 6 High and 27 Medium (partial Solana scope)
- Inclusive Finance on Cantina: 45 High and 25 Medium (partial Solana scope)
- Reserve Index on Cantina: 10 High and 11 Medium
- Solayer on Cantina: 3 High and 6 Medium
- Genius on Cantina: 6 High and 4 Medium (partial Solana scope)
NOTE: First Flights are introductory audit challenges with smaller codebases, designed for beginners to practice finding vulnerabilities.
- RustFund first flight: 4 High and 3 Medium
- SSSwap first flight: 5 High and 4 Medium