pda-integrity
PDA Integrity
Forked from Trail of Bits Solana security skills. Original category alignment: improper PDA validation. Modified by Sealevel Guard and distributed as skill text under CC BY-SA 4.0.
Program-derived address integrity review skill.
Purpose
Detect whether a program's PDA design allows spoofing, role confusion, or weak authority derivation.
Focus
This skill is responsible for:
- insecure seed design,
- improper PDA validation,
More from newmanxbt/sealevel-guard
cpi-risk
Detects whether the program can invoke the wrong program, propagate too much privilege, or trust unsafe callback behavior. Internal specialist module for CPI risk review.
1token-invariants
Detects whether token and vault logic can violate economic or accounting assumptions another agent would rely on. Internal specialist module for token invariant review.
1access-control
Detects whether privileged behavior is exposed to the wrong signer, authority, or account path. Internal specialist module for Solana access-control review.
1account-constraints
Detects whether the program trusts the wrong accounts, owners, or mutability assumptions. Internal specialist module for Anchor account validation review.
1sealevel-guard-review
Orchestrates parallelized Solana trust-gate review to determine whether a codebase or program is safe enough to ship, integrate, or allocate capital through. Use when asked to review, audit, or assess risk of a Solana program.
1governance-upgrade-risk
Detects whether governance or upgrade control is concentrated, weakly separated, or capable of undermining user or integrator trust. Internal specialist module for governance risk review.
1