solana-vulnerability-scanner

Installation

Summary

Scans Solana programs for 6 critical vulnerabilities including arbitrary CPI, improper PDA validation, and missing security checks.

Detects 6 vulnerability patterns: arbitrary CPI, improper PDA validation, missing ownership checks, missing signer checks, sysvar spoofing, and improper instruction introspection
Supports both native Solana and Anchor framework programs with automatic platform detection
Provides detailed findings with vulnerable code snippets, attack scenarios, and specific remediation guidance for each issue
Includes scanning workflow covering CPI security, PDA validation, account validation, signer checks, and instruction introspection patterns

SKILL.md

Solana Vulnerability Scanner

1. Purpose

Systematically scan Solana programs (native and Anchor framework) for platform-specific security vulnerabilities related to cross-program invocations, account validation, and program-derived addresses. This skill encodes 6 critical vulnerability patterns unique to Solana's account model.

2. When to Use This Skill

Auditing Solana programs (native Rust or Anchor)
Reviewing cross-program invocation (CPI) logic
Validating program-derived address (PDA) implementations
Pre-launch security assessment of Solana protocols
Reviewing account validation patterns
Assessing instruction introspection logic

3. Platform Detection

File Extensions & Indicators

Rust files: .rs

Related skills

More from trailofbits/skills

Installs

2.5K

Repository

trailofbits/skills

GitHub Stars

5.1K

First Seen

Jan 19, 2026

Security Audits

Gen Agent Trust HubPass

SocketPass

SnykPass

solana-vulnerability-scanner

Solana Vulnerability Scanner

1. Purpose

2. When to Use This Skill

3. Platform Detection

File Extensions & Indicators

More from trailofbits/skills

ask-questions-if-underspecified

semgrep

modern-python

codeql

insecure-defaults

secure-workflow-guide