Solana Vulnerability Scanner

What it does

The solana-vulnerability-scanner skill analyzes Solana programs for common security vulnerabilities. It identifies potential issues like instruction signature verification bypasses, oracle manipulation, and improper access control within smart contracts deployed on the Solana blockchain. This allows developers to proactively address weaknesses before they can be exploited.

When to use it

• Auditing new Solana programs: Before deploying a program to mainnet, scan for vulnerabilities.
• Reviewing existing Solana programs: Regularly check deployed programs for newly discovered vulnerability patterns.
• Analyzing open-source Solana projects: Assess the security posture of third-party code before integrating it into your own applications.
• Responding to security concerns: Investigate potential vulnerabilities reported by community members or internal teams.

Key capabilities

• Solana program analysis
• Vulnerability detection
• Identification of common smart contract flaws (e.g., signature verification bypasses, oracle manipulation)
• Support for various Solana instruction patterns

Example prompts

• "Scan the Solana program BpMP5DeBEEsyo1Gbuh6DRu2tSW98CmfWq7hKqUaJpR4o for vulnerabilities."
• "Analyze this Solana program code snippet and identify any potential security risks: [paste code here]"
• “What are the common vulnerability patterns found in Solana programs?”

Tips & gotchas

The skill requires a working understanding of Solana blockchain architecture and smart contract principles to effectively interpret results. It's recommended to combine this tool with manual code review for comprehensive security assessments.