└── README.md


/README.md:
--------------------------------------------------------------------------------
  1 | # Awesome Solana Security
  2 | **Contributions are most welcome**
  3 | 
  4 | ## **Blogs on Audit Techniques and Vulnerabilities**
  5 | 
  6 | ### **Soteria/Sec3 Series**
  7 | 
  8 | **How to audit Solana smart contracts**
  9 | 
 10 | 1. Part 1: A systematic approach - (https://medium.com/coinmonks/how-to-audit-solana-smart-contracts-part-1-a-systematic-approach-56a434f6c9ed)
 11 | 2. Part 2: automated scanning - (https://medium.com/coinmonks/how-to-audit-solana-smart-contracts-part-2-automated-scanning-ceb88830ae6d)
 12 | 3. Part 3: penetration testing - (https://medium.com/coinmonks/how-to-audit-solana-smart-contracts-part-3-penetration-testing-a315b3bbb2d3)
 13 | 4. Part 4: the Anchor framework - (https://medium.com/coinmonks/how-to-audit-solana-smart-contracts-part-4-the-anchor-framework-ef42d944f086)
 14 | 
 15 | ---
 16 | 
 17 | ### **BlockSec Series**
 18 | 
 19 | **Secure the Solana Ecosystem**
 20 | 
 21 | 1. Hello Solana - (https://blocksecteam.medium.com/secure-the-solana-ecosystem-1-hello-solana-bb7ecc1e6b21)
 22 | 2. Calling Between Programs - (https://blocksecteam.medium.com/secure-the-solana-ecosystem-2-calling-between-programs-5fa3d947c4ed)
 23 | 3. Program Upgrade - (https://blocksecteam.medium.com/secure-the-solana-ecosystem-3-program-upgrade-5590c746016)
 24 | 4. Account Validation - (https://blocksecteam.medium.com/secure-the-solana-ecosystem-4-account-validation-2e28b062de0b)
 25 | 5. Multi-Sig - (https://blocksecteam.medium.com/secure-the-solana-ecosystem-5-multi-sig-99b74bbb3bfe)
 26 | 6. Multi-Sig2 - (https://blocksecteam.medium.com/secure-the-solana-ecosystem-6-multi-sig2-ef3e8d6cfe6f)
 27 | 7. Type Confusion - (https://blocksecteam.medium.com/secure-the-solana-ecosystem-7-type-confusion-90dbc19cd0cb)
 28 | 
 29 | ---
 30 | 
 31 | ### **Blogs and Articles**
 32 | 
 33 | 1. Solana Smart Contracts: Common Pitfalls and How to Avoid Them - (https://blog.neodyme.io/posts/solana_common_pitfalls/)
 34 | 2. From Ethereum smart contracts to Solana programs: two common security pitfalls and beyond - (https://medium.com/coinmonks/from-ethereum-smart-contracts-to-solana-programs-two-common-security-pitfalls-and-beyond-ea5b919ade1c)
 35 | 3. Sealevel Attacks - Common Solana Exploit Codes and Recommendations - (https://github.com/coral-xyz/sealevel-attacks)
 36 | 4. 10 vulnerabilities - A twitter thread about Sealevel Attacks - (https://twitter.com/pencilflip/status/1483880018858201090)
 37 | 5. How to Hack Solana Smart Contracts/Programs - (https://halborn.com/how-to-hack-solana-smart-contracts-programs/)
 38 | 6. Solana: An Auditor's Introduction - (https://osec.io/blog/tutorials/2022-03-14-solana-security-intro/)
 39 | 7. The Story of the Curious Rent Thief - (https://osec.io/blog/reports/2022-08-19-solend-rent-thief/)
 40 | 8. Breakpoint 2021: Think Like an Attacker: Bringing Smart Contracts to Their Break(ing) Point - (https://www.youtube.com/watch?v=vbkhhgeP30I)
 41 | 9. Solana Program Security - Part 1 - (https://research.kudelskisecurity.com/2021/09/15/solana-program-security-part1/)
 42 | 10. Typical and Unique Issues for the NEAR Protocol - (https://0xguard.com/near_protocol/tpost/ja553x8db1-typical-and-unique-issues-for-the-near-p)
 43 | 
 44 | 
 45 | ---
 46 | 
 47 | ## Audit Reports
 48 | 
 49 | 1. Bonafida Security Assessment by Kudelski Security - (https://github.com/Bonfida/token-vesting/blob/master/audit/Bonfida_SecurityAssessment_Vesting_Final050521.pdf)
 50 | 2. Solana Quantstampt Stake Pool Audit - (https://solana.com/SolanaQuantstampStakePoolAudit.pdf)
 51 | 3. SPL Stake Pool by Neodyme - (https://solana.com/SolanaNeodymeStakePoolAudit.pdf)
 52 | 4. Stake Pool - Solana Foundation by Kudelski Security - (https://solana.com/SolanaKudelskiStakePoolAudit.pdf)
 53 | 5. Solido Audit by Bramah Systems - (https://github.com/ChorusOne/solido/blob/main/audit/2021-07-05-bramah-systems.pdf)
 54 | 6. Lido on Solana - Neodyme - (https://github.com/ChorusOne/solido/blob/main/audit/2021-08-03-neodyme.pdf)
 55 | 7. Anker on Solana - Neodyme - (https://github.com/ChorusOne/solido/blob/main/audit/2022-04-06-neodyme.pdf)
 56 | 8. Saber.so Audit by Bramah Systems - (https://github.com/saber-hq/stable-swap/blob/master/audit/bramah-systems.pdf)
 57 | 9. Quarry by Quantstamp - (https://github.com/QuarryProtocol/quarry/blob/master/audit/quantstamp.pdf)
 58 | 10. Cega Vault by Ottersec - (https://github.com/otter-sec/cega-vault-report/blob/main/cega-vault-audit-public.pdf)
 59 | 11. Port Finance Sundial by Ottersec - (https://github.com/port-finance/sundial/blob/master/audits/port-finance-sundial-audit-public.pdf)
 60 | 12. Jet Governance by Ottersec - (https://github.com/jet-lab/jet-governance/blob/master/reports/jet-governance-audit-public.pdf)
 61 | 13. Marinade Finance by Kudelski - (https://solana.com/solana-security-audit-2019.pdf)
 62 | ---
 63 | 
 64 | ## Solana Real-life Exploits and Hacks
 65 | 
 66 | ---
 67 | 
 68 | ## Scanners and Tools
 69 | 
 70 | 1. Soteria - (https://medium.com/coinmonks/soteria-a-vulnerability-scanner-for-solana-smart-contracts-cc202cf17c99)
 71 | 2. Siderophile - (https://github.com/trailofbits/siderophile)
 72 | 3. List of Cargo crates and Tools for auditing rust - (https://www.reddit.com/r/rust/comments/ufwryc/comment/i6w629y/)
 73 | 4. L3X, AI-driven Smart Contract Static Analyzer - (https://github.com/VulnPlanet/l3x)
 74 | ---
 75 | 
 76 | ## CTFs
 77 | 
 78 | 1. Solana CTF Framework by Ottersec - (https://github.com/otter-sec/sol-ctf-framework)
 79 | 2. Solana CTF Challenges by Neodyme - (https://github.com/neodyme-labs/solana-ctf)
 80 | 3. Neodyme Workshop - (https://workshop.neodyme.io/)
 81 | 
 82 | 
 83 | ---
 84 | 
 85 | ## Interesting Github Repositories
 86 | 
 87 | 1. Solana POC Framework - (https://github.com/otter-sec/solana-poc-framework)
 88 | 2. Awesome Solana - (https://github.com/avareum/awesome-solana)
 89 | 
 90 | ---
 91 | 
 92 | ## Beginner-friendly Development Resources
 93 | 
 94 | 1. Setting-up Solana Development Environment - (https://github.com/LearnWithArjun/solana-env-setup)
 95 | 2. How to Build & Deploy Smart Contracts on Solana - (https://www.leewayhertz.com/build-solana-smart-contracts/)
 96 | 3. learn-web3-dapp - (https://github.com/figment-networks/learn-web3-dapp)
 97 | 4. Learning Rust - (https://learning-rust.github.io/docs/a3.hello_world.html)
 98 | 
 99 | ---
100 | 


--------------------------------------------------------------------------------