Hey Solana devs π
I built Solsec, a Rust-powered CLI that performs static analysis on your Solana smart contracts and catches real vulnerabilities before they hit mainnet.
This isn't just a basic linter. It runs deep security checks and flags critical issues based on actual exploit patterns.
π¨ What it detects:
- π΄ Critical:
- Unchecked account access (e.g., unsafe
transmute, raw pointers) - Privilege escalation (e.g., admin/owner changes without checks)
- Unchecked account access (e.g., unsafe
- π High:
- Reentrancy issues (CPI followed by state changes)
- Missing signer validations
- PDA validation issues
- Insufficient input validation
- π‘ Medium:
- Integer overflow
- Unsafe arithmetic (division by zero, unchecked subtraction)
- π΅ Other checks:
- Lamport manipulation
- Program ID validation
- Missing bump seeds
βοΈ Features:
- Instant scanning of whole projects
- Smart file system traversal (multi-contract layout supported)
- Clear CLI output with line numbers
- No config required
- CI/CD ready (
--fail-on-critical,--format json/html) - Built in Rust, open source, fast as hell
Sample output:
π Running checksβ¦
β οΈ Unchecked unwrap() at programs/myapp/src/lib.rs:42
β Missing account validation for βctx.accounts.authorityβ
β οΈ Potential panic detected in match statement
β
All other checks passed!
If you're building Solana programs especially with Anchor Solsec can save you from hours of painful audits and dangerous bugs.
Would love your thoughts:
- Which rules should I add next?
- Would you use this in your pipeline?
- Got any repos I should test it on?
Letβs make Solana development more secure, together π‘οΈ
#Solana #RustLang #BlockchainSecurity #Web3Dev #AnchorLang
Top comments (0)