Catch Solana smart contract bugs before they hit mainnet - Solsec CLI tool in Rust

Hey Solana devs 👋

I built Solsec, a Rust-powered CLI that performs static analysis on your Solana smart contracts and catches real vulnerabilities before they hit mainnet.

This isn't just a basic linter. It runs deep security checks and flags critical issues based on actual exploit patterns.

🚨 What it detects:

• 🔴 Critical:
  • Unchecked account access (e.g., unsafe transmute, raw pointers)
  • Privilege escalation (e.g., admin/owner changes without checks)
• 🟠 High:
  • Reentrancy issues (CPI followed by state changes)
  • Missing signer validations
  • PDA validation issues
  • Insufficient input validation
• 🟡 Medium:
  • Integer overflow
  • Unsafe arithmetic (division by zero, unchecked subtraction)
• 🔵 Other checks:
  • Lamport manipulation
  • Program ID validation
  • Missing bump seeds

⚙️ Features:

• Instant scanning of whole projects
• Smart file system traversal (multi-contract layout supported)
• Clear CLI output with line numbers
• No config required
• CI/CD ready (--fail-on-critical, --format json/html)
• Built in Rust, open source, fast as hell

📦 crates.io

🛠 GitHub

Sample output:

🔍 Running checks…
⚠️ Unchecked unwrap() at programs/myapp/src/lib.rs:42
❌ Missing account validation for ‘ctx.accounts.authority’
⚠️ Potential panic detected in match statement
✅ All other checks passed!

If you're building Solana programs especially with Anchor Solsec can save you from hours of painful audits and dangerous bugs.

Would love your thoughts:

• Which rules should I add next?
• Would you use this in your pipeline?
• Got any repos I should test it on?

Let’s make Solana development more secure, together 🛡️

#Solana #RustLang #BlockchainSecurity #Web3Dev #AnchorLang