Solana's speed is a double-edged sword for AI agents. 400ms block times and $0.0001 fees mean your agent can execute thousands of transactions before you notice something's wrong. On Ethereum, high gas costs create natural friction. On Solana, there's nothing to slow down a runaway agent.
This guide covers Solana-specific security considerations for AI agents and how to integrate PolicyLayer.
Solana vs Ethereum: Security Implications
| Factor | Ethereum | Solana | Risk Impact |
|---|---|---|---|
| Block time | 12 seconds | 400ms | 30x faster drain |
| Transaction cost | $1-50 | $0.0001 | No cost friction |
| Account model | EOA + Contracts | Programs + Accounts | Different attack surface |
| Finality | ~15 minutes | ~1 second | Faster irreversibility |
What this means: An AI agent on Solana can drain a wallet in minutes, not hours. Speed requires stronger controls.
Solana-Specific Threats
1. Rapid Transaction Flooding
With 400ms blocks and near-zero fees, an agent can execute:
- 150 transactions per minute
- 9,000 transactions per hour
- 216,000 transactions per day
Without velocity limits, your wallet empties before alerts trigger.
2. Token Account Proliferation
Solana uses Associated Token Accounts (ATAs). An agent can:
- Create ATAs for hundreds of tokens
- Drain native SOL to fund ATA creation
- Leave behind orphaned accounts eating rent
3. Program Interaction Risks
Unlike Ethereum's contract calls, Solana programs can:
- Modify multiple accounts in one transaction
- Execute cross-program invocations (CPIs)
- Create/close accounts dynamically
An agent interacting with a malicious program can lose funds in ways that don't exist on Ethereum.
Integrating PolicyLayer with Solana
Setup
import { PolicyWallet } from '@policylayer/sdk';
import { Connection, Keypair } from '@solana/web3.js';
// Create Solana connection
const connection = new Connection(
process.env.SOLANA_RPC_URL,
'confirmed'
);
// Load wallet keypair
const keypair = Keypair.fromSecretKey(
Buffer.from(JSON.parse(process.env.SOLANA_PRIVATE_KEY))
);
// Create PolicyWallet with Solana adapter
const wallet = new PolicyWallet(
await createSolanaAdapter(keypair, connection),
{
apiKey: process.env.POLICYLAYER_API_KEY,
metadata: {
orgId: 'production',
agentId: 'solana-trading-bot',
chain: 'solana'
}
}
);
Solana-Specific Policy Configuration
{
"name": "solana-agent-policy",
"chain": "solana",
"limits": {
"perTransactionLimit": "10000000000",
"dailyLimit": "100000000000",
"hourlyLimit": "25000000000",
"maxTxPerHour": 100,
"maxTxPerMinute": 10
},
"assets": {
"sol": {
"perTransactionLimit": "100000000",
"dailyLimit": "1000000000"
},
"usdc": {
"perTransactionLimit": "10000000000",
"dailyLimit": "100000000000"
}
},
"programWhitelist": [
"JUP6LkbZbjS1jKKwapdHNy74zcZ3tLUZoi5QNyVTaV4",
"whirLbMiicVdio4qvUfM5KAg6Ct8VwpYzGff3uctyCc"
]
}
Key differences from Ethereum policies:
-
maxTxPerMinute: Critical for Solana's speed -
programWhitelist: Restricts which programs the agent can interact with - Asset-specific limits: SOL and SPL tokens have separate budgets
Sending SOL
const result = await wallet.send({
chain: 'solana',
asset: 'sol',
to: recipientPubkey,
amount: '100000000', // 0.1 SOL (9 decimals)
});
console.log(`Transaction: ${result.txHash}`);
Sending SPL Tokens
const result = await wallet.send({
chain: 'solana',
asset: 'usdc',
to: recipientPubkey,
amount: '1000000', // 1 USDC (6 decimals)
// PolicyLayer handles ATA creation if needed
});
Program Interactions
For complex program interactions (swaps, lending, etc.):
// PolicyLayer validates the intent before execution
const swapResult = await wallet.executeProgram({
program: 'JUP6LkbZbjS1jKKwapdHNy74zcZ3tLUZoi5QNyVTaV4', // Jupiter
instruction: 'swap',
accounts: [
{ pubkey: inputMint, isSigner: false, isWritable: false },
{ pubkey: outputMint, isSigner: false, isWritable: false },
// ... other accounts
],
data: swapInstructionData,
expectedOutcome: {
maxInputAmount: '10000000', // Max 10 USDC in
minOutputAmount: '9500000' // Min 9.5 USDC out
}
});
PolicyLayer validates:
- Program is in whitelist
- Input amount is within limits
- Slippage is acceptable
Velocity Controls for Solana
Given Solana's speed, velocity limits are essential:
// Configure aggressive rate limiting
const policy = {
velocityLimits: {
maxTxPerSecond: 1, // 1 TPS max
maxTxPerMinute: 10, // 10 TPM max
maxTxPerHour: 100, // 100 TPH max
cooldownOnReject: 60000 // 1 minute cooldown after rejection
}
};
Why these limits:
- Prevents rapid drain scenarios
- Creates natural friction without blocking legitimate use
- Allows human intervention during anomalies
Monitoring Solana Agents
Track transaction velocity in real-time:
// Subscribe to agent activity
const monitoring = await policyLayer.subscribeToAgent('solana-bot', {
onTransaction: (tx) => {
console.log(`TX: ${tx.hash} - ${tx.amount} ${tx.asset}`);
},
onRejection: (rejection) => {
console.warn(`BLOCKED: ${rejection.reason}`);
// Alert ops team for rapid rejections
if (rejection.reason === 'VELOCITY_LIMIT') {
alertOps('Agent hitting velocity limits');
}
},
onDailyLimitApproaching: (percent) => {
if (percent > 80) {
alertOps(`Agent at ${percent}% of daily limit`);
}
}
});
Emergency Procedures
Kill Switch
// Instantly stop all Solana transactions
await policyLayer.killSwitch.activate({
scope: 'agent',
agentId: 'solana-trading-bot',
reason: 'Anomalous transaction pattern detected'
});
Transaction Review Mode
For suspicious activity, enable human-in-the-loop:
// Temporarily require approval for all transactions
await policyLayer.setApprovalMode({
agentId: 'solana-trading-bot',
mode: 'manual', // All transactions require human approval
duration: 3600 // For 1 hour
});
Common Pitfalls
1. Ignoring Rent
Solana accounts require rent. Ensure your policy accounts for:
- Rent for new token accounts
- Rent recovery when closing accounts
- Minimum balance requirements
2. Fee Spikes During Congestion
During high congestion, priority fees spike. Your policy should:
- Set maximum fee limits
- Account for fee variability
- Not block legitimate high-priority transactions
3. CPI Depth Attacks
Programs can call other programs (CPIs). Validate:
- Which programs are in your whitelist
- What CPIs those programs might make
- Depth limits for CPI chains
Related Reading
- Two-Gate Enforcement — How PolicyLayer validates intents
- Policy Enforcement Latency — Performance benchmarks
- The Kill Switch — Emergency controls
Ready to secure your Solana agents?
- Quick Start Guide — Production-ready in 5 minutes
- Solana SDK Documentation — Solana-specific features
- GitHub — Open source SDK
Top comments (0)