By name: solana-security description: Guide for Solana/Sealevel security research and where to organize Solana-specific resources in README.md.
Solana Security (Sealevel)
Scope
Use this skill for:
- Solana program auditing (Anchor/native)
- Solana account model pitfalls
- Solana-focused fuzzing / tooling / security references
Key Concepts
- Account model (mutable accounts, ownership, rent/exempt)
- Program Derived Addresses (PDA) and seeds
- Cross-Program Invocation (CPI) security
- Signer vs authority checks
- Serialization, discriminators, and account layout assumptions
Common Bug Classes
- Missing signer/authority validation
- Incorrect PDA derivation or seed collisions
- CPI to untrusted programs
- Account confusion (wrong account passed, mismatched owner)
- Arithmetic / precision issues in token math
Tooling
- Anchor framework and security patterns
- Fuzzers / harnesses (e.g., Trident)
- Program analyzers and disassemblers
Where to Add Links in README
- Solana SDKs/tools:
Development → SDK/Development → Tools - Solana audit checklists:
Security - Solana learning guides:
Blockchain Guide
Rules
- Use English descriptions
- Avoid duplicates across categories
Data Source
For detailed and up-to-date resources, fetch the full list from:
https://raw.githubusercontent.com/gmh5225/awesome-web3-security/refs/heads/main/README.md