The focus of this week's lecture is security on Solana. We are taking a closer look at the most common attack vectors every developer should be familiar with, as well as the Solana runtime policy.
We have prepared a repository containing a list of common attack vector on Solana.
The repository provides:
- Description of each attack.
- Strategy for mitigating the attacks.
- Example programs with proof-of-concept tests to demonstrate the attack vectors.
Important
Executable accounts become immutable when upgrade authority is set to null.
Only the owner of an account may modify its data.
Only the owner of an account may assign a new owner.
Total balances on all the accounts are equal before and after the execution of a transaction.
After the transaction is executed, balances of read-only accounts must be equal to the balances before the transaction.
All instructions in the transaction are executed atomically. If one fails, all account modifications are discarded.
Only the owner may change account size and data. And if the account is writable. And if the account is not executable.
Newly allocated account data is always zeroed out.
Only the owner of an account may subtract its lamports.
Any program account may add lamports to an account.
Rent fees are charged every epoch and are determined by account size.
Accounts with sufficient balance to cover 2 years of rent are exempt from fees.
If you have any questions feel free to reach out to us on Discord.