In this series, "Secure the Solana Ecosystem," we delve into various aspects of security on the Solana blockchain. Starting with foundational concepts, the series progresses through more nuanced topics such as cross-program interactions, account validations, and handling of complex features like multi-signature mechanisms and type safety. Each article is designed to build upon the last, providing developers with a comprehensive understanding of how to enhance security and efficiency when working with Solana.
Breaking Down: A Comprehensive Overview
In this article, we briefly introduce the backround of the solana, and go through the sample project (i.e., Hello World ). We learn about how to deploy a program on Solana, and how to use the client to interact with the on-chain program.
In this article, we introduce how to implement the cross-program invocation via the function invoke(). We also use different examples to illustrate the differences between invoke() and invoke_signed().
In this article, we introduce how a program can be upgraded in Solana. We use different examples to illustrate the detail process.
In Solana, instructions implement specified logic based on different accounts, which are feed by clients or the other programs. Therefore, the proper check on the accounts is rather important. In this article, we introduce how to properly check the account and use two attack scenarios to illustrate the importance of these checks.
In this article, we introduce the simple implementation of the multi-sig in Solana. It’s for the scenario that you are able to collect the signatures from multiple users off-chain. The scenario that the transactions are required to be signed fully on-chain will be introduced later.
In this article, we introduce the general implementation of the multisig in Solana. The implementation makes use of the feature of PDA, which enables the program to sign the transaction by PDA automatically when the number of valid signatures meets the requirement.
In this article, we introduce the problem of type confusion in Solana. There are many ways to avoid this problem. For example, we can add one attribute to record the type of the account in the struct, and the program should always check the type attribute before reading/writing from/to the account passed in.
About BlockSec
BlockSec is a pioneering blockchain security company established in 2021 by a group of globally distinguished security experts. The company is committed to enhancing security and usability for the emerging Web3 world in order to facilitate its mass adoption. To this end, BlockSec provides smart contract and EVM chain security auditing services, the Phalcon platform for security development and blocking threats proactively, the MetaSleuth platform for fund tracking and investigation, and MetaSuites extension for web3 builders surfing efficiently in the crypto world.
To date, the company has served over 300 esteemed clients such as MetaMask, Uniswap Foundation, Compound, Forta, and PancakeSwap, and received tens of millions of US dollars in two rounds of financing from preeminent investors, including Matrix Partners, Vitalbridge Capital, and Fenbushi Capital.
Official website: https://blocksec.com/
Official Twitter account: https://twitter.com/BlockSecTeam
