Lead in: Solana Simplified

Lead in: Solana Simplified

Solana is celebrated for its high speed, low costs, high transaction throughput, and low latency. These features have made it an increasingly favored platform among both users and developers for all kinds of decentralized applications.

To help both readers and developers navigate this robust ecosystem, BlockSec has specially curated the "Solana Simplified" series. This series covers the fundamental concepts of Solana, practical guides on analyzing Solana transactions, and comprehensive tutorials on writing Solana smart contracts. Let's dive in. 🙌

Breaking Down: A Comprehensive Overview

In the first part of this series, let's delve into the key concepts of the Solana network, including its operating mechanisms, account model, and transactions. This will lay the foundation for writing correct and efficient smart contracts on Solana.

In this article, we will guide you through writing a Solana program (i.e., a Solana smart contract) for posting and displaying articles. We will cover everything from environment setup and contract logic to program testing.

In the last part, we will introduce Solana's special token mechanism and teach users how to analyze a simple Solana transaction using Phalcon Explorer.

About BlockSec

BlockSec is a full-stack Web3 security service provider. The company is committed to enhancing security and usability for the emerging Web3 world in order to facilitate its mass adoption. To this end, BlockSec provides smart contract and EVM chain security auditing services, the Phalcon platform for security development and blocking threats proactively, the MetaSleuth platform for fund tracking and investigation, and MetaSuites extension for web3 builders surfing efficiently in the crypto world.

To date, the company has served over 300 clients such as Uniswap Foundation, Compound, Forta, and PancakeSwap, and received tens of millions of US dollars in two rounds of financing from preeminent investors, including Matrix Partners, Vitalbridge Capital, and Fenbushi Capital.

Website: https://blocksec.com/

Email: [email protected]

Twitter:https://twitter.com/BlockSecTeam

MetaSleuth: https://metasleuth.io/

MetaSuites: https://blocksec.com/metasuites

Sign up for the latest updates
#1 Cetus Incident: One Unchecked Shift Drains $223M in the Largest DeFi Hack of 2025

#1 Cetus Incident: One Unchecked Shift Drains $223M in the Largest DeFi Hack of 2025

Cetus Protocol, the largest concentrated-liquidity DEX on Sui, was exploited on May 22, 2025, resulting in an estimated ~$223M loss across multiple liquidity pools. The attacker leveraged a flaw in checked_shlw(), a custom overflow-prevention helper used in fixed-point u256 math, where an incorrect constant and comparison failed to block unsafe left shifts and caused silent truncation of high bits during liquidity delta calculations. By crafting specific liquidity and tick/price-range parameters, the exploit made required deposits appear near-zero while minting an oversized liquidity position, which was later withdrawn to drain real pool reserves.

#2 Bybit Incident: A Web2 Breach Enables the Largest Crypto Hack in History

#2 Bybit Incident: A Web2 Breach Enables the Largest Crypto Hack in History

The largest crypto hack ever, the February 21, 2025 Bybit breach stole about $1.5B after attackers used social engineering to compromise a Safe{Wallet} workflow, injected malicious JavaScript into an AWS S3 bucket, tampered with the transaction signing process, and upgraded Bybit’s Safe{Wallet} contract to a malicious implementation that drained funds across multiple chains.

Weekly Web3 Security Incident Roundup | Jan 25 – Feb 1, 2026

Weekly Web3 Security Incident Roundup | Jan 25 – Feb 1, 2026

During the week of January 25 to February 1, 2026, six blockchain security incidents were reported with total losses of ~$18.05M. These involved improper input validation, token design flaws, key compromises, and business logic errors across DeFi protocols on multiple chains. The primary causes included unchecked user inputs enabling arbitrary calls, flawed burn mechanisms allowing price manipulation, compromised developer tools, and missing solvency checks in lending functions.