GitHub

Common Security Exploits

Sealevel Attacks

Anchor uses a lot of magic to help eliminate footguns, but if you're shipping anything to mainnet, it's important you understand every bit of that magic and the motivation behind it. A list of common attacks can be found here, providing three different examples for each example attack

  1. insecure - represents flawed code that may be insecure
  2. secure - represents a fix
  3. recommended - represents a fix with idiomatic Anchor code

Note that none of these examples are not necessarily secure, but they are meant to showcase a specific issue and a recommended fix in isolation. One can find some nice explanations of these sealevel attacks here. It's strongly recommended to study each of these cases when building protocols on Solana.

Previous
Tic-Tac-Toe