We are glad to announce the first release of sec3 X-Ray Premium: an auto-auditing service offered by sec3 (formerly Soteria) team to scan a large list of security vulnerabilities in Solana smart contracts.
sec3 X-Ray Premium has a number of features:
A dashboard of Sec3 Premium is shown below:
The auto-auditor currently detects the following list of Solana-specific SVEs (accumulated by Sec3 team):
The list of SVEs above will be expanded continuously as Sec3 team audits more Solana projects.
Sec3 Premium is currently open to a short list of Pilot (paid) customers.
Each pilot customer will receive an invitation link. The link provides a unique ID to access Sec3 Premium service:
Following are the steps to use the service:
1. Click “Create a new task”:
2. Enter a “Task Name” and provide the “Source Code” (either by a Github url if it is open source, or upload a compressed folder):
3. Click “Create Task” and then “Confirm Payment and Run Task”:
4. Wait for task to complete and then “View Full Report”:
5. Finally, browse the reported vulnerabilities:
Note: Most of the SVEs are semantic or logic issues, thus the reported vulnerabilities are only potential warnings but are not necessarily attacker-exploitable.
To ignore certain warnings: add annotation //#[x-ray(ignore)]
Any statement annotated with it will be ignored. For example:
We expect that sec3 Premium will be used in the development phase to continuously audit Solana programs upon any code change at any time. It will significantly reduce the time and cost of a final manual audit.
Note that the auto-auditor service is not the same as a full manual audit offered by sec3 team. sec3’s full audit relies on human experts to perform exhaustive manual reviews (assisted by in-house X-Ray tools).
The full audit is expected to discover vulnerabilities that are not covered by the auto-auditor.
Sec3 is founded by leading minds in the fields of blockchain security and software verification.