July 6, 2022
Security of Solana Smart Contracts: why you should always validate PDA Bump Seeds
The same seeds with multiple valid bumps can have crucial security implication: PDAs can be faked if their bump seeds are not validated
June 13, 2022
Bidirectional Rounding: A Common Security Vulnerability in Defi Smart Contracts
If a smart contract has a bidirectional function or functions (e.g., swap between a pair of tokens or mint/redeem a token) and the function uses the same rounding operation over arithmetic results in both directions, then the function is likely vulnerable to two-way trading attacks.
June 5, 2022
On Smart Contracts: Why Solana Is More Secure?
While Solana’s core runtime is still under rapid development, its design of smart contracts has been fairly stable. In this article, I’d like to elaborate why Solana is more secure from the perspective of smart contracts.
May 29, 2022
Solana Programs Part 4: Metaplex Candy Machine — How Does It Work?
The Metaplex Candy Machine is among the most popular smart contracts used for NFT minting on Solana. Recently, it has even implemented sophisticated logic for detecting and taxing bots. How does the candy machine program work internally? What are its intended use cases and dependencies? How does it detect bots? This article elaborates on these technical details.
May 24, 2022
Sec3 Pro Auto Auditor: General Public Release
We are glad to announce the general public release of Sec3 Premium (formerly Soteria) — the premier security analysis service for Solana smart contracts.