May 23, 2022
Solana programs Part 3: understanding Metaplex Token Metadata
In this article, we elaborate on the implementation details of token-metadata.
April 11, 2022
Solana Programs Part 2: Understanding SPL Associated Token Account
Following Part 1: understanding SPL Token Mint, this article introduces the technical details of the SPL associated token program, another popular official Solana smart contract.
April 1, 2022
On a $20M Bug in Jet Protocol
Recently, Charlie You disclosed a vulnerability in the Jet Protocol. The vulnerability would have caused $20m loss of Jet users’ funds if exploited. Fortunately, Jet patched it before any user was affected. Soteria team identified something tricky in Jet-v1’s code and had a discussion with Charlie shortly after the disclosure. It turns out that the vulnerability has a different cause (unexpected by Charlie)
March 24, 2022
CashioApp Attack — What’s the Vulnerability and How Soteria Detects It
The Cashio stablecoin (CASH) protocol recently lost $50M in an attack. The attacker was able to mint 2,000,000,000 CASH tokens for almost free. The root cause is a vulnerability in the Cashio’s brrr smart contract. Soteria team conducted an in-depth analysis of the attack. Importantly, the vulnerability can be automatically detected by Soteria’s Premium Auto Auditor. This article elaborates on the details.
March 21, 2022
Solana Programs Part 1: Understanding SPL Token Mint
Most user-deployed Solana smart contracts (directly or transitively) use the token program to mint/transfer/burn tokens (i.e., SPL tokens). SPL tokens are similar to ERC20/ERC721 token with tricky differences. In this article, we elaborate on the SPL tokens and introduce the internals of the most commonly used instructions in the token program.