Skip to content

bbresearcher/solO

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
templates
templates
 
 
README.md
README.md
 
 
lib.rs
lib.rs
 
 
solO.py
solO.py
 
 
solOReport.md
solOReport.md
 
 

Repository files navigation

Disclaimer: #I DO NOT WARRANTY THIS CODE TO BE BUG FREE OR TO BE FIT FOR PURPOSE, RUNNING solO AGAINST A PROJECT DOES NOT GUARANTEE THAT THE PROJECT IS SECURE AND/OR BUG FREE

Would this be of any value for Solana projects/Audits if the code was written using Anchor?

  • It pulls out all the Solana account definitions to make them visible to the researcher
  • It can scan the code based on a easy template created by the researcher for any static vulnerabilities.

I would like to take it further to check the account definitions for safety eg. no Signer account, or highlight that the definition closes the account so its obvious, and use the anchor definitions to maybe add more information.

run the demo with python3 solO.py . ./templates/

Example Project

solO Report

  • Running solO against directory: .
  • Rules templates directory set as : ./templates/

Rust files found:

[^] lib.rs

File: ./lib.rs

🔷 #: Account Object found: SomeRandomType

➡️ Struct has instuction inputs of : [instruction(inValOne: String, inValTwo: String)]

📋 Anchor account member below has attributes:

  • init,
  • seeds=[inValOne.as_bytes(), initializer.key().as_ref()],
  • bump,
  • payer = initializer,
  • space = DISCRIMINATOR + DemoState::INIT_SPACE

🔴 [STRUCT FIELD:] demo_state of type Account<'info, DemoState>,

📋 Anchor account member below has attributes:

  • mut

🔴 [STRUCT FIELD:] initializer of type Signer<'info>,

🔴 [STRUCT FIELD:] system_program of type Program<'info, System>,

🔷 #: Account Object found: SomeOtherType

➡️ Struct has instuction inputs of : [instruction(inValOne:String)]

📋 Anchor account member below has attributes:

  • mut
  • mut,
  • seeds = [inValOne.as_bytes(), initializer.key().as_ref()],
  • bump,

🔴 [STRUCT FIELD:] demo_state of type Account<'info, DemoState>,

📋 Anchor account member below has attributes:

  • mut

🔴 [STRUCT FIELD:] initializer of type Signer<'info>,

🔴 [STRUCT FIELD:] system_program of type Program<'info, System>,

🔷 #: Account Object found: LastRandomType

➡️ Struct has instuction inputs of : [instruction(inValOne: String)]

📋 Anchor account member below has attributes:

  • mut
  • mut,
  • seeds=[inValOne.as_bytes(), initializer.key().as_ref()],
  • bump,
  • close=initializer

🔴 [STRUCT FIELD:] demo_state of type Account<'info, DemoState>,

📋 Anchor account member below has attributes:

  • mut

🔴 [STRUCT FIELD:] initializer of type Signer<'info>,

🔴 [STRUCT FIELD:] system_program of type Program<'info, System>

Rule checks returned the list of code to check below:

File: ./lib.rs

#: Match found on : 1==1 #: Found an random equivalency check

19-    ) -> Result<()> {
20:        if 1==1 {
21-            msg!("Welcome to the Demo");

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages