Solana生态常见安全漏洞

Solana Security 101

About Sec3

• Audit Team: Comprises industry-leading security professionals, CS professors, and exceptional whitehats.
• CTF Competitors: Six-time DEF CON CTF finalists and auditors from elite teams worldwide.
• Presentations: Regularly invited to present at prestigious conferences such as Black Hat, DEF CON, and Pwn2Own.
• Website: www.sec3.dev

Why Security?

• Total Value Hacked This Year: Approximately $1.3 billion according to DefiLlama.

Why I Prefer Solana?

• No Gas Stress: No need to worry about gas fees.
• Super Fast: High transaction speed.
• Safer Smart Contracts: Written in Rust.
• Code and Data Decoupling: Enhanced security through separation of code and data.

Accounts

• Program Derived Addresses (PDAs):
  • Description: 32-byte strings resembling public keys without corresponding private keys.
  • Derivation: Deterministically derived using findProgramAddress from a programId and seeds (a collection of bytes).
  • Bump: A single byte is used to ensure the PDA does not fall on the ed25519 elliptic curve.
  • Signing: Programs can sign for their PDAs by providing seeds and bump to invoke_signed.

Transactions

N1CTF 2022

• Utility Payment Service
• Simple Staking
  • Initialization: Setup initial parameters.
  • Registration: Register organization name and employee ID.
  • Deposit: Deposit funds.
  • Withdrawal: Withdraw funds.

Example Vulnerability:

• Rich Victim:
  • org_name = "product", employee_id = "employ_A"
• Malicious User:
  • org_name = "producte", employee_id = "mploy_A"

N1CTF 2023

• Pool
  • Initialization: InitPool (args)
  • Deposit: Deposit (amount, account_name)
  • Withdraw: Withdraw (amount, account_name)

Reference

• Defining On-Chain Gaming

京麒CTF 2023

• CTFDAO
  • Creation: CreateDao (quorum_votes)
  • Proposal Creation: CreateProposal (description)
  • Voting: Vote (amount, support)
  • Closing Proposal: CloseProposal

Additional References

• Defining On-Chain Gaming
• 京麒CTF 2023
• 闪耀！优俊CTFer (by wupco)