Skip to content

crytic/solana-lints

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

170 Commits
.github
.github
 
 
crate
crate
 
 
docs
docs
 
 
lints
lints
 
 
scripts
scripts
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
README.md
README.md
 
 
rust-toolchain
rust-toolchain
 
 

Repository files navigation

Trail of Bits Solana lints

Solana Breakpoint 2022 slides video

Each subdirectory of lints contains a Solana lint in the form of a Dylint library.

The lints are inspired by the Sealevel Attacks. (See also @pencilflip's Twitter thread.)

The current lints are:

Library Description
arbitrary_cpi lint for 5-arbitrary-cpi
bump_seed_canonicalization lint for 6-bump-seed-canonicalization
insecure_account_close lint for 9-closing-accounts
missing_owner_check lint for 2-owner-checks
missing_signer_check lint for 0-signer-authorization
type_cosplay lint for 3-type-cosplay

Usage

To use these lints, do the following:

  1. Install cargo-dylint and dylint-link:

    cargo install cargo-dylint dylint-link

  2. Add the following to your workspace's Cargo.toml file:

    [workspace.metadata.dylint]
libraries = [
    { git = "https://github.com/crytic/solana-lints", pattern = "lints/*" },
]

  3. Run cargo-dylint:

    cargo dylint --all --workspace

About

Lints based on the Sealevel Attacks

Resources

Readme

Security policy

Security policy
Activity
Custom properties

Stars

30 stars

Watchers

15 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 6

Languages