Skip to content

devwraithe/superteamng-anchor-security-template

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
basic_bank
basic_bank
 
 
basic_notepad
basic_notepad
 
 
shareable_social_profile
shareable_social_profile
 
 
spl_token
spl_token
 
 
token_vesting
token_vesting
 
 
.DS_Store
.DS_Store
 
 
README.md
README.md
 
 

Repository files navigation

SuperteamNg Bounty - Intermediate Developer Challenge: Anchor/Pinocchio Security Template

This bounty focuses on building a clear, educational security reference for Solana developers by contrasting vulnerable code with secure alternatives. The goal is to make security concepts practical and obvious, especially for developers learning Anchor or Pinocchio.

Here are 5 simple solana programs that emphasis security concepts in writing more efficient and secured programs

  • Basic Bank – A solana program that models a traditional bank in a decentralized manner. Key functionalities includes: initialize_bank, create_user_account, deposit, get_balance, withdraw.

This solana program demonstrates a key common security issue: funds withdrawal by attackers. It emphasize the need for Checked Math / Overflow and Signer Checks using anchor contraints.

  • Basic Notepad – Majority of people keeps notepad, either for tracking todolist or for documenting events has they unfold. Notepads are dear to our hearts, but what happens if our documented notes get tampered with by someelse making us lose the valueable things in it. Another common vulnerablity is PDA collision. We ensured PDA accounts are generated uniquely ensuring no collisions.

  • Shareable Social Profile – The world is now digital just as business cards can be. A link that contains brief details about you accessible to people worldwide. Here, I created a solana program that create a shareable digital copy of you. User can create, update and delete profile. We exploited a common issue in web2, account deletion. You can wake up to see your account blocked. Now, user are forced to create a backup accounts. Writing a secure program includes ensuring Account Ownership Verification. We must allowed strict modification by the owner of the profile, meaning your account cannot be blocked or modified by another user.

  • SPL Token – Number one common exploit is lack of Authorization Checks. We have seen token minted from an unauthorized account leading to loss of cash. We demonstrated this exploit and provide a secured solana version of the program instruction.

  • Token Vesting – This is my favorite solana program. User locks token and the token get released at intervals and are claimable anytime. This introduces the Re-Initialization Attacks where attackers re-initialize account and then redirect the recipient accout to their account, stealing funds.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages

  • Rust 50.2%
  • TypeScript 49.8%