Solana Vulnerability Scanner Skill

Trit: -1 (MINUS) Category: building-secure-contracts Author: Trail of Bits Source: trailofbits/skills License: AGPL-3.0

Description

Scans Solana programs for 6 critical vulnerabilities including arbitrary CPI, improper PDA validation, missing signer/ownership checks, and sysvar spoofing. Use when auditing Solana/Anchor programs. (project, gitignored)

When to Use

This is a Trail of Bits security skill. Refer to the original repository for detailed usage guidelines and examples.

See: https://github.com/trailofbits/skills

Related Skills

• audit-context-building
• codeql
• semgrep
• variant-analysis

SDF Interleaving

This skill connects to Software Design for Flexibility (Hanson & Sussman, 2021):

Primary Chapter: 3. Variations on an Arithmetic Theme

Concepts: generic arithmetic, coercion, symbolic, numeric

GF(3) Balanced Triad

solana-vulnerability-scanner (+) + SDF.Ch3 (○) + [balancer] (−) = 0

Skill Trit: 1 (PLUS - generation)

Connection Pattern

Generic arithmetic crosses type boundaries. This skill handles heterogeneous data.