Solana Vulnerability Scanner
Scan Solana programs for 6 critical vulnerability classes including arbitrary CPI, improper PDA validation, missing signer and ownership checks, and sysvar spoofing. Tuned for Solana and Anchor programs.
Solana's account model creates security pitfalls that don't exist on the EVM. This skill scans Anchor and native Solana programs for the highest-impact bug classes — arbitrary CPI, missing signer/owner checks, weak PDA validation, and sysvar spoofing — and explains the fix for each.
When to use
Use when auditing or reviewing Solana/Anchor programs for the most common critical vulnerabilities before deploying on-chain.
Examples
Audit an Anchor program
Scan for the 6 critical bug classes
Scan this Anchor program for arbitrary CPI, missing signer checks, and PDA validation issues
Check account validation
Find missing ownership checks
Review these Solana instructions for missing owner and signer validation