solana-vulnerability-scanner

# Solana Vulnerability Scanner ## 1. Purpose Systematically scan Solana programs (native and Anchor framework) for platform-specific security vulnerabilities related to cross-program invocations, account validation, and program-derived addresses. This skill encodes 6 critical vulnerability patterns unique to Solana's account model. ## 2. When to Use This Skill - Auditing Solana programs (native Rust or Anchor) - Reviewing cross-program invocation (CPI) logic - Validating program-derived address (PDA) implementations - Pre-launch security assessment of Solana protocols - Reviewing account validation patterns - Assessing instruction introspection logic ## 3. Platform Detection ### File Extensions & Indicators - **Rust files**: `.rs` ### Language/Framework Markers ```rust // Native Solana program indicators use solana_program::{ account_info::AccountInfo, entrypoint, entrypoint::ProgramResult, pubkey::Pubkey, program::invoke, program::invoke_signed, }; entrypoint!(process_instruction); // Anchor framework indicators use anchor_lang::prelude::*; #[program] pub mod my_program { pub fn initialize(ctx: Context<Initialize>) -> Result<()> { // Program logic } } #[derive(Accounts)] pub struct Initialize<'info> { #[account(mut)] pub authority: Signer<'info>, } // Common patterns AccountInfo, Pubkey invoke(), invoke_signed() Signer<'info>, Account<'info> #[account(...)] with constraints seeds, bump ``` ### Project Structure - `...