Exploring Vulnerabilities and Concerns in Solana Smart Contracts
Xiangfan Wu, Ju Xing, Xiaoqi Li
TL;DR
The paper surveys the security-analysis landscape for Solana smart contracts, cataloging vulnerability classes and surveying tooling across static, dynamic, and symbolic approaches. It compares Solana's security-tool ecosystem with Ethereum, highlighting that Ethereum currently dominates tooling maturity while Solana shows growth with a smaller but expanding set of open-source tools. Concrete vulnerability classes are documented (e.g., signer/ownership checks, rent-exemption, account conflation, overflow, unsafe code, and oracle attacks), alongside off-chain risks such as key leakage and promotion-channel hacks. The work argues for hybrid analysis strategies and outlines future directions, including AI-assisted analysis and EVM-compatible bridges, to enhance Solana's security posture and tooling maturity.
Abstract
The Solana blockchain was created by Anatoly Yakovenko of Solana Labs and was introduced in 2017, employing a novel transaction verification method. However, at the same time, the innovation process introduced some new security issues. The frequent security incidents in smart contracts have not only caused enormous economic losses, but also undermined the credit system based on the blockchain. The security and reliability of smart contracts have become a new focus of research both domestically and abroad. This paper studies the current status of security analysis of Solana by researching Solana smart contract security analysis tools. This paper systematically sorts out the vulnerabilities existing in Solana smart contracts and gives examples of some vulnerabilities, summarizes the principles of security analysis tools, and comprehensively summarizes and details the security analysis tools in Solana smart contracts. The data of Solana smart contract security analysis tools are collected and compared with Ethereum, and the differences are analyzed and some tools are selected for practical testing.