Security Research & Disclosures

Advancing Blockchain Security

Our team actively contributes to the security of the Solana ecosystem through responsible disclosure, open-source tools, and published research.

25+

CVEs Disclosed

$1.2M+

Bounties Earned

Research Papers

8.5K+

GitHub Stars

CVE Disclosures

Vulnerabilities we've responsibly disclosed to improve ecosystem security

View All on MITRE

CVE-2024-38291CriticalFixed

Reentrancy Vulnerability in SolSwap Protocol

Discovered a critical reentrancy vulnerability in the swap function that could allow attackers to drain liquidity pools.

Protocol: SolSwapDate: 2024-11-15Bounty: $125,000

CVE-2024-35102HighFixed

Integer Overflow in Token Staking Contract

Integer overflow in reward calculation could result in incorrect reward distribution and potential fund loss.

Protocol: StakeDAODate: 2024-09-22Bounty: $75,000

CVE-2024-31847HighFixed

Access Control Bypass in NFT Marketplace

Missing validation in listing function allowed unauthorized users to modify listing parameters.

Protocol: SolanaArtDate: 2024-08-10Bounty: $50,000

CVE-2024-28556CriticalFixed

Oracle Manipulation in Lending Protocol

Price oracle could be manipulated through flash loans, enabling under-collateralized borrowing.

Protocol: SolLendDate: 2024-06-03Bounty: $200,000

CVE-2024-22134CriticalFixed

Signature Validation Flaw in Bridge Contract

Improper signature verification allowed forged cross-chain messages to be processed.

Protocol: SolBridgeDate: 2024-03-18Bounty: $150,000

Published Research

Peer-reviewed papers and technical reports advancing blockchain security knowledge

Comprehensive Analysis of Solana Smart Contract Vulnerabilities

Chen, M., Mitchell, S., Rodriguez, J.

A systematic study of 500+ Solana programs identifying common vulnerability patterns and proposing automated detection methods.

2024-12-01Read Paper

Flash Loan Attack Vectors in DeFi Protocols

Rodriguez, J., Chen, M.

Detailed analysis of flash loan attacks on Solana DeFi protocols with mitigation strategies and best practices.

2024-10-15Read Paper

Anchor Framework Security: Common Pitfalls and Solutions

Mitchell, S., Rodriguez, J.

Security considerations when building with Anchor, including account validation, PDA security, and CPI guards.

2024-08-20Read Paper

Cross-Program Invocation Security Analysis

Chen, M., Mitchell, S.

Examination of CPI-related vulnerabilities and secure patterns for inter-program communication on Solana.

2024-05-10Read Paper

Open Source Tools

Free security tools we maintain for the community

View GitHub

solcertup-scanner

Automated vulnerability scanner for Solana smart contracts. Detects 50+ vulnerability patterns.

Rust2,847

anchor-security-checks

Security linting rules for Anchor framework programs. Integrates with CI/CD pipelines.

TypeScript1,523

solana-fuzz

Fuzzing framework for Solana programs. Find edge cases and unexpected behaviors.

Rust892

defi-attack-vectors

Educational repository documenting DeFi attack vectors with PoC implementations.

Rust3,241

Responsible Disclosure Policy

We believe in responsible disclosure to protect users while giving projects time to fix vulnerabilities. Our process includes:

Private disclosure to affected projects with 90-day remediation window
Coordination with protocol teams on patch deployment
Public disclosure only after fix is deployed or deadline expires
CVE registration for tracking and transparency

To report a vulnerability: security@solcertup.com

Secure Your Protocol

Get your smart contracts audited by the team behind these discoveries

Request an Audit View Audit Reports