Skip to content

Latest commit

 

History

History
50 lines (37 loc) · 3.25 KB

README.md

File metadata and controls

50 lines (37 loc) · 3.25 KB

Trail of Bits Solana lints

Solana Breakpoint 2022 slides video

Each subdirectory of lints contains a Solana lint in the form of a Dylint library.

The lints are inspired by the Sealevel Attacks. (See also @pencilflip's Twitter thread.)

The current lints are:

Library Description Anchor Non Anchor
arbitrary_cpi lint for 5-arbitrary-cpi ✔️ ✔️
bump_seed_canonicalization lint for 6-bump-seed-canonicalization ✔️
insecure_account_close lint for 9-closing-accounts ✔️ ✔️
missing_owner_check lint for 2-owner-checks ✔️ ✔️
missing_signer_check lint for 0-signer-authorization ✔️ ✔️
sysvar_get Reports uses of Sysvar::from_account_info instead of Sysvar::get ✔️ ✔️
type_cosplay lint for 3-type-cosplay ✔️

Usage

To use these lints, do the following:

  1. Install cargo-dylint and dylint-link:

    cargo install cargo-dylint dylint-link
  2. Add the following to your workspace's Cargo.toml file:

    [workspace.metadata.dylint]
    libraries = [
        { git = "https://github.com/crytic/solana-lints", pattern = "lints/*" },
    ]
  3. Run cargo-dylint:

    cargo dylint --all --workspace