« All posts

A Practical Pre-Deploy Security Checklist for Solana Anchor Programs

A systematic pre-mainnet security checklist for Solana Anchor programs, covering account validation, arithmetic safety, CPI checks, and Wormhole exploit lessons.

This checklist offers a systematic, run-before-mainnet review of the security failure modes specific to Solana programs written in Anchor. It's grounded in an analysis of the 2022 Wormhole bridge exploit, where a missing sysvar account check let an attacker forge an account and authorize an unauthorized $326M mint — the fix was switching to a checked variant of a single function.

The checklist is organized into six areas: account validation (owner and discriminator checks, re-deriving PDAs rather than trusting caller-supplied addresses), authority and signer checks (pairing has_one with Signer), arithmetic safety (using checked_add/sub/mul/div instead of raw operators, guarding against truncating casts), CPI safety (verifying target program IDs, reloading account state after cross-program calls), and account lifecycle management (preventing reinitialization and same-transaction account revival).

For engineers, it clarifies exactly where Anchor's built-in protections end — owner, discriminator, and signer checks are automatic, but business logic, arithmetic, CPI target validation, and remaining_accounts are not. It's explicitly positioned as a pre-audit self-check rather than a replacement for professional review on high-value programs.