This repository contains all five tasks assigned during the Ackee School of Solana Security Program.
Each task focuses on strengthening skills in smart contract analysis, secure Solana development, debugging, and auditing.
- Solana development environment setup.
- Understanding accounts, programs, and transactions.
- Writing and deploying the first Solana on-chain program.
- Interacting with the program using CLI or client scripts.
- Working with Program Derived Addresses (PDAs).
- Secure PDA generation using seeds and bump.
- Adding and validating custom instructions.
- Ownership, signer, and mutability checks.
- Using the SPL Token Program.
- Minting and transferring tokens.
- Cross-Program Invocation (CPI) integration.
- Ensuring correct authority and account validation.
- Identifying common Solana contract vulnerabilities:
- Missing signer checks
- Unchecked account ownership
- Writable account misuse
- PDA collision risks
- Refactoring insecure code following Ackee guidelines.
- Full security review of a vulnerable program.
- Finding issues, classifying severity, and writing an audit-style report.
- Implementing secure fixes and validating correct behavior.
root/ ├── task1/ ├── task2/ ├── task3/ ├── task4/ └── task5/
Descriptions:
- task1 : Basic program setup and introductory Solana tasks
- task2 : PDA creation, instruction validation, account checks
- task3 : SPL Token program, CPI, token operations
- task4 : Vulnerability analysis and secure refactoring
- task5 : Final audit-style challenge and security fixes
- Rust
- Solana CLI
- Anchor Framework
- TypeScript Clients
- Localnet / Devnet
- Ackee Security Practices
This repo documents the entire learning and auditing process through the Ackee School of Solana program.
It serves as:
- A personal reference
- A security portfolio
- A guide for other Solana learners
For questions, collaborations, or discussion about Solana development or blockchain security, feel free to open an issue in the repo.