Search papers, labs, and topics across Lattice.
SseRex, a symbolic execution engine, is introduced to address the lack of vulnerability detection tools tailored for Solana's unique account model. It detects Solana-specific bugs like missing owner/signer/key checks and cross-program invocation vulnerabilities. Evaluation on thousands of contracts demonstrates SseRex's superior performance compared to existing methods, uncovering potential bugs in hundreds of contracts and highlighting subtle issues that can lead to severe exploits.
SseRex finds hundreds of potential bugs in Solana smart contracts that existing tools miss, revealing that subtle, easily overlooked issues are often the root cause of severe exploits.
Solana is rapidly gaining traction among smart contract developers and users. However, its growing adoption has been accompanied by a series of major security incidents, which have spurred research into automated analysis techniques for Solana smart contracts. Unfortunately, existing approaches do not address the unique and complex account model of Solana. In this paper, we propose SseRex, the first symbolic execution vulnerability detection approach for finding Solana-specific bugs such as missing owner checks, missing signer checks, and missing key checks, as well as arbitrary cross-program invocations. Our evaluation of 8,714 bytecode-only contracts shows that our approach outperforms existing approaches and identifies potential bugs in 467 different contracts. Additionally, we analyzed 120 open-source Solana projects and conducted in-depth case studies on four of them. Our findings reveal that subtle, easily overlooked issues often serve as the root cause of severe exploits, further highlighting the need for specialized analysis tools like SseRex.
