sealevel-attacks-solana
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseSealevel Attacks — Solana exploit patterns (reference)
Sealevel Attacks — Solana漏洞利用模式(参考资料)
Reference skill. This bundle does not vendor the repo; clone and build from upstream.
- Repository: github.com/coral-xyz/sealevel-attacks
- Maintainer context: Published under the Coral org (Anchor ecosystem).
- Stack: Anchor / Rust programs under , tests, migrations—see README.
programs/
参考技能。此技能包未内置该仓库代码;请从上游仓库克隆并构建。
- 仓库地址: github.com/coral-xyz/sealevel-attacks
- 维护者背景: 由Coral组织(Anchor生态)发布。
- 技术栈: Anchor / Rust程序位于目录下,包含测试、迁移等内容——详见README。
programs/
What it is
内容简介
Upstream describes examples of common exploits that arise from the Solana programming model (account model, CPIs, sysvars, etc.), plus idioms to avoid them using Anchor. Each example is intentionally incomplete: one isolated issue and fix per program—not a production template.
Use it to recognize vulnerability classes when reading DeFi code or post-mortems, not as a copy-paste base for new protocols.
上游仓库介绍了Solana编程模型(账户模型、CPI、系统变量等)下产生的常见漏洞利用示例,以及使用Anchor避免这些漏洞的标准写法。每个示例都刻意简化:每个程序仅聚焦一个独立问题及修复方案——并非生产级模板。
你可以用它在阅读DeFi代码或事后分析报告时识别漏洞类型,但请勿将其作为新协议的复制粘贴基础。
How to combine with blockint
如何与blockint结合使用
| Task | Skill |
|---|---|
| Solana DeFi review posture, Anchor/PDAs/CPIs | solana-defi-vulnerability-analyst-agent |
| Incident narratives, tx reconstruction | solana-tracing-specialist, flash-loan-exploit-investigator-agent |
| Broader DeFi / rug triage | defi-security-audit-agent |
| Surfpool / local testing stacks | solana-onchain-intelligence-resources (Helius docs index) |
| 任务 | 技能 |
|---|---|
| Solana DeFi审计流程、Anchor/PDA/CPI相关 | solana-defi-vulnerability-analyst-agent |
| 事件叙事、交易还原 | solana-tracing-specialist、flash-loan-exploit-investigator-agent |
| 更广泛的DeFi/ rug事件分类排查 | defi-security-audit-agent |
| Surfpool / 本地测试栈 | solana-onchain-intelligence-resources(Helius文档索引) |
Guardrails
注意事项
- Authorized use only — study and defensive coding in devnet/local environments; no guidance for exploiting third-party mainnet programs.
- Legal — unauthorized access or theft of funds is criminal in most jurisdictions; this skill is education and audit support only.
- Completeness — patterns evolve with runtime and program versions; treat the repo as illustrative, not an exhaustive checklist.
- Disclosure — if you find a bug in a live project, follow responsible disclosure and the project’s policy.
Goal: a discoverable pointer to sealevel-attacks for Solana security learning and audits inside blockint.
- 仅限授权使用 —— 仅可在devnet/本地环境中用于学习和防御性编码;不得用于指导攻击第三方主网程序。
- 法律合规 —— 未经授权访问或窃取资金在大多数司法管辖区属于刑事犯罪;本技能仅用于教育和审计支持。
- 内容时效性 —— 漏洞模式会随运行时和程序版本演变;请将该仓库视为示例参考,而非详尽的检查清单。
- 漏洞披露 —— 若你在线上项目中发现漏洞,请遵循负责任披露原则及项目的相关政策。
目标: 在blockint中提供可便捷查找的**sealevel-attacks入口,用于Solana安全**学习和审计。