solana-lints icon indicating copy to clipboard operation
solana-lints copied to clipboard

Published 20 hours ago verified publisher icon crytic

Metadata

Lints based on the Sealevel Attacks

Trail of Bits Solana lints

Solana Breakpoint 2022 slides video

Each subdirectory of lints contains a Solana lint in the form of a Dylint library.

The lints are inspired by the Sealevel Attacks. (See also @pencilflip's Twitter thread.)

The current lints are:

Library Description Anchor Non Anchor
arbitrary_cpi lint for 5-arbitrary-cpi :heavy_check_mark: :heavy_check_mark:
bump_seed_canonicalization lint for 6-bump-seed-canonicalization :heavy_check_mark:
insecure_account_close lint for 9-closing-accounts :heavy_check_mark: :heavy_check_mark:
missing_owner_check lint for 2-owner-checks :heavy_check_mark: :heavy_check_mark:
missing_signer_check lint for 0-signer-authorization :heavy_check_mark: :heavy_check_mark:
sysvar_get Reports uses of Sysvar::from_account_info instead of Sysvar::get :heavy_check_mark: :heavy_check_mark:
type_cosplay lint for 3-type-cosplay :heavy_check_mark:

Usage

To use these lints, do the following:

  1. Install cargo-dylint and dylint-link:

    cargo install cargo-dylint dylint-link

  2. Add the following to your workspace's Cargo.toml file:

    [workspace.metadata.dylint]
libraries = [
    { git = "https://github.com/crytic/solana-lints", pattern = "lints/*" },
]

  3. Run cargo-dylint:

    cargo dylint --all --workspace

Metadata

26
Stars
4
Forks
Watchers

Owner

verified publisher icon crytic

Metadata

Lints based on the Sealevel Attacks

Back