Solana Security Series
A reviewer-focused walkthrough of real Solana security patterns, from account creation pitfalls to Token2022 extension semantics.
Read the series like a playbook
- 01
Pre-Funding DoS in Solana: Breaking create_account with Non-Zero Lamports
A system-level Solana DoS pattern: pre-funding a predictable address (e.g., a PDA) makes `create_account` fail with AccountAlreadyInUse. Includes mitigations and how Anchor avoids it.
10 min read10 min read
December 29, 2025
- 02
How init and init_if_needed work under the hood and the associated token account griefing attack
A deep dive into how Anchor’s #[account(init)] and #[account(init_if_needed)] are parsed and code-generated, what “needs initialization” really means at runtime, and how using init with associated token accounts can enable griefing/DoS via pre-created ATAs.
30 min read30 min read
January 05, 2026
- 03
Why Anchor Accounts Go Stale After CPI (and When to Reload)
In Anchor, `Account<T>` is a cached snapshot of account data. After CPI, the runtime account changes but your cached view does not—unless you `reload()`.
10 min read10 min read
January 09, 2026
- 04
SPL vs Token2022: From Mint to Account
A technical comparison of SPL Token and Token2022—from mint/account layouts to ATA creation—highlighting program IDs, extensions, and real initialization flows.
15 min read15 min read
January 31, 2026
A playbook for real program behavior.
Protocol-level exploit patterns
Reproducible attack surfaces across System, Token, and ATA flows.
Account layout + initialization
SPL vs Token2022 data layout, extension semantics, and init invariants.
Reviewer-grade traces
Instruction-by-instruction walks aligned with on-chain logs.
Keep exploring
More security research across chains
Browse exploit analysis, protocol internals, cryptography, and DeFi math in the full archive.