Solana Breakpoint 2022 slides video
Each subdirectory of lints
contains a Solana lint in the form of a Dylint library.
The lints are inspired by the Sealevel Attacks. (See also @pencilflip's Twitter thread.)
The current lints are:
Library | Description |
---|---|
arbitrary_cpi |
lint for 5-arbitrary-cpi |
bump_seed_canonicalization |
lint for 6-bump-seed-canonicalization |
insecure_account_close |
lint for 9-closing-accounts |
missing_owner_check |
lint for 2-owner-checks |
missing_signer_check |
lint for 0-signer-authorization |
sysvar_get |
Reports uses of Sysvar::from_account_info instead of Sysvar::get |
type_cosplay |
lint for 3-type-cosplay |
To use these lints, do the following:
-
Install
cargo-dylint
anddylint-link
:cargo install cargo-dylint dylint-link
-
Add the following to your workspace's
Cargo.toml
file:[workspace.metadata.dylint] libraries = [ { git = "https://github.com/crytic/solana-lints", pattern = "lints/*" }, ]
-
Run
cargo-dylint
:cargo dylint --all --workspace