Solana Breakpoint 2022 slides video
Each subdirectory of lints contains a Solana lint in the form of a Dylint library.
The lints are inspired by the Sealevel Attacks. (See also @pencilflip's Twitter thread.)
The current lints are:
| Library | Description | Anchor | Non Anchor |
|---|---|---|---|
arbitrary_cpi |
lint for 5-arbitrary-cpi | ✔️ | ✔️ |
bump_seed_canonicalization |
lint for 6-bump-seed-canonicalization | ✔️ | |
insecure_account_close |
lint for 9-closing-accounts | ✔️ | ✔️ |
missing_owner_check |
lint for 2-owner-checks | ✔️ | ✔️ |
missing_signer_check |
lint for 0-signer-authorization | ✔️ | ✔️ |
sysvar_get |
Reports uses of Sysvar::from_account_info instead of Sysvar::get |
✔️ | ✔️ |
type_cosplay |
lint for 3-type-cosplay | ✔️ |
To use these lints, do the following:
-
Install
cargo-dylintanddylint-link:cargo install cargo-dylint dylint-link
-
Add the following to your workspace's
Cargo.tomlfile:[workspace.metadata.dylint] libraries = [ { git = "https://github.com/crytic/solana-lints", pattern = "lints/*" }, ]
-
Run
cargo-dylint:cargo dylint --all --workspace