hasip-timurtas
solsec
Rust

๐Ÿ›ก๏ธ CLI toolkit for auditing Solana smart contracts. Includes static analysis, IDL-based fuzzing, plugin system, and multi-format reports.

Last updated Apr 16, 2026
21
Stars
3
Forks
0
Issues
0
Stars/day
Attention Score
8
Language breakdown
Rust 88.8%
TypeScript 7.4%
Shell 2.9%
JavaScript 0.4%
HTML 0.3%
CSS 0.2%
โ–ธ Files click to expand
README

๐Ÿ›ก๏ธ Solana Smart Contract Security Toolkit (solsec)

Crates.io Downloads License: MIT Rust CI

A comprehensive security analysis tool for Solana smart contracts that helps developers identify vulnerabilities before deployment through static analysis and fuzz testing. Features an advanced interactive HTML reporting system with intelligent suggestion algorithms.

Table of Contents

๐ŸŽฏ Why solsec?

solsec is designed to be a developer's first line of defense against smart contract vulnerabilities. While other tools exist, solsec offers a unique combination of:

  • ๐Ÿ” High Accuracy: Advanced pattern detection with minimal false positives - identifies 39 security issues across example contracts
  • โšก High Performance: Parallel processing with Rust performance - up to 5x faster analysis on multi-file projects
  • ๐ŸŽฏ Comprehensive Coverage: Detects critical vulnerabilities including reentrancy, unsafe account access, and privilege escalation
  • ๐Ÿ› ๏ธ Developer-Friendly: Clear, actionable reports with specific remediation guidance and severity classification
  • ๐Ÿ”ง Easy Integration: Seamless CI/CD integration with automated security checks and pre-commit hooks
  • ๐Ÿงช Production Ready: Thoroughly tested with comprehensive validation and robust error handling

โœจ Features

๐Ÿ” Advanced Security Analysis

  • Static Analysis: Detect critical vulnerabilities with high accuracy and minimal false positives
  • Parallel Processing: Multi-core analysis using Rust's rayon for significant performance improvement
  • Severity Classification: Identifies 4 severity levels - Critical, High, Medium, Low with targeted remediation
  • Comprehensive Rule Coverage: 8+ security rules covering all major Solana vulnerability classes

๐ŸŽจ Revolutionary Suggestion System

  • Interactive HTML Interface: JavaScript-powered suggestion formatting with professional styling
  • Multiple Implementation Options: Each security issue shows 3+ different fix approaches
  • Function-Aware Recommendations: Personalized suggestions using extracted function names
  • Before/After Code Examples: Side-by-side syntax-highlighted comparisons showing exact fixes
  • Copy-Paste Ready: All code examples are immediately usable in your projects
  • Educational Value: Learn multiple security patterns instead of single fixes

๐Ÿš€ Performance & Reliability

  • Parallel File Processing: Concurrent analysis of multiple files using rayon crate
  • Smart Error Handling: Clear, colored error messages with proper path validation
  • Comprehensive Testing: Thorough unit testing ensuring reliability
  • Memory Efficient: Optimized regex compilation and efficient pattern matching

๐Ÿ“Š Professional Reporting

  • Interactive HTML Reports: Revolutionary suggestion system with JavaScript-powered formatting
- Multi-Option Suggestions: Beautiful card layouts showing 3+ implementation approaches per issue - Before/After Code Comparisons: Side-by-side syntax-highlighted code sections - Function-Specific Guidance: Personalized recommendations based on actual function names - Responsive Design: Professional mobile-friendly interface
  • Multiple Report Formats: JSON, HTML, Markdown, and CSV outputs with beautiful styling
  • Severity Classification: Clear prioritization with Critical/High/Medium/Low severity levels
  • Actionable Recommendations: Copy-pasteable code examples and specific remediation guidance
  • Browser Integration: Automatic HTML report opening with intelligent environment detection

๐Ÿ”Œ Extensibility & Integration

  • Plugin System: Extensible architecture for custom security rules
  • CI/CD Ready: GitHub Actions support with automated security checks
  • Pre-commit Hooks: Block commits with critical vulnerabilities
  • Configuration System: Flexible rule configuration and customization

๐Ÿš€ Quick Start

Installation

From Crates.io

cargo install solsec

From Source

git clone https://github.com/hasip-timurtas/solsec.git
cd solsec
cargo install --path .

Basic Usage

# Scan the current project and generates both JSON and HTML
solsec scan

Scan a specific Solana program and set an output directory

solsec scan ./my-solana-program --output ./results

Generate only JSON

solsec scan ./my-program --json-only --output results.json

Generate only HTML

solsec scan ./my-program --html-only --output results.html

Generate multiple formats at once

solsec scan ./my-program --format json,html,markdown,csv

Don't open browser automatically

solsec scan ./my-program --no-open

Run fuzz testing

solsec fuzz ./my-solana-program --timeout 300

๐Ÿ“š Library Usage

New in v0.2.1: solsec can now be used as a library dependency in your Rust projects for programmatic security analysis.

Adding solsec as a Dependency

[dependencies]
solsec = "0.2.1"

Basic Library Usage

use solsec::{StaticAnalyzer, ReportGenerator, ReportFormat};
use std::path::Path;

#[tokio::main] async fn main() -> anyhow::Result<()> { // Create analyzer let mut analyzer = StaticAnalyzer::new(None)?; // Analyze your code let results = analyzer.analyze_path(Path::new("./src")).await?; // Generate reports let generator = ReportGenerator::new(); generator.generate_report(&results, Path::new("report.json"), ReportFormat::Json).await?; generator.generate_report(&results, Path::new("report.html"), ReportFormat::Html).await?; println!("Found {} security issues", results.len()); Ok(()) }

Available Types

  • StaticAnalyzer - Core security analysis engine
  • ReportGenerator - Multi-format report generation
  • FuzzEngine - Automated fuzz testing
  • PluginManager - Custom rule management
  • AnalysisResult - Security issue representation

๐Ÿ“– Commands

solsec scan

Run static analysis on your Solana smart contracts. Generates both JSON and HTML by default. If no path is provided, it recursively scans the current directory for all .rs files, automatically ignoring target/ and .git/ folders.

HTML reports automatically open in the default browser when running interactively, but remain closed in CI/automation environments.

solsec scan [PATH] [OPTIONS]

OPTIONS: -c, --config <FILE> Configuration file path -o, --output <DIR> Output directory [default: ./solsec-results] -f, --format <FORMATS> Output formats (comma-separated) [default: json,html] [possible values: json, html, markdown, csv] --json-only Only generate JSON --html-only Only generate HTML --no-open Don't automatically open HTML report in browser --fail-on-critical Exit with non-zero code on critical issues [default: true]

EXAMPLES: # Scan the entire project (generates both JSON and HTML) solsec scan

# Scan a specific directory with default formats solsec scan ./programs/my-program # Generate only JSON for CI/CD integration solsec scan ./programs --json-only --output results.json

# Generate only HTML for manual review solsec scan ./programs --html-only --output results.html

# Generate HTML but don't open browser solsec scan ./programs --html-only --no-open --output results.html

# Generate all available formats solsec scan ./programs --format json,html,markdown,csv

# Scan with configuration file solsec scan ./programs --config solsec.toml --output ./security-results

solsec fuzz

Run fuzz testing on smart contracts.

solsec fuzz <PATH> [OPTIONS]

OPTIONS: -t, --timeout <SECONDS> Timeout in seconds [default: 300] -j, --jobs <NUMBER> Number of parallel fuzzing jobs [default: 1] -o, --output <DIR> Output directory [default: ./fuzz-results]

EXAMPLES: solsec fuzz ./programs/my-program --timeout 600 --jobs 4 solsec fuzz ./programs --output ./custom-fuzz-results

solsec plugin

Manage security rule plugins.

solsec plugin <ACTION> [PATH]

ACTIONS: list List available plugins load Load a plugin unload Unload a plugin

EXAMPLES: solsec plugin list solsec plugin load ./my-custom-rule.so solsec plugin unload my-custom-rule

๐Ÿ”ง Configuration

Create a solsec.toml configuration file:

# Enable/disable specific rules
enabled_rules = [
    "integer_overflow",
    "missingsignercheck", 
    "unchecked_account",
    "reentrancy"
]

disabled_rules = []

Rule-specific settings

[rule_settings] [rulesettings.integeroverflow] ignorepatterns = ["test", "mock_"]

[rulesettings.missingsigner_check] requiredforinstructions = ["transfer", "withdraw"]

๐Ÿ” Built-in Security Rules

| Rule | Severity | Description | Detections | |------|----------|-------------|------------| | reentrancy | High | Detects state changes after external calls (CEI pattern violations) | โœ… 8 vulnerabilities found | | unchecked_account | Critical | Finds unsafe account access, transmute operations, and unvalidated accounts | โœ… 4 critical + 14 medium issues | | missingsignercheck | High | Identifies instruction handlers without proper signer validation | โœ… 8 high severity issues | | integer_overflow | Medium | Detects arithmetic operations without overflow protection | โœ… 5 legitimate overflow risks | | pda_validation | High | Validates PDA derivation and bump parameter usage | โœ… PDA validation | | privilege_escalation | Critical | Detects unauthorized authority/admin changes | โœ… Authority security | | unsafe_arithmetic | Medium | Finds division by zero and underflow risks | โœ… Arithmetic protection | | insufficient_validation | High | Identifies missing input validation in public functions | โœ… Input validation |

๐ŸŽฏ Detection Accuracy

  • โœ… Reentrancy: Detects 8 vulnerabilities across examples
  • โœ… Unchecked Account: Identifies 4 critical + 14 medium severity issues
  • โœ… Zero False Positives: Filters out comments, strings, and non-code patterns
  • โœ… Comprehensive Coverage: 39 total security issues identified across all severity levels
๐Ÿ“– For detailed information about each security check, including code examples and best practices, see the Security Checks Reference.

๐Ÿ”Œ Plugin Development

Create custom security rules by implementing the Rule trait:

use solsec::plugin::{Rule, RuleResult, Severity};
use std::path::Path;
use anyhow::Result;

#[derive(Debug)] pub struct MyCustomRule;

impl Rule for MyCustomRule { fn name(&self) -> &str { "mycustomrule" }

fn description(&self) -> &str { "Detects my specific vulnerability pattern" }

fn check(&self, content: &str, file_path: &Path) -> Result<Vec<RuleResult>> { let mut results = Vec::new(); // Your analysis logic here for (line_num, line) in content.lines().enumerate() { if line.contains("dangerous_pattern") { results.push(RuleResult { severity: Severity::High, message: "Dangerous pattern detected".to_string(), linenumber: Some(linenum + 1), column: None, codesnippet: Some(line.trim().tostring()), suggestion: Some("Use safe alternative".to_string()), }); } } Ok(results) } }

// Plugin interface #[no_mangle] pub extern "C" fn getplugininfo() -> PluginInfo { PluginInfo { name: "myplugin".tostring(), version: "1.0.0".to_string(), description: "My custom security plugin".to_string(), author: "Your Name".to_string(), rules: vec!["mycustomrule".to_string()], } }

#[no_mangle] pub extern "C" fn create_rules() -> Vec<Box<dyn Rule>> { vec![Box::new(MyCustomRule)] }

Build your plugin as a dynamic library:

cargo build --lib --crate-type=cdylib --release

๐Ÿค– CI/CD Integration

GitHub Actions

Add the following to your .github/workflows/security.yml:

name: Security Scan

on: push: branches: [ main ] pull_request: branches: [ main ]

jobs: security: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Install solsec run: | cargo install --locked solsec - name: Run security scan run: | solsec scan ./programs --output ./security-results - name: Upload security report uses: actions/upload-artifact@v3 with: name: security-report path: ./security-results/ - name: Fail on critical issues run: | if [ -f ./security-results/*.json ]; then # Ensure jq is installed sudo apt-get install -y jq criticalcount=$(jq '.summary.criticalissues' ./security-results/*.json) if [ "$critical_count" -gt 0 ]; then echo "โŒ Critical security issues found: $critical_count" exit 1 fi fi

Pre-commit Hook

Block commits that introduce critical vulnerabilities.

Setup Instructions:

  • Create the file: .git/hooks/pre-commit
  • Copy the script below into the file.
  • Make it executable: chmod +x .git/hooks/pre-commit
#!/bin/sh 

.git/hooks/pre-commit

echo "๐Ÿ›ก๏ธ Running security scan..."

Ensure solsec is in your PATH

if ! command -v solsec &> /dev/null; then echo "solsec could not be found, skipping pre-commit check." exit 0 fi

Create a temporary directory for results

RESULTS_DIR=$(mktemp -d) solsec scan ./programs --format json --output "$RESULTS_DIR" --no-open

if [ -f "$RESULTS_DIR"/*.json ]; then # Ensure jq is installed if ! command -v jq &> /dev/null; then echo "jq could not be found, skipping severity check." rm -rf "$RESULTS_DIR" exit 0 fi

criticalcount=$(jq '.summary.criticalissues' "$RESULTS_DIR"/*.json 2>/dev/null || echo "0") if [ "$critical_count" -gt 0 ]; then echo "โŒ Critical security issues found: $critical_count! Commit blocked." echo "Run 'solsec scan ./programs' to see details." rm -rf "$RESULTS_DIR" exit 1 fi fi

rm -rf "$RESULTS_DIR" echo "โœ… Security scan passed!"

Browser Opening Behavior

HTML reports automatically open in the default browser under the following conditions:

Opens automatically when:

  • Running in an interactive terminal (not redirected)
  • Generating HTML reports (--html-only or default formats)
  • Not in CI/automation environments
Remains closed when:
  • Running in CI environments (GitHub Actions, GitLab CI, etc.)
  • Output is redirected or piped
  • Using --no-open flag
  • Only generating non-visual formats (JSON, CSV)

๐Ÿ“Š Report Examples

HTML Report

Revolutionary interactive HTML reports with:
  • Executive Summary: Issue counts by severity with beautiful statistics cards
  • Enhanced Suggestions: Multi-option fix approaches with numbered cards and code examples
  • Before/After Comparisons: Side-by-side syntax-highlighted code sections for overflow fixes
  • Function-Specific Guidance: Personalized recommendations like "Add signer validation to function 'transferfundshandler'"
  • Professional Styling: Modern design with Monaco fonts, proper spacing, and responsive layouts
  • Copy-Paste Ready Code: Immediately usable code snippets for each suggested fix
  • Mobile Optimization: Responsive design that works perfectly on all devices
๐Ÿ”— Live Example: Check out examples/security-report.html to see a complete security report generated from scanning the example vulnerabilities. This report shows:
  • 258 total issues found across all severity levels
  • 7 critical issues requiring immediate attention
  • Interactive navigation with clickable severity cards
  • Syntax-highlighted code with proper Rust highlighting
  • Multi-option suggestions with numbered implementation approaches

JSON Report

Machine-readable format for:
  • CI/CD pipeline integration
  • Custom tooling and analysis
  • Data processing and metrics

Markdown Report

Developer-friendly format for:
  • README documentation
  • Pull request comments
  • Documentation sites

๐Ÿ› ๏ธ Development

Building from Source

git clone https://github.com/hasip-timurtas/solsec.git
cd solsec
cargo build --release

Running Tests

cargo test

Contributing

We welcome contributions! Please see our comprehensive Contributing Guide for detailed instructions on:

  • Development Setup: Fork, clone, and build the project
  • Code Quality Standards: Clippy compliance and formatting requirements
  • Testing Requirements: Running ./scripts/run-tests.sh before submission
  • Pre-commit Hooks: Native git hooks for quality assurance
  • Security Rule Development: Creating custom vulnerability detection rules
  • Submission Guidelines: Pull request process and commit message format
Quick start for contributors:
  • Fork the repository and create a feature branch
  • Run ./scripts/run-tests.sh to ensure all checks pass
  • Submit a pull request with clear description of changes

๐Ÿ“š Examples

The examples/ directory contains comprehensive security vulnerability demonstrations:

๐Ÿšจ Vulnerability Examples

Each category includes both vulnerable and secure implementations for educational purposes:

| Vulnerability Type | Severity | Vulnerable Examples | Secure Examples | |-------------------|----------|-------------------|-----------------| | Integer Overflow | Medium | examples/integeroverflow/vulnerable.rs | examples/integeroverflow/secure.rs | | Missing Signer Check | High | examples/missingsignercheck/vulnerable.rs | examples/missingsignercheck/secure.rs | | Unchecked Account | Critical | examples/uncheckedaccount/vulnerable.rs | examples/uncheckedaccount/secure.rs | | Reentrancy | High | examples/reentrancy/vulnerable.rs | examples/reentrancy/secure.rs |

๐Ÿงช Testing the Examples

# Test individual vulnerable examples
solsec scan examples/integer_overflow/vulnerable.rs     # 4 medium severity issues
solsec scan examples/missingsignercheck/vulnerable.rs # 4 high severity issues
solsec scan examples/unchecked_account/vulnerable.rs    # 4 critical + 4 medium issues  
solsec scan examples/reentrancy/vulnerable.rs           # 4 high severity issues

Test secure examples (should find fewer/no critical issues)

solsec scan examples/*/secure.rs # Mainly medium severity issues

Comprehensive analysis across all examples

solsec scan examples/ # 39 total issues: 4 critical + 16 high + 19 medium

๐Ÿ“– Learning Resources

  • Side-by-side Comparisons: See exactly how to fix each vulnerability
  • Real-world Patterns: Actual Solana/Anchor code patterns
  • Educational Comments: Clear explanations of security issues
  • Test Suite: Validate that solsec detection works correctly
See the detailed examples/README.md for complete documentation.

โšก Performance & Accuracy

๐Ÿš€ Performance Features

  • Parallel Processing: Multi-core analysis using rayon crate for optimal speed
  • Optimized Regex: Pre-compiled patterns with efficient matching algorithms
  • Memory Efficient: Smart caching and resource management
  • Scalable: Handles large codebases with thousands of files

๐ŸŽฏ Analysis Quality

  • Pattern Detection: Advanced analysis for precise vulnerability identification
  • False Positive Reduction: Intelligent filtering eliminates noise from comments and non-code patterns
  • Comprehensive Coverage: Detects all major Solana vulnerability classes
  • Actionable Results: Clear severity classification with specific remediation guidance

๐Ÿ“Š Quality Assurance

โœ… Comprehensive Testing: Full unit test coverage
โœ… Code Quality: Passes strict clippy linting (-D warnings)
โœ… Formatting: rustfmt compliant
โœ… Performance: Parallel processing architecture
โœ… Accuracy: High precision vulnerability detection
โœ… Coverage: Multi-severity issue identification

๐Ÿ” Current Capabilities

| Feature | Status | Details | |---------|--------|---------| | Reentrancy Detection | โœ… Active | Detects 8 types of reentrancy vulnerabilities | | Critical Account Issues | โœ… Active | Identifies unsafe account access patterns | | Interactive Suggestions | โœ… Active | Multi-option HTML suggestions with code examples | | Function-Specific Guidance | โœ… Active | Personalized recommendations using function names | | False Positive Rate | โœ… Minimal | Intelligent filtering of non-code patterns | | Processing Speed | โœ… Optimized | Parallel processing for fast analysis | | Security Coverage | โœ… Comprehensive | 39+ vulnerability patterns detected |

๐Ÿค Community

๐Ÿ“„ License

This project is licensed under the MIT License - see the LICENSE file for details.

๐Ÿ™ Acknowledgments

  • The Solana Foundation for supporting security tooling
  • The Rust security community for best practices
  • Contributors and early adopters

โš ๏ธ Important: This tool helps identify potential security issues but does not guarantee complete security. Always conduct thorough testing and consider professional security audits for production applications.

๐Ÿ“ธ Example HTML Report

HTML Security Report Example

Professional HTML security reports with syntax highlighting, interactive navigation, and actionable suggestions

Built with โค๏ธ by Hasip Timurtas

๐Ÿ”— More in this category

ยฉ 2026 GitRepoTrend ยท hasip-timurtas/solsec ยท Updated daily from GitHub