I audit Solana smart contracts written in Rust — both Anchor-based and native programs — for the vulnerability classes specific to the Solana account model that EVM-trained auditors routinely miss.
Solana vulnerability scope: missing account owner validation (wrong program owns the account); missing signer verification (instruction can be called by any account); arbitrary CPI (calling an attacker-controlled program instead of the expected SPL program); account data and type confusion (passing wrong account type into a handler); integer overflow in SPL token arithmetic; PDA derivation and bump seed validation; rent exemption bypass enabling account closure attacks; instruction data deserialization validation; and privilege escalation via missing Anchor constraints.
For Anchor programs I review constraint annotations (has_one, constraint, seeds, bump) against the program's intended access control model — constraint correctness is where most Anchor vulnerabilities are found.
Deliverables: audit report with severity-rated findings, PoC demonstrations, Anchor-idiomatic fix recommendations, and a recheck pass confirming remediated implementations are correct.