Welcome to our Solana Security Workshop!
All details are in the docs. To check it out online, visit https://workshop.neodyme.io.
To build it yourself, install mdbook (cargo install mdbook
) and run mdbook serve
.
View Docs Online: Workshop Docs
Compile All Contracts: cargo build-bpf --workspace
Run an exploit: RUST_BACKTRACE=1 cargo run --bin level{insert_level_#_here}
Exploited by creating manually creating a Wallet with the victim's vault, but the hacker's public key.
Execute solution: cargo build-bpf --workspace && RUST_BACKTRACE=1 cargo run --bin level0
Initial thoughts:
- directly setting the authority won't achieve anything.
- possible to re-use a transaction?
Execute solution: cargo build-bpf --workspace && RUST_BACKTRACE=1 cargo run --bin level1
Initial thoughts:
- re-initialize the account to hijack the authority (doesn't work afaik)
Execute solution: cargo build-bpf --workspace && RUST_BACKTRACE=1 cargo run --bin level2
Initial thoughts:
- Send an overflow by depositing a tip into another pool
- Doesn't work since there are checks on pool and vault owner's being the program id
Execute solution: cargo build-bpf --workspace && RUST_BACKTRACE=1 cargo run --bin level3
Initial thoughts:
Execute solution: cargo build-bpf --workspace && RUST_BACKTRACE=1 cargo run --bin level4