Our Blog

Musings from the Blockchain

A collection of writing from our team on exploits, tutorials, and more.

Preview card for 'Solana Formal Verification: A Case Study'

Solana Formal Verification: A Case Study

We present a novel framework for formal verification of Solana Anchor programs — and a case study application to the Squads multisig.

1/26/2023
Preview card for 'Rust, Realloc, and References'

Rust, Realloc, and References

Rust is safe.. right? Not if your dependencies are unsafe.. A deep dive into a subtle Solana SDK bug, Rust internals, and how we found it all.

12/9/2022
Preview card for 'The Move Prover: A Guide'

The Move Prover: A Guide

A practical guide to the Move Prover - tutorial, case study, and specifications.

9/16/2022
Preview card for 'Move: An Auditor's Introduction'

Move: An Auditor's Introduction

What actually makes Move secure? A discussion of Move's typing system and formal verification.

9/6/2022
Preview card for 'Reverse Engineering Solana with Binary Ninja'

Reverse Engineering Solana with Binary Ninja

An introduction to our open-source Binary Ninja plugin for blackbox Solana program analysis along with an executive reference to the Solana runtime.

8/27/2022
Preview card for 'The Story of the Curious Rent Thief'

The Story of the Curious Rent Thief

A tale of pickpockets preying on the Solana ecosystem. Read our investigation into the persistent theft of rent from uninitialized accounts. This is the story of the Solend rent thief.

8/19/2022
Preview card for 'Becoming a Millionaire, 0.000150 BTC at a Time'

Becoming a Millionaire, 0.000150 BTC at a Time

How we discovered a critical issue in Solana's stable swap implementation. A story about arbitrage and rounding.

4/26/2022
Preview card for 'The $200m Bluff: Cheating Oracles on Solana'

The $200m Bluff: Cheating Oracles on Solana

How we fooled oracles to beat the house. An exploration into liquidity tokens and oracle price manipulation.

2/16/2022