Common Security Exploits

Sealevel Attacks

Anchor uses a lot of magic to help eliminate footguns, but if you're shipping anything to mainnet, it's important you understand every bit of that magic and the motivation behind it. A list of common attacks can be found here, providing three different examples for each example attack

  1. insecure - represents flawed code that may be insecure
  2. secure - represents a fix
  3. recommended - represents a fix with idiomatic Anchor code

Note that none of these examples are not necessarily secure, but they are meant to showcase a specific issue and a recommended fix in isolation. One can find some nice explanations of these sealevel attacks here. It's strongly recommended to study each of these cases when building protocols on Solana.