Program Security focuses on the integrity and resilience of on-chain code. It covers the review processes, external validation, vulnerability management, defense-in-depth mechanisms, and automated tooling that together reduce the likelihood and impact of smart contract vulnerabilities.
All code changes undergo security-focused review with documented sign-off before deployment. Review covers both correctness and security properties.
Critical code paths and major changes are reviewed by independent security firms. Findings are tracked to resolution, and the audit scope covers the currently deployed version.
An active, monitored bug bounty program with defined scope and clear severity tiers. Alternatively, a published security contact with a committed triage timeline. Program binary includes solana-security-txt metadata (contact, policy, source URL).
On-chain safeguards that limit the blast radius of a single vulnerability or compromise: rate limits on transfer volume, per-epoch caps, circuit breakers triggered by invariant violations, reduced unnecessary composability (e.g., CPI on admin instructions), and graduated withdrawal limits.
Continuous security tooling integrated into CI/CD to detect common Solana footguns, including fuzz testing, static analysis, property-based testing, formal verification, or AI-assisted review.