Solana static analysis tool built in rust for anchor programs. Can be used as a rust crate for unit testing or as a CLI tool.

cargo install solana_fender

git clone https://github.com/honey-guard/solana-fender.git
cd solana-fender
cargo build

Tip: Clone sealevel-attacks as a test case to sample this program.

solana_fender --program <path-to-program>

cargo run -- --program <path-to-program>

You can also use Solana Fender as a development dependency in your Anchor projects to run security checks as part of your unit tests.

Add Solana Fender to your program's Cargo.toml:

[dev-dependencies]
solana_fender = "0.2.0"  # Replace with the latest version

Check /examples for more examples.

#[cfg(test)]
mod tests {
    use super::*;
    use solana_fender;

    #[test]
    fn test_security() {
        // Pass a marker type that represents your program module
        struct MyProgramMarker;
        let findings = solana_fender::analyze_program(MyProgramMarker).unwrap();
        assert!(findings.is_empty(), "Security vulnerabilities found: {:?}", findings);
    }
    
    #[test]
    fn test_security_with_module_name() {
        // Alternatively, use a string to represent the module name
        let findings = solana_fender::analyze_program_by_name("my_program").unwrap();
        assert!(findings.is_empty(), "Security vulnerabilities found: {:?}", findings);
    }
}

This allows you to integrate security checks directly into your test suite, ensuring that your program remains secure as you develop it.

It is highly encouraged to use as many tools as possible to ensure the security of your program.

Below is a comparison of various static analysis tools available for Solana smart contracts written in Rust/Anchor:

• X-Ray (Demo) by sec3.dev
• radar by Auditware
• l3x by VulnPlanet

• ❓ - Could not find documentation if supported.
• 🚧 - Did not pass all sealevel-attacks

If there is any inaccuracy or updating needed, pull request or issue and we will try to update the table.