SseRex: Practical Symbolic Execution of Solana Smart Contracts

TL;DR

SseRex is a novel symbolic execution tool tailored for Solana smart contracts, effectively detecting security vulnerabilities specific to Solana's unique account model, thereby improving security analysis accuracy.

Contribution

This paper introduces SseRex, the first symbolic execution approach specifically designed for Solana smart contracts, addressing its unique account model and detecting complex security bugs.

Findings

Outperforms existing analysis approaches on bytecode contracts

Identifies bugs in 467 out of 8,714 contracts evaluated

Reveals subtle security issues in open-source Solana projects

Abstract

Solana is rapidly gaining traction among smart contract developers and users. However, its growing adoption has been accompanied by a series of major security incidents, which have spurred research into automated analysis techniques for Solana smart contracts. Unfortunately, existing approaches do not address the unique and complex account model of Solana. In this paper, we propose SseRex, the first symbolic execution vulnerability detection approach for finding Solana-specific bugs such as missing owner checks, missing signer checks, and missing key checks, as well as arbitrary cross-program invocations. Our evaluation of 8,714 bytecode-only contracts shows that our approach outperforms existing approaches and identifies potential bugs in 467 different contracts. Additionally, we analyzed 120 open-source Solana projects and conducted in-depth case studies on four of them. Our findings reveal that subtle, easily overlooked issues often serve as the root cause of severe exploits, further highlighting the need for specialized analysis tools like SseRex.