Soteria Auto Auditor (Free Version)

this page is for the Free Version, please inqurie about the Premieum Version (beta)

Powered by the GreenCore technology, Soteria can automatically detect security vulnerabilities in Solana programs by checking all code paths against these common pitfalls. The basic idea is to look at the data flow of each user account supplied to the program and flag it as untrustful if its validity is not properly checked in the program’s execution context.
Feb 3, 2022: Soteria team has added a scan in our auto auditor (free trial version below) as a quick response to the Wormhole vulnerability. Please check it out and let us know your thoughts. More details can be found in this blog post.
Feb 3, 2022: Soteria team has added a scan in our auto auditor (free trial version below) as a quick response to the bug was found in the anchor framework, affecting all programs using the `init_if_needed` keyword and affecting all versions of the framework for which the keyword existed. v0.18.0 and above.

Installation

Option 1 (Linux Terminal):
sh -c "$(curl -k https://supercompiler.xyz/install)"
# Depending on your system, you may need to change your PATH environment variable to include soteria
export PATH=$PWD/soteria-linux-develop/bin/:$PATH
Option 2 (Docker):
docker run -v $PWD:/workspace -it greencorelab/soteria:latest /bin/bash
Note: This is a very early MVP version for evaluations and feedback. Soteria Premium is in active development and is used in our tool-aided Solana smart contract auditing process.

How It Works

Please refer to this blog post for details.

FAQ

Q: I tried to install with Docker. inside docker, I'm getting error that says `toolchain 'bpf' not installed`.
A: There are two ways to fix it
# 1. get the latest docker image, which now includes the bpf toolchain.
docker run -v $PWD:/workspace -it greencorelab/soteria:latest /bin/bash

# 2. update dependencies in the current docker image
sh -c "$(curl -sSfL https://release.solana.com/v1.9.5/install)"
rm -rf /root/.rustup/
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
cargo build-bpf
soteria -analyzeAll .

What Anatoly Says