What Solana-specific vulnerabilities does Zealynx check for?

Zealynx audits check for account validation issues, PDA (Program Derived Address) vulnerabilities, signer authorization flaws, CPI (Cross-Program Invocation) security issues, rent exemption problems, Borsh serialization attacks, account data races, and instruction verification flaws.

What types of Solana programs does Zealynx audit?

Zealynx audits all types of Solana programs including DeFi protocols (AMMs, lending, yield farms), SPL token implementations, NFT programs (Metaplex-based collections, marketplaces), gaming programs (play-to-earn, in-game economies), staking programs, and complex cross-program invocations.

How much does a Solana audit cost?

Solana audit pricing depends on program complexity. Expect a 20-30% premium over equivalent EVM audits due to the smaller pool of Rust/Solana security experts. Simple programs start around $5,000-$15,000, while complex DeFi protocols range from $50,000-$100,000+. Request a quote for accurate pricing.

Solana Audit

Solana audits, account by account.

Senior manual review of your Anchor or native Solana program. Account validation, PDA logic, and CPI safety, paired with Trident-based fuzzing and our internal AI audit agents.

Anchor · native · senior auditors only · reports public by default

Request an intro call

Why this exists

Solana’s power is its account model. So are its bugs.

Most Solana exploits come from one of three places: missing account validation, wrong signer checks, or an unsafe cross-program invocation. They’re subtle, and the framework only protects you from half of them. We read every account constraint and every CPI, and we fuzz the rest.

Scope

What’s in the audit.

Recent engagements

Recent Solana engagements.

Solana · Anchor

Fair Casino Solana Vault Program

Anchor program audit for a casino vault, focused on PDA derivation, deposit/withdraw flows, and authority controls.

Jan 2026 · Fair Labs

Solana · Rust

Neptun Finance LBP Launchpad

Liquidity bootstrap pool audit covering bonding curve math, vesting, and the launch authority lifecycle.

Mar 2025 · Neptun Finance

Solana · Rust

Paragon DEX

DEX program audit on Solana — orderbook, AMM, and the matching engine. Account validation under cross-program invocation.

Mar 2025 · Paragon

How pricing works

Scoped to your program.

Solana audits are sized to instruction count, account-graph complexity, and integration surface. No fixed packages. Talk to us for a scope and quote.

Request an intro call

FAQ

Questions.

Anchor or native Solana — does it matter for the audit?

We audit both. Anchor saves us time on the boilerplate (account constraints are encoded), so the review can go deeper into business logic. Native programs need more manual coverage of validation patterns.

Do you do fuzzing on Solana programs?

Yes. We use Trident-based fuzzing for stateful property checks and invariant violations. Fuzz harnesses are delivered alongside the report.

How do you handle CPI safety?

CPI surface is a first-class scope item. We review the full set of inner instructions you invoke, the signer/PDA accounts you pass through, and what happens when the callee behaves adversarially.

Do you audit SPL token integrations?

Yes, including Token-2022 extensions (transfer hooks, transfer fees, confidential transfers, etc.). Token program integration is a common source of subtle bugs.

What about cross-chain bridges that touch Solana?

We review the Solana side of the bridge (the program) and the trust assumptions on the messenger (Wormhole, LayerZero, etc.). The off-chain relayer/keeper side is best paired with our Application security audit.

How long does a typical Solana audit take?

Two to four weeks of focused review by senior auditors, plus fix verification. Depends on program size, account complexity, and integration surface.

From our research

Go deeper.

Other services

Need something else?

Ready when you are

Ready to audit?

Send us your program and a target date. We’ll come back with a scope and a quote within 24 hours.

Request an intro call

Solana audits, account by account.

Solana’s power is its account model. So are its bugs.

What’s in the audit.

Solana-specific risk classes

Anchor, native Solana, Trident, fuzzing

DeFi, NFT, infra, and L1 programs

Recent Solana engagements.

Fair Casino Solana Vault Program

Neptun Finance LBP Launchpad

Paragon DEX

Scoped to your program.

Questions.

Go deeper.

Solana security in 2026

Solana security checklist

EVM to SVM: what changes for security

Need something else?

Smart contract audits

Security Audit Subscription

Rust audit (non-Solana)

Ready to audit?