Sec3

1K posts

Sec3 banner
Sec3

Sec3

@sec3dev

Full Stack Security: Protection at every step of the development cycle. Security Partner of @Metaplex, @Orca_so, @KaminoFinance, & many more!

Secure your protocol 👉 शामिल हुए Eylül 2021
291 फ़ॉलोइंग6.2K फ़ॉलोवर्स
पिन किया गया ट्वीट
Sec3
Sec3@sec3dev·
We’re excited to release IDL Guesser - an open-source CLI that rips the IDL out of any closed-source Anchor program ! Blog: sec3.dev/blog/idl-guess… Code: github.com/sec3-service/I… The Gap: about half of the top-100 Solana programs ship with no IDL. Can’t decode transactions, fuzzers stall, auditors waste hours reverse-engineering How it works: • Finds sol_log("Instruction: …") in the ELF • Walks Anchor’s try_accounts control-flow graph to map signers & mutables info Brute-probes arg sizes, recalculates 8-byte discriminators • Spits out ready-to-use JSON. Early testing shows the tool recovers the vast majority of instructions. The tool just won 1st prize at Reverse Engineering Closed Source Solana Programs hackathon hosted by Accretion. Try it now - github.com/sec3-service/I…
English
14
21
155
23.8K
Sec3 रीट्वीट किया
Splashing
Splashing@splashing_xyz·
Very important audit update for Splashing stakers. The Splashing Staking Contract has been audited with @sec3dev - and we’re happy to report 0 Critical and 0 High, which is already a great result. But that’s not all: 🔹Medium - 4 (resolved) 🔹Low - 5 (3 resolved / 2 acknowledged) 🔹Info - 2 (1 resolved / 1 acknowledged) This audit helped us harden security and refine how staking works. On top of that, if you have any questions, feel free to hop into our Discord server - we’ll be happy to answer them. We’re putting in every effort to make liquid staking as safe and user-friendly as possible for everyone. You’ll be able to find our audit report on our GitBook soon. Thank you, SEC3 🤝
English
1
5
12
385
Sec3 रीट्वीट किया
Metaplex
Metaplex@metaplex·
The Token Metadata program is officially immutable. Three firms have each done a full audit of the program in sequence for security: @neodyme, @osec_io, and @sec3dev. With no more upgrade authority, assets created with the program are secured on Solana, forever.
English
14
13
98
25.2K
Sec3
Sec3@sec3dev·
We are excited to be heading to @SolanaConf soon! Most of our time at Sec3 is spent deep inside individual @Solana programs, looking at one code base at a time. To round out the year, we wanted to zoom out and ask a bigger question: What do all these audits, taken together, actually say about Solana security right now? Here’s what we saw: • Dataset: 163 Solana audits from a mix of public reports and anonymized Sec3 engagements • Findings: 1,733 total issues, 1,669 of them vulnerability-level • Typical review: ~10 findings, with ~1.4 High or Critical issues We also looked at how framework choices shape the risk as well as provide a practical guide projects launching and maintaining good security posture If you want to go deeper into the data, charts, and concrete checklists, the report is public: Web version + link to download full PDF: solanasec25.sec3.dev
English
4
1
10
595
Sec3 रीट्वीट किया
Chris
Chris@chrisdoubleu_·
AI agents exploited smart contracts worth $4.6mn in simulated attacks, with capabilities doubling every 1.3 months, but they still needed source code access. Non-public source code programs have some protection: AI reverse engineering exists but is far less capable than source code analysis. Though this gap will narrow. red.anthropic.com/2025/smart-con…
English
0
1
0
298
Sec3 रीट्वीट किया
MonkeFoundry
MonkeFoundry@MonkeFoundry·
We’re proud to welcome @sec3dev as our Security Partner ! Sec3 will support our first cohorts with priority access to security expertise and guidance, helping early-stage teams build safer products on @solana. This collaboration strengthens our shared mission of empowering builders and supporting the ecosystem.
MonkeFoundry tweet media
English
7
7
70
3.2K
Sec3 रीट्वीट किया
Project 0
Project 0@project0·
The Project 0 program code has been audited 11 times, & is one one of the most stress-tested DeFi protocols on Solana. The P0 risk & liquidity engine is built on @marginfi, which has handled +$100B in lends, borrows, withdrawals, & flashloans through all market conditions on Solana for 3 years while protecting user solvency.
Project 0 tweet media
English
1
3
24
2.1K
Sec3 रीट्वीट किया
Harsh Ghodkar
Harsh Ghodkar@0xharsh1001·
why is @sec3dev 's IDL guesser not yet added in any of the explorer
English
1
3
6
991
Noah 🎈
Noah 🎈@redacted_noah·
Programs that don't publish their IDL should be deleted from mainnet. Should I make the SIMD?
English
25
9
119
16.5K
Sec3
Sec3@sec3dev·
@orca_so 🦉 ❤️ 🐳
QME
0
0
0
47
Sec3 रीट्वीट किया
Orca 🌊
Orca 🌊@orca_so·
Orca 🤝 Owl Seeing the ongoing commitment to security with @sec3dev's team has been second to none. Our team is looking forward to working alongside Sec3 to keep security and trustworthiness a top priority.
Sec3@sec3dev

🐳 Thrilled to announce our ongoing security partnership with @orca_so! Together, we're ensuring Orca's Whirlpool and Wavebreak protocols remain secure and trustworthy for the community. Wavebreak is Orca's upcoming launchpad featuring an anti-bot mechanism to protect token launches from bots and snipers Huge thanks to Orca's dev team for their exceptional diligence and collaboration throughout this process. Let's dive deeper together! 🌊🔒

English
16
5
54
9.2K
Sec3
Sec3@sec3dev·
🐳 Thrilled to announce our ongoing security partnership with @orca_so! Together, we're ensuring Orca's Whirlpool and Wavebreak protocols remain secure and trustworthy for the community. Wavebreak is Orca's upcoming launchpad featuring an anti-bot mechanism to protect token launches from bots and snipers Huge thanks to Orca's dev team for their exceptional diligence and collaboration throughout this process. Let's dive deeper together! 🌊🔒
Sec3 tweet media
English
8
9
26
10.8K
Sec3 रीट्वीट किया
FusionAMM
FusionAMM@FusionAMM·
Fusion AMM is officially secured by @oshield_io and @sec3dev. Big thanks to both auditors for adhering to the highest industry standards. We will continue working alongside them to maintain top-tier security across the protocol.
English
1
1
16
1.7K
Sec3
Sec3@sec3dev·
Watch the announcement of the release of IDL Guesser at @SolanaConf here! youtube.com/watch?v=bymudc…
YouTube video
YouTube
Sec3@sec3dev

We’re excited to release IDL Guesser - an open-source CLI that rips the IDL out of any closed-source Anchor program ! Blog: sec3.dev/blog/idl-guess… Code: github.com/sec3-service/I… The Gap: about half of the top-100 Solana programs ship with no IDL. Can’t decode transactions, fuzzers stall, auditors waste hours reverse-engineering How it works: • Finds sol_log("Instruction: …") in the ELF • Walks Anchor’s try_accounts control-flow graph to map signers & mutables info Brute-probes arg sizes, recalculates 8-byte discriminators • Spits out ready-to-use JSON. Early testing shows the tool recovers the vast majority of instructions. The tool just won 1st prize at Reverse Engineering Closed Source Solana Programs hackathon hosted by Accretion. Try it now - github.com/sec3-service/I…

English
0
2
9
1.4K
Sec3
Sec3@sec3dev·
Our CEO @chrisdoubleu_ presenting IDL guesser to @SolanaConf Publish your IDL or we’ll guess it 😉
Sec3 tweet media
Sec3@sec3dev

We’re excited to release IDL Guesser - an open-source CLI that rips the IDL out of any closed-source Anchor program ! Blog: sec3.dev/blog/idl-guess… Code: github.com/sec3-service/I… The Gap: about half of the top-100 Solana programs ship with no IDL. Can’t decode transactions, fuzzers stall, auditors waste hours reverse-engineering How it works: • Finds sol_log("Instruction: …") in the ELF • Walks Anchor’s try_accounts control-flow graph to map signers & mutables info Brute-probes arg sizes, recalculates 8-byte discriminators • Spits out ready-to-use JSON. Early testing shows the tool recovers the vast majority of instructions. The tool just won 1st prize at Reverse Engineering Closed Source Solana Programs hackathon hosted by Accretion. Try it now - github.com/sec3-service/I…

English
2
1
10
936
Sec3 रीट्वीट किया
Armani Ferrante
Armani Ferrante@armaniferrante·
This is dope
Sec3@sec3dev

We’re excited to release IDL Guesser - an open-source CLI that rips the IDL out of any closed-source Anchor program ! Blog: sec3.dev/blog/idl-guess… Code: github.com/sec3-service/I… The Gap: about half of the top-100 Solana programs ship with no IDL. Can’t decode transactions, fuzzers stall, auditors waste hours reverse-engineering How it works: • Finds sol_log("Instruction: …") in the ELF • Walks Anchor’s try_accounts control-flow graph to map signers & mutables info Brute-probes arg sizes, recalculates 8-byte discriminators • Spits out ready-to-use JSON. Early testing shows the tool recovers the vast majority of instructions. The tool just won 1st prize at Reverse Engineering Closed Source Solana Programs hackathon hosted by Accretion. Try it now - github.com/sec3-service/I…

English
14
6
72
91.4K
Sec3
Sec3@sec3dev·
We just added a new check to #Solana #Sec3dev X-ray Vulnerbility Scanner: detection of unvalidated CPI program IDs. We’re all tooling up from time to time. Community version of the Sec3 X-ray is open source—Sec3 and the broader community can all add checks. We’re happy to support teams improving coverage. github.com/sec3-product/x…
English
1
4
12
1.1K
Sec3
Sec3@sec3dev·
@r0bre @anarcaze @loopscale @accretion_xyz @SuperteamEarn @oshield_io Hey @r0bre please see our latest update
Sec3@sec3dev

We’re currently working with Loopscale to review their code. To address recent inquiries: the exploited feature was not within our audit scope at the time of the incident. We remain deeply committed to supporting Loopscale through the audit process, strengthening their security posture, and collaborating to mitigate future risks.

English
0
0
2
132
Arcaze The Builder
Arcaze The Builder@anarcaze·
What if blockchains are not transparent? 🤔 Blockchains are designed to be public, and onchain data should be available to everyone. But here's a fact: Solana programs can run privately without exposing the code. @loopscale got hacked 4 days ago with approximately a 5,726,725 $USDC and 1,211 $SOL loss. And yep, that number is huge, right? All because they didn’t let anyone audit or check if their contract had any bugs or weaknesses that exploiters could use to drain the money.
Arcaze The Builder tweet media
Mikko Ohtamaa@moo9000

Loopscale incident shows Solana's perverse closed-source culture does not protect against hacks. Closed-source smart contracts are a risk for the user, pose regulatory risk and are generally against the crypto ethos. If you want to roll out closed-source services, you can build centralised SaaS systems.

English
39
1
46
2.4K
Sec3
Sec3@sec3dev·
We’re currently working with Loopscale to review their code. To address recent inquiries: the exploited feature was not within our audit scope at the time of the incident. We remain deeply committed to supporting Loopscale through the audit process, strengthening their security posture, and collaborating to mitigate future risks.
Loopscale@Loopscale

x.com/i/article/1917…

English
2
2
14
2.4K

खोजें

@Neodyme @osec_io @SolanaConf @Solana @solana @marginfi @redacted_noah @SteveCleanBrook