Sanctum

Sanctum builds a lot of the liquid-SOL infrastructure the rest of Solana leans on: instant unstaking, the S token, the INF multi-LST pool, and the shared liquidity that moves users between staking tokens and SOL. It is foundational plumbing, so correctness is not optional and the blast radius of a bug is most of the ecosystem.

Most of it is written in Jiminy, Sanctum's own program framework. It is not Anchor and it is not Pinocchio, it is its own thing, with its own conventions and its own style. For an auditor that is a real challenge: the usual patterns and the usual mistakes do not map cleanly, so you have to learn how this codebase thinks before you can tell what is wrong.

Auditing Sanctum is always a mix of two things: pedantic, low-level reasoning about how Rust behaves at the edges, and a working understanding of the DeFi infrastructure those details add up to. You cannot do one without the other here, because the subtle issues live exactly where a language detail meets an economic assumption.

It is worth saying plainly: Sanctum writes some of the best code we see, and we often come away with very few issues. That is rare and it is hard, and it is to their credit. Our job across these engagements is less about cleaning up after them and more about being a second set of very careful eyes on infrastructure a lot of people depend on.