Native Solana Audits
Audits for native, no-framework Solana programs, adapted to however you built yours.
Native programs are where the most consequential code on Solana lives, with no framework to lean on at all. We've audited native programs in production and read each one on its own terms.
No framework to lean on, so we read it on its own terms.
Native programs are about as bare as Solana gets: a process_instruction entrypoint, a hand-written dispatch table, and every check the program author wrote themselves. A lot of the most important code on the chain is built this way for the efficiency it buys, tighter compute, smaller binaries, fewer dependencies. The trade-off is that nothing protects you from yourself, which is why we tend to find more bugs in native programs than in framework code.
There is no single way to write native code, so we adapt to however you built it. The serialization you chose, the account-validation approach you settled on, the dispatch style you prefer, we read the program on its own terms rather than against a template. We are as flexible as you need us to be.
In practice that means reading every instruction handler closely, starting from the routing layer where an attacker-controlled discriminator byte first lands, then through ownership checks, signer verification, and raw deserialization. The bugs usually come from a single missing line, a check present in one handler but quietly absent in a near-identical one, or a length that was never validated before it indexed a slice.
Native is essentially the same coding and auditing experience as a Pinocchio program, just with even less between you and the runtime. We treat the program’s structure as untrusted and look for the smallest set of accounts an attacker could supply that still satisfies every explicit check while violating the implicit ones.
What we cover
The surface area of a typical engagement.Manual account validation
Owner, signer, and discriminator checks; missing or weakened validations.
Raw instruction dispatch
Discriminator collision, fallthrough paths, decoder safety on attacker input.
Custom serialization
Borsh / bytemuck layouts, padding, endianness, length-prefixed buffer handling.
Compute budget
Tight CU budgets create denial-of-service surfaces; we review every loop and CPI cost.
How we work
Scoping & threat model
We map trust boundaries, identify privileged paths, and agree on what's in-scope before kickoff.
Deep manual review
Two researchers read the entrypoint, every handler, account check, and serialization path, on the program’s own terms.
Adapt to your implementation
We follow the serialization, validation, and dispatch choices you made rather than forcing a template onto them.
Report & fix verification
A PDF report with severity ratings, summaries, and remediation guidance, plus fix verification with unlimited rounds within reasonable time bounds.
Selected engagements
Native, no-framework programs we’ve read entrypoint to handler.
Ready to audit your protocol?
Submit your protocol for review and we'll respond within 24 hours. Our researchers have prevented 50+ critical exploits across the Solana ecosystem.
Accretion Labs Pte. Ltd.
65 Chulia Street, #46-00 OCBC Centre
Singapore 049513
Singapore
UEN 202502288W