Pinocchio Audits
Audits for Pinocchio programs, adapted to however you built yours.
Pinocchio gives you control and efficiency at the cost of every safety net a framework would have provided. We've audited multiple Pinocchio programs in production, reported bugs in Pinocchio itself, and read each one on its own terms.
As flexible as Pinocchio itself.
Pinocchio programs are lean. They strip away the macros and abstractions of a framework like Anchor to get tighter compute and smaller binaries, and the best-built ones are genuinely efficient. The trade-off is that every check the framework would have written for you is now yours to write by hand, which is also why we tend to find more bugs in Pinocchio programs than in equivalent Anchor ones.
There is no single “Pinocchio way” to validate an account or lay out state, so we adapt to however you built it. The serialization you chose, the account-validation approach you settled on, the dispatch style you prefer, we read the program on its own terms rather than against a template. We are as flexible as the framework is.
In practice that means reading every instruction handler closely, because the bugs usually come from a check that is present in one handler but quietly missing in a near-identical one. Custom serialization gets the same attention: Borsh layouts, bytemuck casts, length-prefixed buffers, raw slice indexing, anywhere attacker-controlled length or content could cause a panic, a slice over-read, or a wrong-account read.
We have audited multiple Pinocchio programs in production, and we have reported bugs in Pinocchio itself, so we arrive knowing both how these programs tend to be written and where the framework’s own sharp edges are.
What we cover
The surface area of a typical engagement.Manual account validation
Owner, signer, and discriminator checks; missing or weakened validations.
Raw instruction dispatch
Discriminator collision, fallthrough paths, decoder safety on attacker input.
Custom serialization
Borsh / bytemuck layouts, padding, endianness, length-prefixed buffer handling.
Compute budget
Tight CU budgets create denial-of-service surfaces; we review every loop and CPI cost.
How we work
Scoping & threat model
We map trust boundaries, identify privileged paths, and agree on what's in-scope before kickoff.
Deep manual review
Two researchers read every instruction handler, account check, and serialization path, on the program’s own terms.
Adapt to your implementation
We follow the serialization, validation, and dispatch choices you made rather than forcing a template onto them.
Report & fix verification
A PDF report with severity ratings, summaries, and remediation guidance, plus fix verification with unlimited rounds within reasonable time bounds.
Selected engagements
Pinocchio programs we’ve read handler by handler.
Ready to audit your protocol?
Submit your protocol for review and we'll respond within 24 hours. Our researchers have prevented 50+ critical exploits across the Solana ecosystem.
Accretion Labs Pte. Ltd.
65 Chulia Street, #46-00 OCBC Centre
Singapore 049513
Singapore
UEN 202502288W