Trail of Bits Solana lints

Solana Breakpoint 2022 slides video

Each subdirectory of lints contains a Solana lint in the form of a Dylint library.

The lints are inspired by the Sealevel Attacks. (See also @pencilflip's Twitter thread.)

The current lints are:

Library	Description	Anchor	Non Anchor
`arbitrary_cpi`	lint for 5-arbitrary-cpi	✔️	✔️
`bump_seed_canonicalization`	lint for 6-bump-seed-canonicalization		✔️
`insecure_account_close`	lint for 9-closing-accounts	✔️	✔️
`missing_owner_check`	lint for 2-owner-checks	✔️	✔️
`missing_signer_check`	lint for 0-signer-authorization	✔️	✔️
`sysvar_get`	Reports uses of `Sysvar::from_account_info` instead of `Sysvar::get`	✔️	✔️
`type_cosplay`	lint for 3-type-cosplay		✔️

Usage

To use these lints, do the following:

Install cargo-dylint and dylint-link:
```
cargo install cargo-dylint dylint-link
```

Add the following to your workspace's Cargo.toml file:

[workspace.metadata.dylint]
libraries = [
    { git = "https://github.com/crytic/solana-lints", pattern = "lints/*" },
]

Name		Name	Last commit message	Last commit date
Latest commit History 207 Commits
.github		.github
crate		crate
docs		docs
lints		lints
scripts		scripts
.gitignore		.gitignore
Cargo.lock		Cargo.lock
Cargo.toml		Cargo.toml
README.md		README.md
rust-toolchain		rust-toolchain