Master Solana Programs Security.

Hands-on solana programs security wargame. Exploit real vulnerabilities, learn from past hacks, participate on review training and earn verifiable certifications.

levels/01-illusionist/lib.rs
1#[derive(Accounts)]2pub struct DepositTokens<'info> {3    #[account(mut)]4    pub user: Signer<'info>,5 6    #[account(mut)]7    pub vault: Account<'info, TokenAccount>,8 9    #[account(mut)]10    pub user_token_account: Account<'info, TokenAccount>,11 12    pub token_program: Program<'info, Token>,13}

Mission Status

Level 1

Armed
Clusterdevnet
Wallet9xQe...1b2C
PDA stateLive
Win conditionLedger forged
Completion100%

Exploit objective verified. Wallet-bound certification is ready.

Exploit, analyze, and report

Train the fundamentals of security workflow on Solana

CERTIFICATIONS

4 exploits

2 certified

SetupVerifyMint

Exploit Foundations

Interact with vulnerable devnet programs, complete exploit objectives, and unlock wallet-bound certifications.

Governance Takeover Research Lab

Vulnerable

unchecked CPI
static PDA
missing signer

Patched

program guard
user seeds
authority check

Security Research Labs

Study structured research scenarios side-by-side while tracing real-world Solana bug patterns.

Breach Room
Live
Sending review
SeverityImpactLikelihood

Arena & Reviewer Training

Practice professional findings and team review rooms built for onboarding, assessment, and readiness.

Real Vulnerable Programs

Intentionally vulnerable Solana programs deployed on devnet.

Exploit Verification

On-chain objectives with wallet-bound certifications.

Secure Comparisons

Insecure implementations beside patched versions.

Bug Patterns

Arbitrary CPI, PDA misuse, signer confusion, and authority bugs.

Security Writeups

Severity, exploit reasoning, impact, and remediation practice.

Review Rooms

Challenge environments for first-flights, and review writeup training.

Solana logo

Start your Solana security researcher journey today

Open the wargame, inspect vulnerable programs, complete on-chain objectives, and turn each exploit into review-ready proof.

Read Docs