A reviewer-focused walkthrough of real Solana security patterns, from account creation pitfalls to Token2022 extension semantics.
Series focus
Reproducible attack surfaces across System, Token, and ATA flows.
SPL vs Token2022 data layout, extension semantics, and init invariants.
Instruction-by-instruction walks aligned with on-chain logs.
Solana Security Series
A system-level Solana DoS pattern: pre-funding a predictable address (e.g., a PDA) makes `create_account` fail with AccountAlreadyInUse. Includes mitigations and how Anchor avoids it.
A deep dive into how Anchor’s #[account(init)] and #[account(init_if_needed)] are parsed and code-generated, what “needs initialization” really means at runtime, and how using init with associated token accounts can enable griefing/DoS via pre-created ATAs.
In Anchor, `Account<T>` is a cached snapshot of account data. After CPI, the runtime account changes but your cached view does not—unless you `reload()`.
A technical comparison of SPL Token and Token2022—from mint/account layouts to ATA creation—highlighting program IDs, extensions, and real initialization flows.
Expect future chapters on consensus-edge cases, token program extensions, and protocol-specific attack surfaces.