r0bre | Accretion.xyz
@r0bre
solana security officer | ceo & chief solana auditor @accretion_xyz | dm for audits
I am launching @accretion_xyz, a new Solana-only security and research shop We'll focus on great audits. Contact me if you need one. Security Accretes. 🪐️
Bad take on anchor. Please use anchor. Every single Pinocchio program I've audited had some critical issue. Anchor programs tend to be more secure Congrats you saved 10000 CU but your vaults got drained
The fact of the matter is that if you're on solana cli or sdk version <2.2, you're behind. You need to catch up If you're still using Anchor and your protocol has any reasonable amount of users, you're also behind. Catch up
Stoked AF to have @r0bre here for Research Cohort. A premiere @solana native and SOLANA only research team - doing to good work with 100 Days of Solana Tips and >3 years of doing work here, and time before that in traditional security realms. Tremendous gratitude ser
Happy to be a part of this!
OG Solana security researcher. Founder of @accretion_xyz and ex @Neodyme, two of the most respected firms in the Solana security space. @r0bre joins us as a mentor to help train the next generation of Solana auditors.
In 1962, NASA's Mariner 1 exploded due to a typo In 1996, ESA's Ariane 5 exploded due to an integer overflow Space agencies spend hundreds of millions testing their code. They have massive QA departments. They do all kinds of testing, unit tests, integration tests, simulations,…
no amount of money can guarantee no bugs
If you want to be a pro solana auditor or dev, you should dig deep into these programs and know them by heart (in order) - system program - token program - ATA program - MPL Metadata - Token22 - Upgradeable Loader
people think reverse engineering solana is a niche topic, only relevant to hardcore security engineers but they're extremely wrong. Tons of solana devs struggle with reverse engineering other protocols daily. Maybe they just want some alpha, monitoring for new coin creation…
If you're looking for a useful solana tool to build: - patched validator or transaction simulator - patch system program's new account allocation - log signer seeds and account created when its a pda - or just log any signed cpi where the signature is for an off-curve system…
I've used this today to decode a closed source program's emit_cpi! logs. Worked really well. I think I may need to add a feature to pull in additional information from a transaction, such as a transfer amount, the transaction slot/epoch/timestamp, etc. and highlight matching…
Ever wanted to reverse engineer a Solana account's data without any source code? We've vibe-coded the perfect tool for you: Solana Data Reverser! It loads an account's data, and then helps you identify Solana pubkeys, uints, and timestamps within the binary blob. Really useful…
My name is ROB and i find ways to rob on blockchains
My name is DEAN and i disrespect ebpf assembly naysayers.
"Bitcoin isnt backed by anything"
The US dollar isn’t backed by anything America:
vibe coded with claude code just imagine all the solana dev tooling we can just stamp out of the ground in an afternoon
Ever wanted to reverse engineer a Solana account's data without any source code? We've vibe-coded the perfect tool for you: Solana Data Reverser! It loads an account's data, and then helps you identify Solana pubkeys, uints, and timestamps within the binary blob. Really useful…
I'm looking to get in contact with someone from the security team at @luckio
Claude code is so good, i cant believe i was just vibecoding like a pleb until today
Pick contractors who are happy to bet on themselves.
I'd love to audit an assembly program. If you ever have one that you need audited we'll do it for half price, and free if we miss a serious bug or your trap
If you're an experienced solana dev interested in becoming an auditor, the most difficult part is to change the way you think. You need to learn to think like an attacker. A hacker sees a protocol and immediately thinks about everything that could go wrong. Best way to learn…