Case Study: Enhancing Security for the Solana Blockchain Ecosystem with Halborn

Solana is a Layer 1 blockchain platform recognized for its high-performance capabilities and robust program functionality. Operating on a proof-of-stake mechanism augmented by a novel feature called Proof of History and a runtime with separate data and execution layers, the Solana blockchain provides a foundation for a wide range of applications, catering to both advanced users and newcomers. SOL, its native cryptocurrency, fuels the Solana ecosystem.

Halborn started working with Solana Foundation, and together with the ecosystem evolution, has been working with many projects within the Solana ecosystem, including Solana Labs, and now Anza. This multi-faceted collaboration has entailed robust and comprehensive security assessments at many levels, going from a complete Layer 1 and SPL programs assessment, to multiple DApps.

Halborn delivered multiple security services tailored to each entity’s unique requirements, helping ensure the resilience and integrity of the Solana ecosystem:

• Solana Layer 1 Security Assessment: Halborn has been conducting thorough security assessments of the Solana Layer 1 blockchain and SPL programs. Through this particular work, Halborn has been reviewing Solana Sealevel runtime since v1.9 released in early 2022 and managed to find crucial improvements to ensure the security of the project. 

  
  

• Incremental Code Review: After completing an in-depth review of the Solana protocol’s foundational features, Halborn has been involved in reviewing the code for iterative new revisions of the Solana validator code and SPL programs, ahead of their mainnet release, to ensure their continued security and reliability.

  
  

• Ecosystem Project Security Audits: In addition to the work with the Solana L1 and SPL programs, Halborn has been involved in assessing security of more than 40 projects and applications built on the Solana blockchain. These audits have covered security assessments for a wide array of layers as well as ecosystem projects, including DeFi, infrastructure, and P2E games.

Halborn's collaboration with Solana Foundation, Solana Labs, Anza, and a wide array of DApps yielded significant results and enhancements for the blockchain ecosystem:

• Significant contributions to security: One such example is Halborn’s audit of SPL Token 2022, where two critical vulnerabilities were found. These were successfully remediated together with Solana Labs’ team. The two vulnerabilities allowed a user to:

  • Avoid paying transfer fees 

  • Transfer non-transferable tokens

• Ecosystem-wide security assurance: By helping identify and remediate multiple findings both in the Solana L1 and in the multiple DApps reviewed, Halborn effectively contributed to the whole ecosystem’s security and resilience assurance.

• Continuous Security Assurance: Halborn's security professionals have provided continuous security assurance by reviewing updates to the Solana validator and SPL programs before deployment to the mainnet. This process helps maintain the integrity and reliability of the Solana blockchain and its core ecosystem.

• Increased trust: Halborn's work, together with the work of the multiple Solana ecosystem teams involved throughout the years, have been crucial to build trust with users and continue forging a safe and reliable environment to build on.

As one of the primary blockchains in the Web3 space, Solana continues to evolve and grow with a clear security-oriented focus. The collaboration between Halborn and the various teams in the Solana ecosystem is a trust-building case through the lens of security and integrity. Everyone from L1s to DApps should have this security approach embedded from the start, and the earlier it is implemented in a project, the more secure. 

By leveraging Halborn’s comprehensive security suite of services, organizations using blockchain technology, like those in the Solana ecosystem, can ensure the highest security standards and maintain operational excellence throughout all stages of development.