Solana's static analysis engine

Static analysis that understands Anchor

A multi-stage static analysis engine built specifically for Anchor's account model. It understands what has_one, seeds, Signer<>, and CPI calls actually mean at the constraint level.

Builders build with ChainProbe

Why existing tools miss vulnerabilities

// ChainProbe v4 Analysis Pipeline
Stage 1 → AST Extraction
Stage 2 → Trust Classification
Stage 3 → Taint Analysis
Stage 4 → Invariant Mining
Stage 5 → Call Graph & CPI
Stage 6 → Pattern Detection
Stage 7 → Chain Detection
Stage 8 → Exploitability Score
Security Score: 42/1002 Critical3 High

Deterministic analysis

No AI hallucinations, no pattern matching. Uses syn to parse every .rs file into a full Rust AST — the same parser the Rust compiler uses.

Multi-stage pipeline

Eight analysis stages — AST extraction, trust classification, taint analysis, invariant mining, call graph, pattern detection, chain detection, and exploitability scoring.

Exploit proof, not descriptions

Generates runnable #[tokio::test] PoCs that prove each vulnerability is real, plus side-by-side fix diffs with actual corrected Anchor code.

For Solana Developers | Auditors | Protocol Teams

The 8-Stage Analysis Pipeline

Taint Analysis & Invariant Mining

Tracks attacker-controlled values through instruction params, unverified accounts, and arithmetic operations. Extracts every require!() condition and checks whether bypass paths exist.

Taint FlowsInvariant Checks

Call Graph & CPI Analysis

Builds directed graphs of instruction-to-CPI flows, binds account parameters across CPI boundaries, and computes the minimum attacker-controlled accounts needed to reach each security-sensitive operation.

Call GraphCPI TrackingAttack Surface

Exploitability Scoring & PoC Generation

Every finding includes an exploitability score, required attacker footprint, and a runnable test that proves the vulnerability — plus the actual corrected Anchor code as a fix diff.

PoC TestsFix DiffsSecurity Score

See it in action

Every vulnerability is proven with a runnable PoC test and a side-by-side fix diff.

Sample Findings

3 FINDINGS

Unsigned Authority

Critical

AccountInfo used as authority field — no signature verification required

View full report

Overflow Chain

High

Unchecked arithmetic on user-controlled values reaches token transfer sink

View full report

PDA Collision

Critical

Seeds contain user-supplied mint — attacker can derive same PDA address

View full report

Every finding comes with a PoC test and a fix diff.

Run analysis
wherever you build

Web Interface

Web Interface

Upload your program folder or paste code directly. Get a full visual report in your browser.

REST API

REST API

POST /api/analyze with your .rs files. Get back a structured AnalysisReport in JSON.

Local Binary

Local Binary

Run chainprobe directly on your machine. No data leaves your system. Full offline analysis.

Trusted by Solana builders

ChainProbe

ChainProbe caught an unsigned authority vulnerability in our escrow program that two previous audits missed. The PoC test proved it immediately, and the fix diff gave us the exact code change. This is the kind of tool the Solana ecosystem has been waiting for.

SP
Solana Protocol TeamDeFi Protocol, Solana
View Sample Report

Ship secure Anchor programs with confidence.

Run Your First Audit