Existing smart contract analysis tools struggle to effectively detect Solana-specific security vulnerabilities due to inadequate modeling of its unique account model. This work proposes SseRex, the first symbolic execution–based vulnerability detection approach tailored for Solana bytecode. SseRex adapts symbolic execution to Solana’s intricate account permission system and cross-program invocation (CPI) mechanisms, enabling precise identification of Solana-specific flaws such as missing owner checks, signer checks, key validation errors, and arbitrary CPI calls. Evaluated on 8,714 closed-source contracts, SseRex uncovered 467 potential vulnerabilities. Its effectiveness and practicality are further validated through in-depth analysis of 120 open-source projects, demonstrating its capability to accurately detect critical security issues in real-world Solana smart contracts.

Solana is rapidly gaining traction among smart contract developers and users. However, its growing adoption has been accompanied by a series of major security incidents, which have spurred research into automated analysis techniques for Solana smart contracts. Unfortunately, existing approaches do not address the unique and complex account model of Solana. In this paper, we propose SseRex, the first symbolic execution vulnerability detection approach for finding Solana-specific bugs such as missing owner checks, missing signer checks, and missing key checks, as well as arbitrary cross-program invocations. Our evaluation of 8,714 bytecode-only contracts shows that our approach outperforms existing approaches and identifies potential bugs in 467 different contracts. Additionally, we analyzed 120 open-source Solana projects and conducted in-depth case studies on four of them. Our findings reveal that subtle, easily overlooked issues often serve as the root cause of severe exploits, further highlighting the need for specialized analysis tools like SseRex.