Soleker: Uncovering Vulnerabilities in Solana Smart Contracts

Solana has rapidly evolved into a leading next generation platform for supporting decentralized applications due to its high performance and low transaction costs. Its new contract execution model, which decouples code logic from states, gives rise to new vulnerability threats that can result in significant financial losses for users within the ecosystem. However, existing studies towards detecting vulnerabilities are predominantly tailored for Ethereum smart contracts, which are unsuitable for Solana platform because of the variations in implementation languages and runtime semantics. In this paper, we propose Soleker, a novel approach that leverages learning-based techniques to automatically identifying potential vulnerabilities in Solana smart contract bytecode. More specifically, Soleker captures runtime semantic information from instructions that are associated with blockchain interactions and extracts vulnerability-specific localized features. Then, a prefix-guided graph learning model is introduced to learn and integrate extracted features, enabling effective vulnerability detection. We conduct experiments on a newly constructed contract dataset and the results demonstrate that Soleker significantly outperforms the baseline methods, achieving an average effectiveness improvement of 126.4% and a 335× boost in efficiency.