ℹ️ ABOUT PROGRAM INSPECTION
ANALYSIS
✓Bytecode disassembly & analysis
✓Instruction pattern detection
✓Account structure analysis
✓Program dependency mapping
✓Security vulnerability scanning
FEATURES
⚡Anchor program detection
⚡Metadata extraction
⚡Instruction documentation
⚡Account requirement analysis
⚡Performance metrics
SECURITY
🔒Read-only program analysis
🔒Safe bytecode inspection
🔒No program modification
🔒Verified data sources
🔒Privacy-preserving analysis
HOW TO USE:
1. Enter program address or upload bytecode
2. Select analysis depth and modules
3. Review program structure and instructions
4. Check security analysis results
5. Export findings and documentation
2. Select analysis depth and modules
3. Review program structure and instructions
4. Check security analysis results
5. Export findings and documentation
LIMITATIONS:
• Obfuscated programs may limit analysis
• Complex custom instructions need review
• Some security checks are heuristic
• Results should be verified independently
• Complex custom instructions need review
• Some security checks are heuristic
• Results should be verified independently
🔍 PROGRAM ANALYSIS
Analysis Options:
Scan for vulnerabilities
Disassemble program code
Compute usage analysis
Decode instructions
🔍 ANALYSIS CATEGORIES
Security Analysis:
CRITICAL CHECKS
• Authority validation patterns
• Signer requirement enforcement
• Account ownership verification
• Integer overflow protection
• Reentrancy attack prevention
WARNING SIGNS
• Missing signer checks
• Unbounded loops or recursion
• Hardcoded addresses
• Insufficient input validation
• Missing error handling
BEST PRACTICES
• Proper account validation
• Safe mathematical operations
• Comprehensive error codes
• Access control implementation
• Resource limit enforcement
AUDIT POINTS
• Cross-program invocation safety
• State transition validation
• Economic attack resistance
• Upgrade mechanism security
• Emergency stop capabilities
Program Type Detection:
Anchor Programs
• Full IDL extraction
• Instruction documentation
• Account constraint analysis
• Error code mapping
Native Programs
• Bytecode analysis
• Instruction pattern detection
• Control flow mapping
• Resource usage analysis
SPL Programs
• Standard compliance check
• Extension support detection
• Interface compatibility
• Implementation verification
Performance Metrics:
| Metric | Description | Good Range | Impact |
|---|---|---|---|
| Code Size | Total program bytecode size | < 100KB | Deployment cost |
| Instruction Count | Number of different instructions | 5-50 | Complexity & gas |
| Account Slots | Maximum accounts per instruction | < 20 | Transaction size |
| Compute Units | Estimated CU consumption | < 200K | Transaction cost |
| Memory Usage | Heap and stack allocation | < 32KB | Runtime limits |
Common Issues & Solutions:
Missing signer verification (CRITICAL)
Instructions accepting accounts without verifying signer status
SOLUTION:
Add explicit signer checks or use Anchor constraints
Integer overflow vulnerabilities (HIGH)
Mathematical operations without overflow protection
SOLUTION:
Use checked arithmetic or safe math libraries
Insufficient account validation (MEDIUM)
Accepting accounts without proper ownership checks
SOLUTION:
Verify account owners and validate account types
Hardcoded program addresses (LOW)
Using fixed addresses instead of dynamic resolution
SOLUTION:
Use program-derived addresses or configuration
Integration with Other Tools:
IDL Generator
Use inspection results to improve IDL generation accuracy and identify missing documentation or instruction variants.
Transaction Simulator
Apply analysis findings to create more accurate transaction simulations and test edge cases identified during inspection.
Security Audits
Export inspection reports for professional security audits and compliance verification processes.
Documentation
Generate comprehensive documentation from inspection results including API references and security considerations.