anchor-shield-v2

# anchor-shield-v2

![Tests](https://img.shields.io/badge/tests-53%20passing-brightgreen)
![Programs](https://img.shields.io/badge/programs-29-blue)
![FP%20Rate](https://img.shields.io/badge/FP%20rate-9.0%25-success)
![Detector](https://img.shields.io/badge/detector-v0.5.1-orange)
![CI](https://img.shields.io/badge/CI-automated-brightgreen)
![License](https://img.shields.io/badge/license-MIT-blue)
![Anchor PR](https://img.shields.io/badge/Anchor%20PR-%234229%20open-orange)
![Awesome Solana AI](https://img.shields.io/badge/awesome--solana--ai-PR%2346-yellow)

> Adversarial security agent for Solana programs — autonomously conceived, built, and iterated by an AI agent (Claude Code).

> **The open-source Slither for Anchor** — the first free, CI-integrated security analysis tool purpose-built for Solana's most popular framework.

Built for the SuperTeam **Open Innovation Track: Build Anything on Solana** bounty.

![anchor-shield-v2 demo](demo/anchor-shield-v2-demo.gif)

**Live Dashboard**: [mbarreiroaraujo-cloud.github.io/anchor-shield-v2](https://mbarreiroaraujo-cloud.github.io/anchor-shield-v2/)

![Dashboard](docs/screenshots/dashboard-scan-results.jpg)

---

## Agent Autonomy

**Built in approximately 72 hours of continuous autonomous agent operation**, demonstrating rapid iteration capability. The entire project — architecture decisions, code, testing, analysis, and documentation — was produced by an AI agent (Claude Code) operating autonomously across 99 commits.

### Planning

The agent autonomously decided to build a security tool for Solana, selecting a multi-layer architecture (static + semantic + bankrun) and defining the V5 scientific validation methodology. It identified that existing Solana security tools stop at pattern matching — none actually *prove* vulnerabilities by executing exploits against compiled binaries. The agent chose to fill this gap.

### Execution

The agent wrote the complete codebase:
- **Python scanner** with regex + AST patterns for common Anchor vulnerabilities
- **Semantic analyzer** using Claude 3.5 Sonnet for deep logic reasoning
- **9 TypeScript bankrun exploits** that execute against compiled SBF binaries on the real Solana runtime
- **React dashboard** for visualizing scan results
- **GitHub Actions CI/CD** with a 4-stage automated pipeline (gate tests → Solana setup → semantic analysis → bankrun execution)

### Iteration

The agent iterated autonomously across 4 batches, measuring false positive rates and improving the detector:

- **Batch 1** (10 programs): Established baseline, identified PDA signer noise as the #1 FP source
- **Batch 2** (21 programs): Added 11 prompt rules and PDA skip logic, FP dropped from 18% to 9.7%
- **Batch 3** (26 programs): Added 4 FP rules for cranker patterns, zero-lamport GC, UncheckedAccount severity downgrade. High/Medium alerts dropped 88%
- **Batch 4** (29 programs): Added ATA skip logic and accounting analysis. Achieved 0% FP on new programs, 9.0% aggregate

Each iteration was driven by systematic error analysis of the previous batch's results — not manual tweaking.

### Autonomous Loop

The agent now operates as a continuous security cycle:

1. **Scans** — Pulls any verified Solana program from the OtterSec registry by on-chain address
2. **Finds** — Runs the full 3-layer analysis pipeline (static + semantic + bankrun)
3. **Proves** — Executes exploit transactions against compiled SBF binaries on solana-bankrun
4. **Certifies** — Publishes an SPL Memo attestation to Solana devnet with the report hash
5. **Improves** — Feeds false-positive patterns into the next detector version
6. **Repeats** — Each batch iteration applies the improved detector to all previous and new targets

This closes the loop from ecosystem discovery to on-chain certification — no human intervention required.

### Evidence

| Phase | What the agent decided/did | Evidence |
|-------|---------------------------|----------|
| Architecture | Designed 4-layer pipeline (static → semantic → exploit → bankrun) | [ARCHITECTURE.md](ARCHITECTURE.md) |
| Implementation | Wrote scanner, analyzer, exploits, dashboard, CI | 99 commits |
| Validation | Analyzed 29 programs in 4 batches | [END_TO_END_VALIDATION.md](END_TO_END_VALIDATION.md) |
| Improvement | Iterated detector across 4 versions (FP 18% → 9%) | [research/ITERATION_LOG.md](research/ITERATION_LOG.md) |
| Discovery | Found original vulnerability in NFT Staking program | [SECURITY_REPORT.json](SECURITY_REPORT.json) |
| Exploitation | Confirmed 9 vulnerabilities via bankrun exploits | [EXECUTION_EVIDENCE.md](EXECUTION_EVIDENCE.md) |
| Ecosystem Scanning | Queries OtterSec API to fetch any verified program by address | [scripts/scan_program.py](scripts/scan_program.py) |
| Certification | Publishes audit attestations to Solana devnet via SPL Memo | [scripts/attest.py](scripts/attest.py) |
| Framework Security | Found 3 vulnerabilities in Anchor framework itself | [PR #4229](https://github.com/solana-foundation/anchor/pull/4229) |
| Ecosystem Recognition | Proposed for Solana Foundation's awesome-solana-ai | [PR #46](https://github.com/solana-foundation/awesome-solana-ai/pull/46) |

---

## Why This Is Novel

**The only agent that proves bugs on the Solana runtime.** Other security tools stop at finding potential issues. anchor-shield-v2 compiles programs to SBF binaries, crafts exploit transactions, and executes them against solana-bankrun — the same runtime validators use. If the exploit succeeds, the vulnerability is confirmed. If not, it's a false positive that gets fed back into the next detector iteration.

**Ecosystem-wide scanning via the Solana registry.** Any verified Solana program can be scanned by its on-chain address — the agent queries OtterSec's Verified Programs API (the same infrastructure behind Solana Explorer and SolanaFM) to pull source code automatically. No manual downloads, no setup — just a program ID.

**Fully automated CI pipeline.** No other Solana security tool runs its entire analysis pipeline — from unit tests to bankrun exploit execution — in GitHub Actions. Every push triggers a 4-stage pipeline that validates the tool still works against all 29 target programs.

**Scientific methodology with measurable improvement.** The V5 batch methodology (analyze → classify → aggregate → improve → re-test) produced a 50% reduction in false positives across 4 iterations, documented with cross-batch metrics. Calibrated against all 11 categories of the sealevel-attacks corpus with 100% detection accuracy.

**Validated against the largest corpus in the space.** 29 programs — including Orca Whirlpools, Marinade Finance, and Raydium (three of Solana's top DeFi protocols) — alongside community projects and the sealevel-attacks calibration suite. Most security tools validate against 3-10 programs.

**On-chain audit attestations.** The only security tool that publishes verifiable audit results directly to the Solana blockchain — creating an immutable, publicly auditable record of every security analysis performed.

**Real vulnerability in the Anchor framework.** During development, the agent discovered 3 security issues in Anchor itself — Solana's most widely used development framework (~5,000 GitHub stars). These were reported via [PR #4229](https://github.com/solana-foundation/anchor/pull/4229) (High + Medium severity, status: open/under review). This demonstrates the tool finds real bugs in production infrastructure, not just test programs.

**Full vulnerability disclosure:** [VULNERABILITY_DISCLOSURE_001.md](docs/VULNERABILITY_DISCLOSURE_001.md)

**Original vulnerability discovery.** The agent found a real, previously unreported accounting mismatch in an NFT Staking program (cross-function reward calculation inconsistency) — demonstrating the semantic analyzer catches logic bugs that static tools miss entirely.

**Fully public and reproducible.** Every analysis run is logged in GitHub Actions with full output. Any reviewer can clone the repo,

[truncated…]