Liquid Stake with compassSOL for an 8.82% APY from staking, MEV + fees

Enjoy the freedom of liquid staking in Solana Defi while delegating your stake to the high performance Solana Compass validator. Stake or unstake at any time here, or with a Jupiter swap.

Benefit from our high staking returns and over 2 years experience operating a Solana validator, and receive additional yield from priority fees + MEV tips

Earn 7.0% APY staking with Solana Compass

Help decentralize and secure the Solana network delegating your stake to us and earn an impressive 7.0% APY yield on your SOL, while supporting us to create new guides and tools. Learn more

Stake your SOL

  1. Click to connect your wallet
  2. Enter the amount you wish to stake
  3. Kick back and enjoy your returns
  4. Unstake from your wallet or our staking dashboard

Earn 7.0% APY staking with Solana Compass

Help decentralize and secure the Solana network delegating your stake to us and earn an impressive 7.0% APY yield on your SOL, while supporting us to create new guides and tools.

Learn more

Breakpoint 2024: Introducing Radar: Extensible Static Analysis for Solana Programs

By breakpoint-24

Published on 2024-09-20

Joe Van Loon introduces Radar, an open-source static analysis tool for Solana programs, offering extensibility and ease of use for developers and auditors.

The notes below are AI generated and may not be 100% accurate. Watch the video to be sure!

Solana developers and security enthusiasts, get ready for a game-changing tool that's set to revolutionize how we approach program security. Joe Van Loon, CEO and founder of Auto Wizard, has unveiled Radar – an innovative, open-source static analysis tool designed specifically for Solana programs.

Summary

In his presentation at Breakpoint 2024, Joe Van Loon introduced Radar, a powerful new static analysis tool for Solana programs. Radar stands out from traditional tools by offering an intuitive template engine that allows developers and auditors to easily create custom detectors, making it highly extensible and adaptable to specific project needs.

The tool is designed with user-friendliness in mind, featuring both CLI and server components, and is Docker-based for cross-platform compatibility. Radar can be seamlessly integrated into existing workflows through GitHub actions and command-line interfaces, making it a versatile addition to any Solana developer's toolkit.

One of Radar's most significant innovations is its approach to detector creation. Unlike other static analysis tools that require forking and modifying codebases, Radar allows users to write detectors using simple Python syntax in template form. This approach dramatically lowers the barrier to entry for creating custom security checks and enables rapid testing and iteration.

Key Points:

Introduction to Radar

Radar is an open-source static analysis tool specifically designed for Solana programs. It aims to empower developers and auditors to take security into their own hands by providing an accessible and extensible platform for code analysis. Joe Van Loon, with his extensive background in web2 security engineering at companies like Amazon and Apple, brings a wealth of experience to the development of this tool.

The tool's primary goal is to improve project security by allowing users to easily write their own detectors, making it invaluable for developers, auditors, and anyone concerned with the security of Solana programs. Radar's unique selling point is its ability to be used out of the box as a traditional scanner while also offering the flexibility to define custom detectors via templates.

Ease of Use and Integration

Radar has been designed with user-friendliness and integration in mind. It offers multiple options for use, including a Command Line Interface (CLI) and a server component. The tool is Docker-based, ensuring cross-platform compatibility and ease of installation across different systems.

One of the standout features of Radar is its built-in API microservice, which allows users to build on top of it, creating server applications or custom CLIs to suit their specific needs. This sets Radar apart from other static analysis tools that are typically limited to CLI functionality.

Furthermore, Radar can be easily incorporated into existing workflows through GitHub actions and command-line interfaces. The Radar repository includes pre-configured GitHub actions, allowing users to seamlessly integrate the tool into their development process. This integration enables automatic security checks on pull requests, with results displayed directly in GitHub's security tab for easy triage.

Innovative Detector Creation

Radar takes a novel approach to detector creation, addressing the limitations of traditional static analysis tools. Instead of requiring users to fork and modify codebases to create new detectors, Radar allows for the creation of detectors using simple Python syntax in template form.

This approach significantly lowers the barrier to entry for creating custom security checks. Users can quickly test and iterate on their detectors without needing to understand the intricacies of the tool's engine or go through a lengthy contribution process. The tool provides detailed API documentation and examples to help users get started with creating their own detectors.

Radar also includes a comprehensive library of helper functions that serve as building blocks for detectors. These functions abstract away much of the complexity involved in traversing abstract syntax trees and analyzing code structures, making it easier for users to create sophisticated detectors without deep expertise in static analysis techniques.

Facts + Figures

  • Radar is one of Solana's only open-source, free static analysis tools
  • The tool features both CLI and server components
  • Radar is Docker-based for cross-platform compatibility
  • It includes a built-in API microservice for extended functionality
  • Radar allows for the creation of custom detectors using simple Python syntax
  • The tool can be integrated into workflows via GitHub actions and command-line interfaces
  • Radar uses abstract syntax trees (AST) for code analysis, rather than intermediate representations like LLVM IR
  • The development team considered creating a domain-specific language (DSL) but opted for Python due to its flexibility and low barrier to entry
  • Radar includes a comprehensive library of helper functions to simplify detector creation

Top quotes

  1. "If you're a developer or auditor anyone who cares about security, that's the tool for you."
  2. "We basically built in an API microservice into it, right, and sort of architected a CLI around it."
  3. "Typically, when you have a static analysis tool, the detectors are defined in code. If you want to extend those detectors, you need to fork the code base."
  4. "We decided for radar is that we would allow you to write essentially templates that you can just load in on the fly."
  5. "We abstract a lot of that away."

Questions Answered

What is Radar and who created it?

Radar is an open-source static analysis tool for Solana programs, created by Joe Van Loon, the CEO and founder of Auto Wizard. It's designed to improve project security by allowing developers and auditors to easily write their own detectors and analyze Solana programs for potential vulnerabilities. The tool was developed with the goal of empowering developers to take security into their own hands through accessible and extensible code analysis.

How does Radar differ from other static analysis tools?

Radar stands out from other static analysis tools in several ways. Firstly, it offers an intuitive template engine that allows users to define their own detectors using simple Python syntax, without needing to fork or modify the tool's codebase. Additionally, Radar includes both CLI and server components, with a built-in API microservice that enables users to build custom applications on top of it. The tool is also designed for easy integration into existing workflows through GitHub actions and command-line interfaces.

How can developers create custom detectors with Radar?

Developers can create custom detectors in Radar using simple Python syntax in template form. The tool provides a comprehensive library of helper functions that serve as building blocks for detectors, abstracting away much of the complexity involved in traversing abstract syntax trees and analyzing code structures. This approach allows users to quickly test and iterate on their detectors without needing deep expertise in static analysis techniques. Detailed API documentation and examples are provided to help users get started with creating their own detectors.

What platforms does Radar support?

Radar is designed to be cross-platform compatible. It is Docker-based, which means it can run on any system that supports Docker containers. This includes major operating systems like Windows, macOS, and various Linux distributions. The tool's CLI is essentially a convenience wrapper around the Docker container, ensuring consistent functionality across different platforms.

How can Radar be integrated into existing development workflows?

Radar can be easily integrated into existing development workflows through GitHub actions and command-line interfaces. The Radar repository includes pre-configured GitHub actions that users can plug into their projects. When integrated, Radar can automatically run security checks on pull requests, with the results displayed directly in GitHub's security tab. This allows developers to seamlessly incorporate security analysis into their development process and triage results alongside other security tools.


Related Content

BP 2024: Technical Talk: Open Source X-Ray: Solana Smart Contract Static Analysis

Chris Wang announces the open-source release of X-ray, a static analyzer for Solana smart contracts

Breakpoint 2024: Product Keynote: Tensor (Richard Wu)

Tensor announces full open-sourcing of their NFT marketplace protocols and launches a new grant program for developers

Breakpoint 2024: Technical Talk: Fuzzing Comes to Solana (Viktor Fischer)

Viktor Fischer introduces Trident, an open-source fuzzing tool for Solana, highlighting its importance in securing smart contracts and preventing hacks.

Breakpoint 2023: Account Abstraction on Solana

Squads Labs presents the innovative account abstraction protocol on Solana, revolutionizing security and usability for developers and users.

Breakpoint 2023: Program Runtime v2

The latest updates on Solana's Program Runtime v2 aim to enhance efficiency, composability, and ease of use for developers.

Breakpoint 2024: Product Keynote: In the Blink of an Eye

Chris Osborn introduces Blinks, a revolutionary technology changing how we interact with the internet

Breakpoint 2023: Introducing Solana to the World of Python

Breakpoint 2023 presentation introduces the integration of Solana with Python through the Seahorse framework, aiming to simplify blockchain development.

Breakpoint 2023: Ensuring the Safety of SBF Programs Through Formal Verification

A deep dive into making Solana contracts safer with Sertora's formal verification tool.

Breakpoint 2023: Solang: Running Solidity Natively on Solana

An introduction to Solang, a tool that compiles Solidity code to run natively on the Solana blockchain.

Breakpoint 2023: Big Boba Energy - On-Chain Loyalty with Boba Guys

Boba Guys introduces a novel on-chain loyalty program leveraging Solana blockchain, transforming the loyalty ecosystem for their customers.

Breakpoint 2024: Product Keynote: Streamflow (Malisha imprfekt)

Streamflow announces major platform upgrades and token launch at Solana Breakpoint 2024

Breakpoint 2024: Keynote: ZK Compression (Swen Schaeferjohann, Nicolas Pennie)

Solana introduces ZK compression to scale the network, reduce costs, and enable new use cases

Breakpoint 2023: Jupiter's Ambitious Plans for Solana's DeFi Ecosystem

Breakpoint 2023 presents Jupiter's bold strategies for enhancing the Solana ecosystem with new offerings and a commitment to decentralization.

Breakpoint 2023: Solana Incubator: Build your company alongside Solana Labs

Solana Incubator offers hands-on support and resources to help companies build and scale within the Solana blockchain ecosystem.

Breakpoint 2024: Product Keynote: Clickhouse & Goldsky: CryptoHouse

Clickhouse and Goldsky introduce CryptoHouse, a free blockchain analytics service for Solana