Solaris

Coverage-guided fuzzer for Solana programs. Automatically generate test inputs to discover edge cases and vulnerabilities through bytecode-level instrumentation.

Overview

Solaris is a coverage-guided fuzzer that enables structure-aware and state-aware test generation for Solana programs. By modeling program instruction sequences with structured schemas, it generates semantically valid test cases while instrumenting programs at the sBPF bytecode level to track edge coverage and control flow.

Unlike traditional fuzzers that operate blindly, Solaris maintains awareness of program state throughout instruction chains by tracking authorities, accounts, and program-specific data structures.

The fuzzer intelligently mutates inputs to explore different instruction sequences, parameters, and program states, guided by sBPF bytecode-level coverage feedback to discover new execution paths and vulnerabilities in program invariants.

Why Solaris?

Traditional fuzzers generate random inputs that often violate program constraints, wasting computation on invalid test cases. Manual testing misses edge cases that emerge from complex instruction sequences and state transitions.

Solaris models valid instruction sequences using structured schemas, ensuring generated test cases are both structurally and semantically valid while exploring different parameter combinations and execution orders. Beyond structure-aware mutation, Solaris is also state-aware, understanding and tracking program state transitions in order to explore the state space and uncover vulnerabilities that only manifest under specific state conditions. This dual approach combined with bytecode-level coverage instrumentation enables efficient discovery of vulnerabilities in program invariants without wasting time on malformed inputs.

The result is more thorough testing with less manual effort, helping teams find and fix issues before deployment.

How It Works

01

Define Schema

Model program instructions and their parameters using structured schemas

02

Write Harness

Implement fuzzing harness that translates structured inputs into program instructions

03

Run Fuzzer

Execute fuzzer with coverage-guided mutations to explore program states

04

Analyze Results

Review discovered bugs, crashes, and invariant violations with reproducing test cases

Key Features

sBPF Edge Coverage

Instrument the SVM to track control flow edges at the bytecode level, reporting each edge and other callbacks for coverage-guided mutations

Coverage Reports

Export visual code coverage reports to validate fuzzing campaign efficacy and demonstrate testing thoroughness

Structure & State Aware

Intelligent mutation that understands both program structure and state transitions

Corpus Management

Maintain and evolve test case corpus to maximize coverage and minimize redundancy

Crash Reporting & Reproduction

Reproduce bugs with a single test case for easy debugging and analysis

Invariant Testing

Discover violations in program invariants through systematic testing

Use Cases

Security Testing

Invariant Discovery Edge Case Detection Vulnerability Research

Pre-Deployment

Program Hardening Coverage Analysis Regression Testing

Continuous Integration

Automated Fuzzing CI/CD Pipelines Quality Assurance

Intelligent Fuzz Testing for Solana Programs

Get early access to Solaris for Solana

Request Access View All Products