jakiro
Author: Enze, Slow Fog Technology
Solana is a fast and highly scalable blockchain protocol that provides a strong infrastructure for decentralized applications (DAPPS).Recently, the Solana ecological recovery has attracted widespread attention. This article will introduce Solana accounts, token, transactions, and how to ensure asset security in this ecology.
Solana account
Understanding accounts is the first step to ensure asset security.Unlike the account in Ethereum, in Solana, the main role of the account is to store data.
The accounts in Solana are mainly divided into three types:
-
Data account: used to store data.
-
Program account: used to store executable programs.
-
Native account: refers to native programs on Solana, such as System, Stake, and Vote.
Among them, the data account can be further divided into two categories:
-
All accounts of the system: account generated by native programs on Solana.
-
Program derived account (PDA): The signature authority is the account of the program, so it is not controlled by the private key as other accounts.
Each account has an address (generally a public key) and an owner (the address of the program account).The former is similar to Ethereum, and the latter can simply understand the program to create the account.
The account generated by ordinary users through wallets belongs to all accounts in the data account. The default account owner is the system program.We can simply understand that users generate all accounts of a system through the system program. This account stores data such as basic information and assets of users, and this account has an address (that is, public key).
Taking Solana Explorer as an example, the account used by ordinary users, that is, all accounts of the system, display on the browser as follows:
AssiGNed Program ID represents the owner of the account, the Allocated Data Size represents the data size stored in the account. Executable indicates whether the account can be executed, and usually only the procedural account is executable.Ordinary users only need to pay attention to the address of the account.
Through the above, we have a preliminary understanding of the Solana account. Next, we will know Solana token.
Solana token
SPL-TOKEN represents all non-local tokens on behalf of the Solana network, including homogeneous tokens and intangible tokens (NFT).
Similar to ERC20 and ERC721 tokens, the SPL token is issued and traded on Solana, and the difference between it and Ethereum:
In Solana, the issuer of the Token creates a Mint-ACCount through the native programs on Solana, and stores the basic information of Token in this account.For example, the MINT-ACCOUNT address on the USDC on Solana Explorer is EPJFWDD5AUFQSSSSSSSSSSSSQEM2QN1XZYBAPC8GGGKZWYTDT1V.The browser shows detailed information about USDC Token Mint, including the current token supply, the address of the coin and freezing permissions, and the decimal accuracy of the token.
Next, let’s find out what token-account is.
On Solana, each token holder has a specific token-ACCount, which records the balance and relevant information of the holder’s specific Token.For example, Alice also has two types of token two of USDT and USDC. She will have two token-ACCount respectively, one of which records the balance of USDT and the other records the balance of USDC.
So how to view your token-ACCOUNT?
We can use Solana Beach browser, enter the address of the data account, and click Portfolio to clearly see each token-ACCount, and each account records the balance of a specific token.
Through Solana Beach browser, you can also view detailed information such as the token information recorded by each account and the authorization.
Solana trading
On Solana, each transaction contains the following key information:
-
Instructures: One or more instructions define operations in transactions, such as transfers, procedure interaction, token transfer, etc.
-
Blockhash: It contains the latest block hash value to ensure that transactions are executed on the right block.
-
Signatures: One or more signatures indicate the authorization of the transaction.Each signature corresponds to a signature account in the transaction, ensuring that only authorized accounts can execute this transaction.
A transaction on Solana can contain multiple instructions, which means that multiple different operations can be performed in the same transaction. For example, users can pack multiple transfer instructions into the same transaction, and these instructions will be executed in order.If any instruction in the transaction fails, the entire transaction will fail.
Solana’s transaction record is slightly different from Ethereum. Let’s see how to effectively read the transaction records on Solana.
SOL transfer transaction
For the transaction records on Solana, we take the Solscan browser as an example to pay attention to the following main information:
-
Signature: Similar to trading hash, the first signature of the transaction in the transaction record is the index of the transaction.
-
Result: The execution result of the transaction indicates whether the transaction is successful.
-
SIGNER: The account address of the transaction, the address of the signature.
-
Main Actions: The main operation instructions contained in the transaction can be transfer, program calls, etc.
-
Instrument Details: Specific instructions executed in the transaction.
We can see the account address of the transfer of the transfer in Main Actions.
In Instrument Details, we can see that the main instruction of SOL transfer transactions is Sol Transfer, which aims to perform SOL transfers.Looking at the details of the instruction in detail, we can get information about the call call of the instruction, as well as information about the account address of the two -involved transfer of the transfer.
Token transfer transaction
The following transactions are the transfer of USDT, similar to SOL transactions.
In the INSTRUCTION DETAILS section, the token transaction usually first calls the Create Association Account instruction to create a Token account for the receiver (if the receiver has no corresponding account) to store data such as USDT balance.
Then execute the Token Transfer instruction to complete the USDT transfer.It is worth noting that, unlike the Sol Transfer instruction, the Source and Destination in the Token Transfer instructions do not represent the direct account address of the transfers, but their token account (PDA account). This requires special attention.
SWAP transaction
Below is a SWAP transaction, and users exchange USDT to USDC.
Multiple instruction transactions
In the SOLANA transaction containing multiple instructions, multiple operations involved SOL’s transfer, SWAP transaction, and Token transfer.
Even if there are multiple instructions, we can still check the detailed instructions of the transaction execution through the Instrument Details to understand the specific operations of each step.
Asset safety
As the saying goes, knowing and knowing that he knows one another.We have initially learned about the accounts, token and transactions on Solana.In order to avoid the risk of asset stolen, we need to understand the risks that may face when using Solana wallets.
Private key and assistant leakage
According to the statistics of the slow fog blockchain by the black archive library (https://hacked.slowmist.io), the loss caused by nine private key leaks in 2023 was as high as 84.75 million US dollars.In the stolen case processed by the slow fog AML team, the leakage of private keys and assistants caused a considerable proportion of the stolen assets.Therefore, to ensure the safety of the assets on the Solana wallet, the most important thing is to manage the private key and assistant words of wallets.
Use wallet
During the use of wallets, signatures are one of the most important security risks. In particular, special attention should be paid to the information signed when interacting with the project on Solana.
Moreover, Solana allows packing multiple transfers into a transaction, that is, only one signature can be transferred to all the assets in the wallet at one time.
Let’s take a look at a actual case:
A victim misused on a fishing website and only clicked once to confirm, resulting in all the assets in the wallet was transferred at one time.What exactly is the operation that allows the victim to only signed a name to allow hackers to transfer all the assets?
Yes, the hacker uses one of the mechanisms and wallets mentioned above:
The victim uses Phantom Wallet. This wallet can pack multiple transfer instructions into a transaction. It only takes one signature to complete the entire process.It is precisely the breakthrough of this function to become a hacker, which led the victim to lose all assets in a signature.When using a wallet, please be careful to confirm the operation of each signature to avoid losses.
Phantom Wallet’s official document also clearly introduces this key function:
Summarize
In this issue of Solana popular science article, we first learned about the basic knowledge of the Solana account; then we thoroughly studied the basic concept of Solana token; and then discussed the relevant content of trading on Solana.In the part that guarantees the safety of wallet assets, we emphasize the security of private keys and notes. It is recommended that users read the “Blockchain Black Dark Forest Self-Rescue Manual” produced by slow fog: https://github.com/slowmist/blockchain-Dark-Forest-Selfguard-Handbook/Blob/main/readme_cn.md to obtain more security suggestions; when using a wallet, users must be careful to confirm the operation of each sign to avoid losses.In addition, reading the security reminder in the wallet file is important. Maintaining vigilance at all times is the key to ensuring asset security.
