Blog

Fogo is a high-performance Layer 1 blockchain built on the Solana Virtual Machine (SVM) for ultra-low-latency, achieving near-instant transactions and gasless experiences by leveraging Firedancer and a specialized architecture for speed and fairness. Fogo Sessions are a core feature of Fogo, designed to reduce signing friction without weakening security. Instead of requiring a wallet signature for every interaction, users sign a single, structured intent that grants temporary, tightly scoped authority to a Session Account. This authority is enforced at the protocol level through the Session Manager Program and a modified, session-aware SPL Token Program. In this article, we’ll go over how sessions are created, validated, enforced at runtime, and eventually revoked or closed.

Salah Ismail

How state-sponsored attackers bypass everything your audit checks.

Juan Jaramillo

In the first two months of 2026, attackers drained more than $112.5 million across 31 DeFi protocol hacks. The causes were not new: compromised treasury wallets, legacy contract flaws, oracle manipulation, and stolen admin keys. Add phishing and social engineering and total losses push past $400M before the quarter even ends. Most of these incidents followed patterns that had already appeared in previous post-mortems. This checklist breaks down the security controls DeFi teams should implement before launch, based on the failure modes that keep showing up across real incidents.

Juan Jaramillo

Solana's account model, CPI boundaries, and BPF runtime create attack surfaces that EVM-focused auditors miss. This guide covers six firms with great Solana expertise, what each does well, and where they fit. We're one of them (Adevar Labs), so take our perspective with that in mind.

Juan Jaramillo

Testing finds bugs. It does not prove their absence. While unit tests validate specific scenarios, formal verification goes further by proving correctness across all possible inputs and execution paths. The Move Prover gives you this guarantee on Aptos. In this guide, we go from installation to writing formal specifications that verify the core safety properties of a vault: proper initialization, valid deposits, safe withdrawals, and state consistency.

Switching ecosystems isn't about learning new syntax, it's about unlearning assumptions. A DEX or lending market still follows familiar logic, but the way you manage state, enforce permissions, and process transactions varies across architectures. In this post, we compare how EVM, Solana, and Sui handle core contract operations (focusing on mental models, not language syntax), so you can build in Move with the right design instincts from the start.

In DeFi, where smart contracts manage real assets, accurate and timely price data is critical. Consider a lending protocol where users deposit ETH to borrow USDC, the system must continuously monitor ETH’s price and trigger liquidations if it drops too far. This logic depends entirely on reliable oracle data. In a recent audit, while evaluating switchboard integrations, we observed several cases where statistical parameters were misapplied, reducing feed reliability and introducing subtle but significant vulnerabilities.

Salah Ismail

Randomness is a foundational building block for games, auctions, lotteries, and dynamic NFTs but generating it securely on-chain, especially on a fast, deterministic chain like Solana, is far from straightforward. In this two-part series, we dissect the available randomness sources on Solana and examine which ones are safe to trust, when, and why. In Part 1, we focus on native sysvars and third-party RNG protocols currently live on mainnet.

Salah Ismail

When building DeFi protocols on Solana, developers often face a challenging dilemma: how to implement sophisticated financial calculations without using floating-point operations. While Solana's runtime does not explicitly forbid floating-point instructions, their use is discouraged. This constraint can be particularly challenging when implementing fee models that traditionally rely on exponential calculations. In this post, we'll explore a common scenario faced by many protocols and discuss various approaches to handle it, each with its own trade-offs.

Catalin Neagu

Solana doesn't operate like Ethereum, and that reshapes the entire game of MEV. In this blog, we break down how front-running and back-running work on Solana, the technical constraints that make it harder to pull off, and what strategies (both legitimate and malicious) are evolving. If you're building on Solana, this is your crash course on MEV risks, defenses, and the invisible games validators and searchers might be playing.

Salah Ismail

In Solana, smart contracts (programs) can be immutable (if the upgrade authority is revoked). But guess what isn’t? The off-chain tooling and SDKs that interact with them. That’s exactly where a supply chain exploit can hit you hardest: in tools you blindly trust.

Catalin Neagu

When using the Anchor’s macro #[derive(Accounts)], a lot goes on under the hood. Anchor helps abstract away boilerplate and security vulnerabilities, but it can also introduce subtle pitfalls. In this post, we explore a surprising bug caused by how Anchor handles deserialization and memory copying, especially when multiple variables refer to the same account. Using a real example from the WooFi Sherlock contest, we break down what goes wrong, why, and how to fix it.

Salah Ismail

More storage means more lamports in Solana. And although every byte is important, there's always a debate between optimization vs simplicity. In this post, we'll walk through an example of how keeping things simple by design can help avoid potentially dangerous situations.

Catalin Neagu