Author: enze, SlowMist Technology

Solana is a fast and highly scalable blockchain protocol that provides a powerful infrastructure for decentralized applications (DApps). The recent recovery of the Solana ecosystem has attracted widespread attention. This article will introduce Solana accounts, tokens, transactions, and how to ensure asset security in this ecosystem.

Solana Account

Understanding your account is the first step to protecting your assets. Unlike accounts in Ethereum, the primary role of accounts in Solana is to store data.

Accounts in Solana are mainly divided into three types:

• Data account: used for storage data.

• Program account: used to store executable programs.

• Native account: refers to the native programs on Solana, such as System, Stake and Vote.

Among them, data accounts can be further divided into two categories:

• All accounts in the system: accounts generated by native programs on Solana.

• Program Derived Account (PDA): The signing authority is the account of the program, so it is not controlled by the private key like other accounts.

Each account has an address (usually a public key) and an owner (the address of the program account). The former is similar to that on Ethereum, and the latter can be simply understood as the program to create the account.

The accounts generated by ordinary users through wallets belong to all the system accounts in the data account, and the default account owner is the system program. We can simply understand it as: the user generates a system-wide account through the system program. This account stores the user's basic information and assets and other data, and this account has an address (that is, a public key).

Take Solana Explorer as an example. The accounts used by ordinary users, that is, all accounts in the system, are displayed on the browser as shown below:

Assigned Program Id represents the owner of the account, Allocated Data Size represents the size of data stored in the account, Executable represents whether the account is executable, usually only the program The account is executable. Ordinary users only need to pay attention to the address of the account.

Through the above content, we have a preliminary understanding of Solana accounts. Next, let’s get to know Solana Token.

Solana Token

SPL-Token represents all non-native tokens on the Solana network, including fungible tokens and non-fungible tokens (NFTs) ).

Similar to ERC20 and ERC721 tokens, SPL tokens are issued and Transaction, and its difference from Ethereum is:

In Solana, the issuer of Token creates a mint-account through the native program token-program on Solana. , and store the basic information of Token in this account. For example, the mint-account address for USDC on Solana Explorer is EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v. Detailed information about USDC Token Mint is displayed in the browser, including the current token supply, addresses with minting and freezing authority, and the decimal precision of the token.

Next, let us understand what token-account is.

On Solana, each Token holder has a specific token-account, which records the balance and related information of the holder's specific Token. For example, if Alice owns both USDT and USDC Tokens, she will have two token-accounts respectively, one of which records the balance of USDT and the other records the balance of USDC.

So how to check your token-account?

We can use the Solana Beach browser to clearly see each token-account by entering the address of the data account and clicking Portfolio. Each account records the balance of a specific Token.

You can also view the Token information recorded for each account through the Solana Beach browser , authorization status and other detailed information.

Solana Trading< /strong>

On Solana, every transaction includes the following key information:

• Instructions ( Instructions): One or more instructions that define operations in a transaction, such as transfers, program interactions, Token transfers, etc.

• Blockhash: Contains the latest block hash value, used to ensure that transactions are executed on the correct block.

• Signatures: One or more signatures indicating authorization of a transaction. Each signature corresponds to a signing account in the transaction, ensuring that only authorized accounts can execute the transaction.

A transaction on Solana can contain multiple instructions, which means that multiple different operations can be performed in the same transaction. For example, a user can transfer multiple funds Instructions are packaged into the same transaction and these instructions will be executed sequentially. If any one instruction in the transaction fails, the entire transaction will fail.

The transaction records of Solana are slightly different from those of Ethereum. Let’s take a look at how to effectively read the transaction records on Solana.

SOL Transfer Transactions

For transaction records on Solana, we take the SOLSCAN browser as an example and focus on the following main information:

• Signature: Similar to the transaction hash, the first signature of the transaction is used as the index of the transaction in the transaction record.

• Result: The execution result of the transaction, indicating whether the transaction was successful.

• Signer: The account address for executing the transaction, that is, the address of the signer.

• Main Actions: The main operation instructions included in the transaction, which can be transfers, program calls, etc.

• Instruction Details: The specific operation instructions executed in the transaction.

We can see the account addresses of both parties to the transfer in Main Actions.

In the Instruction Details, we can see that the main instructions for the SOL transfer transaction are SOL Transfer, this instruction is designed to transfer SOL. By viewing the details of the instruction in detail, we can obtain information about the program called by the instruction, as well as the account addresses of the parties involved in the transfer.

Token transfer transaction

The following transaction is a transfer of USDT, which is similar to the SOL transaction.

In the Instruction Details section, Token transactions usually first call Create Associated The Account command creates a Token account for the recipient (if the recipient does not have a corresponding account yet), which is used to store data such as USDT balance.

Then execute the Token Transfer command to complete the transfer of USDT. It is worth noting that, unlike the SOL Transfer instruction, the Source and Destination in the Token Transfer instruction do not represent the direct account addresses of the transfer parties, but their Token accounts (PDA accounts), which requires special attention.

Swap transaction

Below is a Swap transaction where the user exchanges USDT for USDC.

Multiple commands Transaction

In a Solana transaction that contains multiple instructions, multiple operations such as SOL transfer, Swap transaction, and Token transfer are involved.

Even if there are multiple instructions, we can still view the transaction execution through Instruction Details Detailed instructions to understand the specific operations of each step.

Asset Security

As the saying goes, if you know yourself and the enemy, you can fight a hundred battles without danger. We’ve taken a first look at accounts, tokens, and transactions on Solana. To avoid the risk of asset theft, we need to have a deeper understanding of the risks we may face when using the Solana wallet.

Leakage of private keys and mnemonic phrases

According to statistics from the Slowmist Blockchain Hacked Archive (https://hacked.slowmist.io) , the losses caused by nine security incidents of private key leakage in 2023 were as high as US$84.75 million. Among the theft cases handled by the SlowMist AML team, incidents in which private keys and mnemonic phrases were leaked resulting in asset theft accounted for a large proportion. Therefore, to ensure the security of assets on the Solana wallet, the most important thing is to manage the wallet private key and mnemonic phrase.

Using Wallets

During the use of wallets, signatures are one of the security risks that require the most attention. Pay special attention to the information you sign when interacting with projects on Solana.

Moreover, Solana allows multiple transfers to be packaged into one transaction, that is, all assets in the wallet can be transferred at once with only one signature.

Let’s take a look at a practical case:

A victim made a mistake on a phishing website and only clicked once to confirm, causing all the assets in the wallet to be transferred at once. Walk. What kind of operation allows the victim to just sign once and let the hacker transfer all the assets?

Yes, the hacker took advantage of the mechanism mentioned above and a feature of the wallet:

The victim used Phantom Wallet, which Multiple transfer instructions can be packaged into one transaction, and the entire process can be completed with only one signature. It is precisely this feature that has become a breakthrough for hackers to exploit, causing victims to lose all their assets in one signature. When using the wallet, users must carefully confirm each signature operation to avoid losses.

This key function is also clearly introduced in the official documentation of Phantom Wallet:

Summary

In this Solana science article, we first understand the basics of Solana accounts knowledge; then delved into the basic concepts of Solana Token; and then discussed the relevant content of trading on Solana. In terms of ensuring the security of wallet assets, we emphasize the safe storage of private keys and mnemonic phrases. We recommend that users read the "Blockchain Dark Forest Self-Rescue Manual" produced by Slow Mist: https://github.com/slowmist/Blockchain- dark-forest-selfguard-handbook/blob/main/README_CN.md for more security suggestions; when using the wallet, users must carefully confirm each signature operation to avoid losses. In addition, it is crucial to read the security tips in the wallet documentation, and staying vigilant at all times is the key to ensuring the safety of your assets.