Trident: A Rust Fuzzing Framework for Secure Solana Program Development

Introduction

Trident is a cutting-edge, Rust-based fuzzing framework for Solana programs, developed by Ackee Blockchain Security. It stands out as the first and only manually-guided fuzzing framework for Solana, capable of processing up to 12,000 transactions per second. Designed to help developers ship secure code, Trident assists in uncovering subtle bugs and vulnerabilities that traditional testing methods might miss. It has been granted by the Solana Foundation and is trusted for securing projects like Kamino.

Installation

To get started with Trident, you can install the command-line interface via Cargo. The latest release is 0.11.1.

cargo install trident-cli

Examples

Here's a quick start guide to writing your first fuzz test with Trident.

First, define your initialization logic using the #[init] macro:

#[init]
fn start(&mut self) {
  // Build Initialize Transaction
  let mut tx = InitializeTransaction::build(&mut self.trident, &mut self.fuzz_accounts);

  // Execute Initialize Transaction
  self.trident
        .execute_transaction(&mut tx, Some("Initialize"));
}

Then, define your transaction flows using the #[flow] macro:

#[flow]
fn flow1(&mut self) {
    // Build MoveEast Transaction
    let mut tx = MoveEastTransaction::build(&mut self.trident, &mut self.fuzz_accounts);

    // Execute MoveEast Transaction
    self.trident.execute_transaction(&mut tx, Some("MoveEast"));
}
#[flow]
fn flow2(&mut self) {
    // Build MoveSouth Transaction
    let mut tx = MoveSouthTransaction::build(&mut self.trident, &mut self.fuzz_accounts);
    
    // Execute MoveSouth Transaction
    self.trident.execute_transaction(&mut tx, Some("MoveSouth"));
}

Finally, run your fuzz test:

trident fuzz run <fuzz_test>

For comprehensive examples and guides, refer to the official documentation.

Why Use Trident?

Trident offers a powerful suite of features and benefits for securing your Solana programs:

• High Performance: Executes thousands of transactions per second to thoroughly stress your program at Solana speed.
• Comprehensive State Modeling: Models state changes and flows that often go undetected by standard unit tests.
• Early Vulnerability Detection: Surfaces edge cases, overflows, and missing constraints early in the development process.
• Expert Backing: Built and maintained by Ackee Blockchain Security, trusted auditors for major projects like Lido, Safe, and Axelar.
• Solana Foundation Support: Officially supported by the Solana Foundation.
• Manually-Guided Fuzzer: Allows you to define custom strategies to explore complex code paths effectively.
• Stateful Fuzzing: Generates inputs based on critical account state changes, leading to more realistic test scenarios.
• Anchor-like Macros: Enables writing fuzz tests with a familiar, clean syntax, similar to Anchor development.
• TridentSVM Client: Facilitates execution using Anza’s Solana SVM API.
• Property-Based Testing: Provides tools to compare account states before and after execution, ensuring expected behavior.
• Flow-Based Sequence Control: Combine multiple instructions into realistic transaction patterns for robust testing.
• Regression Testing: Compare fuzzing results between different program versions to prevent regressions.

Trident is ideal for audit preparation, continuous security integration into CI/CD pipelines, and research or prototyping to generate complex attack sequences programmatically.

Links

• Website: https://usetrident.xyz/
• Documentation: https://ackee.xyz/trident/docs/latest/
• Discord Community: https://discord.gg/JhTVXUvaEr
• GitHub Repository: https://github.com/Ackee-Blockchain/trident