Case Study

Solana Prediction Market Audit

Pre-mainnet security audit for a prediction market protocol using LMSR automated market maker.

Industry: DeFi, Prediction Markets • Chain: Solana (Anchor/Rust)

Results at a Glance

Issues Found

High Severity

2.8k

Lines Reviewed

Critical Issues

The Challenge

A Solana-based prediction market protocol was preparing for mainnet launch. The protocol implements binary (YES/NO) prediction markets using LMSR (Logarithmic Market Scoring Rule) — the same pricing mechanism used by major prediction markets.

The codebase included a 703-line fixed-point math engine for LMSR calculations, complex state machine transitions, and a dispute resolution system with bond mechanics.

They needed confidence that their protocol could handle real money before launch.

Protocol Architecture

Programs

Instructions

Account Types

703

Math Engine Lines

Binary markets with USDC settlement, creator fees, dispute mechanism with bonds, and admin resolution for contested outcomes.

My Approach

Phase 1: Architecture Review

State Machine Mapping

Mapped all 5 market states (Open → TradingClosed → ProposedResolution → Disputed → Finalized) and verified transition guards.

Account Flow Analysis

Traced PDA derivations across all 7 account types. Verified remaining accounts validation in dynamic market creation.

Phase 2: LMSR Math Engine Audit

Fixed-Point Precision Analysis

Reviewed Q64.64 format implementation. Verified I256 usage for overflow protection in multiplication and division.

Economic Invariant Verification

Tested LMSR properties: monotonicity, convexity, price bounds (0 < p < 1), price sum = 1, and 1 winning share = 1 USDC.

Edge Case Analysis

Analyzed behavior at exponential clamping boundaries, extreme market imbalances, and minimum trade sizes.

Phase 3: Solana-Specific Vulnerabilities

Account Validation Checklist

Systematic check for missing signer/owner checks, PDA substitution attacks, type cosplay, and reinitialization vulnerabilities.

CPI Security Review

Verified all SPL token transfers use correct authorities, proper signer seeds, and validated program IDs.

Key Findings

Critical

High

Medium

Low

Info

Vault Insolvency from Dispute Bonds

Dispute bonds went into the same vault as trading funds. When combined with creator fee withdrawals, a successful dispute refund could deplete the vault below redemption obligations.

Market: 1000 USDC → Bond: +100 → Fees: -50 → Refund: -100 → Vault: 950 USDC
Winners need: 1000 USDC → Shortfall: 50 USDC

Missing Vault Balance Check in Sells

The sell instruction transferred USDC without explicit balance verification. While SPL token reverts on insufficient funds, this provided poor error messaging and could mask accounting bugs during testing.

Medium Severity Issues

Time comparison inconsistency: Mixed use of >=, >, <= operators created 1-second edge case windows.

LMSR exp clamping: Exponential clamping at ±10 underprices shares in extreme market imbalances (148x difference at exp(15) vs clamped).

No admin key rotation: Admin set at initialization cannot be changed — no recovery from key compromise.

What They Did Right

This wasn't a poorly built protocol. The team had strong security fundamentals:

Comprehensive PDA Validation

Every remaining account manually validated with proper seed derivation. No shortcuts.

Double-Spend Prevention

Atomic ordering: burn tokens → transfer USDC → zero position. Proper sequencing.

Checked Arithmetic

checked_add(), checked_sub() everywhere. No silent overflows possible.

Clean State Machine

Well-defined transitions with proper guards. Cannot skip states or go backwards.

Deliverables

Security Audit Report

60+ pages covering all 17 findings with severity ratings, code references, and detailed fix recommendations.

LMSR Math Analysis

Precision analysis, overflow boundary documentation, edge case test vectors, and economic invariant verification.

State Machine Diagram

Complete transition mapping with guard conditions and access control matrix.

Prioritized Roadmap

Must-fix before mainnet, should-fix, and consider-fixing items with clear rationale.

Outcome

All high-severity issues acknowledged for remediation before mainnet deployment. The vault solvency issue addressed through separate dispute bond escrow.

The protocol demonstrated strong security fundamentals — issues found were edge cases and design decisions, not fundamental architectural flaws.

That's exactly what pre-mainnet audits are for: catching the things that familiarity makes you miss.

Key Lessons for Solana Builders

Trace every fund flow combination. When multiple withdrawal paths exist, verify solvency in all scenarios.

Explicit checks beat implicit program behavior. Don't rely on SPL token reverts for balance validation.

Pick conventions and stick to them. Inconsistent time comparisons create subtle edge cases.

Plan for admin key compromise from day one. Build rotation mechanisms before you need them.

Preparing for Mainnet?

I audit Solidity and Solana smart contracts. Fresh eyes catch what familiarity misses — get your protocol reviewed before launch, not after a hack.

Get in touch View Smart Contract Services

Client details anonymized. Engagement conducted under NDA. Case study shared with client approval.