fixes

solana-foundation · nickfrosty · Jan 9, 2025 · Dec 20, 2024 · Dec 20, 2024 · Dec 21, 2024
commit 41063caa867b5069c5803eb7583746691b9d6d3a
@@ -31,7 +31,7 @@ error. Resulting in a failed transaction and no state changes (aside from the
 transaction fee being
 [collected](https://solana.com/docs/core/fees#fee-collection)).
 
-### Solana Developer Guides
+### Additional References
 
 - [How to Optimize Compute](https://solana.com/developers/guides/advanced/how-to-optimize-compute).
 - [How to Request Optimal Compute](https://solana.com/developers/guides/advanced/how-to-request-optimal-compute)
@@ -42,6 +42,77 @@ Saving the bump to your Solana smart contract account state enables
 deterministic address generation, efficiency in address reconstruction, reduced
 transaction failure, and consistency across invocations.
 
-### Solana Developer Guides
+### Additional References
 
 - [Bump Seed Canonicalization Lesson](https://solana.com/developers/courses/program-security/bump-seed-canonicalization#challenge)
+- [PDA Bumps Core Concepts](https://solana.com/docs/core/pda#canonical-bump)
+
+## Payer-Authority Pattern
+
+The Payer-Authority pattern is an elegant way to handle situations where the
+account’s funder (payer) differs from the account’s owner or manager
+(authority). By requiring separate signers and validating them in your on-chain
+logic, you can maintain clear, robust, and flexible ownership semantics in your
+progra
+
+### Shank Example
+
+```rust
+// Create a new account.
+#[account(0, writable, signer, name="account", desc = "The address of the new account")]
+#[account(1, writable, signer, name="payer", desc = "The account paying for the storage fees")]
+#[account(2, optional, signer, name="authority", desc = "The authority signing for the account creation")]
+#[account(3, name="system_program", desc = "The system program")]
+CreateAccountV1(CreateAccountV1Args),
+```
+
+### Anchor Example
+
+```rust
+#[derive(Accounts)]
+pub struct CreateAccount<'info> {
+    /// The address of the new account
+    #[account(init, payer = payer_one, space = 8 + NewAccount::MAXIMUM_SIZE)]
+    pub account: Account<'info, NewAccount>,
+
+    /// The account paying for the storage fees
+    #[account(mut)]
+    pub payer: Signer<'info>,
+
+    /// The authority signing for the account creation
+    pub authority: Option<Signer<'info>>,
+
+    // The system program
+    pub system_program: Program<'info, System>
+}
+```
+
+### Additional References
+
+- [Metaplex Guide on Payer-Authority Pattern](https://developers.metaplex.com/guides/general/payer-authority-pattern)
+- [Helium Program Library using the Payer-Authority Pattern](https://github.com/helium/helium-program-library/blob/master/programs/data-credits/src/instructions/change_delegated_sub_dao_v0.rs#L18)
+
+## Invariants
+
+Implement invariants, which are functions that you can call at the end of your
+instruction to assert specific properties because they help ensure the
+correctness and reliability of programs.
+
+```rust
+require!(amount > 0, ErrorCode::InvalidAmount);
+```
+
+### Additional References
+
+- [Complete Project Code Example](https://github.com/solana-developers/developer-bootcamp-2024/blob/main/project-9-token-lottery/programs/token-lottery/src/lib.rs#L291)
+
+## Optimize Indexing
+
+You can make indexing easier by placing static size fields at the beginning and
+variable size fields at the end of your on-chain structures.
+
+## Account Constraints
+
+## Noop/Self CPI
+
+## Safe Math
diff --git a/docs/toolkit/local-testing.md b/docs/toolkit/local-testing.md
@@ -4,6 +4,10 @@ sidebarSortOrder: 5
 sidebarLabel: Local Testing
 ---
 
+> This is a beta version of The Solana Toolkit, and is still a WIP. Please post
+> all feedback as a github issue
+> [here](https://github.com/solana-foundation/developer-content/issues).
+
 The Solana test validator is a local emulator for the Solana blockchain,
 designed to provide developers with a private and controlled environment for
 building and testing Solana programs without the need to connect to a public

@@ -57,3 +57,5 @@ assert_eq!(to_account.unwrap().lamports, 64);
 ## Additional Resources
 
 - [Source Code](https://github.com/LiteSVM/litesvm)
+- [Complete Project Example](https://github.com/cavemanloverboy/nawnce/blob/main/src/lib.rs)
+- [More Complex Project Example](https://github.com/pyth-network/per)
@@ -8,6 +8,8 @@ sidebarLabel: Security Scanner
 > all feedback as a github issue
 > [here](https://github.com/solana-foundation/developer-content/issues).
 
+## Static Analysis tools
+
 [Radar](https://github.com/Auditware/radar?tab=readme-ov-file) is static
 analysis tool for anchor rust programs. It allows you to write, share, and
 utilize templates to identify security issues in rust-based smart contracts
@@ -17,3 +19,9 @@ vulnerable code patterns through logical expressions.
 [Xray](https://github.com/sec3-product/x-ray) is an open-source, cross-platform
 command-line interface (CLI) tool designed for static analysis of Solana
 programs and smart contracts written in Rust.
+
+## Common Security Exploits and Protections
+
+Read [Sealevel Attacks](https://github.com/coral-xyz/sealevel-attacks) for
+examples of common exploits unique to the Solana programming model and
+recommended idioms for avoiding these attacks using the Anchor framework.
@@ -0,0 +1,11 @@
+---
+title: Troubleshooting Solana Programs
+sidebarSortOrder: 6
+sidebarLabel: Troubleshooting
+---
+
+## Solana Stack Exchange
+
+The [Solana stack exchange](https://solana.stackexchange.com/) is the best place
+for conversations around Solana development. If you ever get stuck, ask your
+question [here](https://solana.stackexchange.com/questions/ask).