PROJECT
SOL-TEST-FORGE
DRAWING
DWG-042 REV.A
SCALE
1:1 · NTS
NETWORK
DEVNET
STATUS
COMPILED
SECTION A–A'/TOOLCHAIN/SECURITY

Forge
safer Solana
programs.

A blueprint-driven test framework. Fork live devnet state, scan IDLs against 7 security rules, and fuzz with a thousand random inputs — all before a single byte ever touches mainnet.

BP-001 · ANCHOR PROGRAM SCHEMATIC
SCALE 1:1
PLATE A
● HEAT ZONES: 3
ANCHOR PROGRAM · forexforsoul · 8 IX — SECTION CUT A–A' — open_position fn instruction ctx, size, side Account user: Signer Account authority: ✕ PDA position CPI token::xfer CPI price::oracle vault PublicKey CRITICAL: missing-signer 1,000 FUZZ ITERATIONS · 25 CRASH · 32 FINDINGS
RULES
00checks
IDL-based static analysis
FUZZ
0iters
boundary + random inputs
FORK
0avg
devnet · mainnet snapshot
FOOTPRINT
0sol
no deploys · local-only
§ 01HEAT LIFECYCLE

Three stages, one cooled artifact.

Your program enters cold as raw bytes. By the time it leaves the forge it has been quenched against every rule in the spec — ready to mainnet.
01
Fork state
Snapshot any program's accounts from a live cluster in one call. Every test runs against the real on-chain shape — no fixtures, no drift.
$ solforge fork devnet <PID>
02
Scan IDL
Seven static rules inspect signer roles, account ownership, arithmetic, rent, CPI authority and reinit windows. Severity-ranked. Machine-readable JSON.
$ solforge security ./idl.json
03
Fuzz hot
Boundary-aware random inputs stress every instruction. Overflows, div-by-zero, invariant breaks, UB — all surfaced before the deploy button.
$ solforge fuzz ./idl.json -n 1000
§ 02BILL OF MATERIALS

Security rules, itemised.

Every forge check is a part with a spec. Here are the seven items in the standard toolkit — with severity bands and applicable IDL surface.
ITEM
PART NO.
DESCRIPTION
SEVERITY
SURFACE
001
MIS-SIGN
Missing signer constraintflags authority-shaped accounts declared without the Signer<'info> wrapper
◆ CRITICAL
ACCOUNTS[*]
002
UNCHK-OWN
Unchecked account ownerdetects Account<T> used as UncheckedAccount without owner = crate::ID
◆ CRITICAL
ACCOUNTS[*]
003
ARITH-OVF
Arithmetic overflowraw +/-/* on u64/u128 without checked_* or overflow-checks on
◇ HIGH
HANDLERS[*]
004
REINIT
Account re-initializationinit on mutable target without close/realloc guard
◇ HIGH
INIT[*]
005
CPI-AUTH
CPI authority bypassCPI call signed by wrong seed; PDA derived with user input unchecked
◇ HIGH
CPI[*]
006
RENT-EX
Rent exemption drainclose = x without assertion on remaining_lamports after transfer
○ MEDIUM
CLOSE[*]
007
PDA-BUMP
Canonical bump driftnon-canonical bump reused across instructions; missing stored bump field
○ MEDIUM
PDA[*]
§ 03COVERAGE HEATMAP

Watch the metal turn orange.

288 instruction · input permutations per run. Each cell tracks one fuzz case — blue means cold path, orange means hit, red means crash.
FUZZ RUN · forexforsoul.open_position · iter 0 → 288
not reached cold path exercised hot boundary crash
ITERATIONS
0
PASS
0
CRASH
0
BOUNDARIES HIT
0
§ 04LIVE FORGE

Hammer it on a real program.

Target is pinned to ERSbyEx6…y8ro — the live Forex-for-Soul perpetuals program on devnet. Pick a stage and click run.
1
Fork engine
snapshot · 5 accts · 2s
2
Security scanner
7 rules · 3 critical
3
Fuzz hammer
1000 iter · 25 crash
sol-test-forge://stage/fork IDLE
# select a stage on the left, or hit RUN ENTIRE PIPELINE # target: ERSbyEx6s4MJnAem1vjmZW8Wv2cQdx1U4Fytuo6qy8ro # cluster: https://api.devnet.solana.com $ solforge --help sol-test-forge 0.1.0 an engineer's toolkit for safer anchor programs USAGE solforge <command> [options] COMMANDS fork snapshot program accounts from a cluster security static scan of IDL against security rules fuzz boundary-aware random input hammering report export json/markdown/html ready.
§ 05TOOL COMPARISON

Why roll a dedicated forge?

The rest of the Solana toolchain runs tests. Few of them inspect, fewer fuzz, and none snapshot real state without deploying. Here's where each sits.
anchor test bankrun local-validator test:forge
live-state fork — none partial manual rpc ✓ snapshot
idl security scan — none — none — none ✓ 7 rules
boundary fuzzer manual ts manual ts manual ts ✓ 1000 iter
zero sol / no deploy deploys deploys
ci-friendly report tap only tap only — none ✓ json/md/html
INSTALL / QUICK START
Node 18+ · no rust toolchain required · zero config.
01
npm install -g solanatestforge
install · ~5 mb
02
solforge fork devnet ERSbyEx6s4MJnAem1vjmZW8Wv2cQdx1U4Fytuo6qy8ro
snapshot live accounts · ≤ 2s
03
solforge security ./target/idl/my_program.json
7 rules · severity-ranked
04
solforge fuzz ./target/idl/my_program.json --iterations 1000
boundary + random · crash report