找回密码
 立即注册
搜索

Solana Popular Science: Understanding Accounts, Tokens, Transactions and Asset Security

Anatoly 2025-10-15 03:57 63079人围观 SOL

By:enzeSolana is a fast and highly scalable blockchain protocol that provides a powerful infrastructure for decentralized applications (DApps). The recent recovery of the Solana ecosystem has attracted widespread attention. This article will introduce Sol
By: enze

Solana is a fast and highly scalable blockchain protocol that provides powerful infrastructure for decentralized applications (DApps). The recent recovery of the Solana ecosystem has attracted widespread attention. This article will introduce Solana accounts, tokens, transactions, and how to ensure asset security in this ecosystem.




Solana Account



Understanding your account is the first step to protecting your assets. Unlike accounts in Ethereum, in Solana, the main role of accounts is to store data.

There are three main types of accounts in Solana:


  • Data account: used to store data.

  • Program account: used to store executable programs.

  • Native account: refers to the native programs on Solana, such as System, Stake and Vote.


Among them, data accounts can be further divided into two categories:


  • All accounts in the system: accounts generated by native programs on Solana.

  • Program Derived Account (PDA): The signing authority is the program's account and therefore is not controlled by a private key like other accounts.


Each account has an address (usually a public key) and an owner (the address of the program account). The former is similar to that on Ethereum, and the latter can be simply understood as the program to create the account.

The accounts generated by ordinary users through wallets belong to all the system accounts in the data account, and the default account owner is the system program. We can simply understand it as: the user generates a system-wide account through the system program. This account stores the user's basic information and assets and other data, and this account has an address (that is, a public key).

Taking Solana Explorer as an example, the accounts used by ordinary users, that is, all accounts in the system, are displayed on the browser as follows:



Assigned Program Id represents the owner of the account, Allocated Data Size represents the size of data stored in the account, and Executable represents whether the account is executable. Usually only program accounts are executable. Ordinary users only need to pay attention to the address of the account.

Through the above content, we have a preliminary understanding of the Solana account. Next, let's get to know the Solana Token.

Solana Token



SPL-Token represents all non-native tokens on the Solana network, including fungible tokens and non-fungible tokens (NFTs).



Similar to ERC20 and ERC721 tokens, SPL tokens are issued and traded on Solana, but their differences from Ethereum are:




In Solana, the Token issuer creates a mint-account through the native program token-program on Solana and stores the basic information of the Token in this account. For example, the mint-account address of USDC on Solana Explorer is EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v. Detailed information about USDC Token Mint is displayed in the browser, including the current token supply, addresses with minting and freezing authority, and the decimal precision of the token.



Next, let us understand what token-account is.

On Solana, each Token holder has a specific token-account, which records the balance and related information of the holder's specific Token. For example, if Alice owns both USDT and USDC Tokens, she will have two token-accounts respectively, one of which records the balance of USDT and the other records the balance of USDC.

So how to check your token-account?

We can use the Solana Beach browser to clearly see each token-account by entering the address of the data account and clicking Portfolio. Each account records the balance of a specific Token.



Through the Solana Beach browser, you can also view the Token information recorded for each account, authorization status and other detailed information.



Solana Trading



On Solana, every transaction contains the following key information:


  • Instructions: One or more instructions that define operations in a transaction, such as transfers, program interactions, Token transfers, etc.

  • Blockhash: Contains the latest block hash value, used to ensure that transactions are executed on the correct block.

  • Signatures: One or more signatures that represent authorization of a transaction. Each signature corresponds to a signing account in the transaction, ensuring that only authorized accounts can execute the transaction.


A transaction on Solana can contain multiple instructions, which means that multiple different operations can be performed in the same transaction. For example, users can package multiple transfer instructions into the same transaction, and these instructions will be executed sequentially. If any one instruction in the transaction fails, the entire transaction will fail.

Solana's transaction records are slightly different from Ethereum. Let's take a look at how to effectively read transaction records on Solana.

SOL transfer transaction



For transaction records on Solana, we take the SOLSCAN browser as an example and focus on the following main information:


  • Signature: Similar to the transaction hash, the first signature of the transaction is used as the index of the transaction in the transaction record.

  • Result: The execution result of the transaction, indicating whether the transaction was successful.

  • Signer: The account address that executes the transaction, that is, the address of the signer.

  • Main Actions: The main operation instructions included in the transaction, which can be transfers, program calls, etc.

  • Instruction Details: The specific operation instructions performed in the transaction.


We can see the account addresses of both parties to the transfer in Main Actions.



In the Instruction Details, we can see that the main instruction of the SOL transfer transaction is SOL Transfer, which is designed to transfer SOL. By viewing the details of the instruction in detail, we can obtain information about the program called by the instruction, as well as the account addresses of the parties involved in the transfer.



Token transfer transaction



The following transaction is a transfer of USDT, similar to the SOL transaction.



In the Instruction Details section, Token transactions usually first call the Create Associated Account instruction to create a Token account for the recipient (if the recipient does not already have a corresponding account), which is used to store data such as USDT balance.

Then execute the Token Transfer command to complete the transfer of USDT. It is worth noting that, unlike the SOL Transfer instruction, the Source and Destination in the Token Transfer instruction do not represent the direct account addresses of the transfer parties, but their Token accounts (PDA accounts), which requires special attention.



Swap transaction



Below is a Swap transaction where the user exchanges USDT for USDC.






Multiple order trading



In a Solana transaction that contains multiple instructions, multiple operations such as SOL transfer, Swap transaction, and Token transfer are involved.



Even if there are multiple instructions, we can still view the detailed instructions for transaction execution through Instruction Details and understand the specific operations of each step.

Asset security



As the saying goes, if you know yourself and the enemy, you can fight a hundred battles without danger. We have taken a preliminary look at accounts, tokens, and transactions on Solana. In order to avoid the risk of asset theft, we need to have a deep understanding of the risks we may face when using the Solana wallet.

Private key and mnemonic phrase leaked



According to statistics from the Slowmist Blockchain Hacked Archive (https://hacked.slowmist.io), nine private key leak security incidents in 2023 resulted in losses as high as US$84.75 million. Among the theft cases handled by the SlowMist AML team, incidents in which private keys and mnemonic phrases were leaked resulting in asset theft accounted for a large proportion. Therefore, to ensure the security of assets on the Solana wallet, the most important thing is to manage the wallet private key and mnemonic phrase.

Use wallet



Signatures are one of the most concerning security risks when using a wallet, and special attention needs to be paid to the information signed when interacting with projects on Solana.

Moreover, Solana allows multiple transfers to be packaged into one transaction, which means that all assets in the wallet can be transferred at once with just one signature.

Let’s look at a practical case below:

A victim made a mistake on a phishing website and only clicked once to confirm, causing all the assets in the wallet to be transferred away at once. What kind of operation allows the victim to just sign once and let the hacker transfer all the assets?





Yes, the hacker exploited the mechanism mentioned above and a feature of the wallet:

The victim used Phantom Wallet, which can package multiple transfer instructions into one transaction and only require one signature to complete the entire process. It is precisely this feature that has become a breakthrough for hackers to exploit, causing victims to lose all their assets in one signature. When using the wallet, users must carefully confirm each signature operation to avoid losses.

This key feature is also clearly introduced in the official documentation of Phantom Wallet:



Summarize



In this Solana popular science article, we first understand the basics of Solana accounts; Then we deeply studied the basic concepts of Solana Token. ; This was followed by a discussion of trading on Solana. In the part of ensuring the security of wallet assets, we emphasize the safe storage of private keys and mnemonic words. We recommend that users read the "Blockchain Dark Forest Self-Rescue Handbook" produced by Slowmist: https://github.com/slowmist/Blockchain-dark-forest-selfguard-handbook/blob/main/README_CN.md for more security suggestions ; When using the wallet, users must carefully confirm each signature operation to avoid losses. In addition, it is crucial to read the security tips in the wallet documentation, and staying vigilant at all times is the key to ensuring the safety of your assets.

Review of past issues

Produced by SlowMist | 2023 Blockchain Security and Anti-Money Laundering Annual Report

Old Pitfalls, New Wounds—Analysis of Stolen Authorized Malicious Contracts

The mystery of Ledger Connect Kit being hacked

Slow Mist: Be wary of mnemonic phrase leaks caused by using the Replit platform to register wallets

SlowMist: Basic security risk analysis of popular DeFi projects



Slow fog navigation

Slow Mist Technology official website

https://www.slowmist.com/

Slow Mist Zone official website

https://slowmist.io/

Slow Mist GitHub

https://github.com/slowmist

Telegram

https://t.me/slowmistteam

Twitter

https://twitter.com/@slowmist_team

Medium

https://medium.com/@slowmist

knowledge planet

https://t.zsxq.com/Q3zNvvF
精彩评论0
我有话说......
63079
TA还没有介绍自己。
关注

投诉举报

返回顶部