Solana Account Structure, Token Mechanism, and Transaction Process
This article delves into the account structure, token mechanism, and transaction process of Solana, guiding how to ensure asset security in the Solana ecosystem.
Table of Contents
Solana Account
Solana Token
Solana Transaction
SOL Transfer Transaction
Token Transfer Transaction
Swap Transaction
Multiple Instruction Transaction
Asset Security
Private Key and Mnemonic Leakage
Using Wallets
Conclusion
Solana is a fast and highly scalable blockchain protocol that provides a powerful infrastructure for decentralized applications (DApps). The recent revival of the Solana ecosystem has attracted widespread attention. This article introduces Solana accounts, tokens, transactions, and how to ensure asset security in this ecosystem.
Understanding accounts is the first step in ensuring asset security. Unlike Ethereum, where accounts play a different role, in Solana, the primary function of accounts is to store data.
There are three main types of accounts in Solana:
Data Accounts: Used to store data.
Program Accounts: Used to store executable programs.
Native Accounts: Refers to native programs on Solana, such as System, Stake, and Vote.
Among them, data accounts can be further divided into two categories:
System-owned accounts: Generated by native programs on Solana.
Program-derived accounts (PDA): Accounts whose signing authority is the program, so they are not controlled by private keys like other accounts.
Each account has an address (generally a public key) and an owner (the address of the program that created the account). The former is similar to Ethereum, while the latter can be simply understood as the program that created the account.
The accounts generated by ordinary users through wallets belong to system-owned accounts in the data account category, and the default account owner is the system program. We can simply understand that the user generates a system-owned account through the system program, and this account stores the user’s basic information and asset data, and this account has an address (i.e., a public key).
In Solana Explorer, the system-owned accounts, which are the accounts used by ordinary users, are displayed as follows:
Assigned Program ID represents the owner of the account, Allocated Data Size indicates the size of the data stored in the account, and Executable indicates whether the account is executable. Usually, only program accounts are executable. Ordinary users only need to pay attention to the account address.
With the above content, we have gained a preliminary understanding of Solana accounts. Next, let’s get to know Solana Tokens.
SPL-Token represents all non-native tokens on the Solana network, including both fungible tokens and non-fungible tokens (NFTs).
Similar to ERC20 and ERC721 tokens, SPL tokens are issued and traded on Solana. However, there is a difference between them and Ethereum:
In Solana, the issuer of a token creates a mint account through the native program token-program on Solana and stores the basic information of the token in this account. For example, the mint account address of USDC on Solana Explorer is EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v. The browser displays detailed information about the USDC token mint, including the current token supply, the addresses with minting and freezing permissions, and the token’s decimal precision.
Next, let’s understand what a token account is.
On Solana, each token holder has a specific token account that records the balance and related information of that specific token for the holder. For example, if Alice holds both USDT and USDC tokens, she will have two token accounts, one to record the balance of USDT and the other to record the balance of USDC.
So how do we view our own token account?
We can use the Solana Beach browser and enter the address of the data account, click on Portfolio, and we can clearly see each token account, with each account recording the balance of a specific token.
Through the Solana Beach browser, we can also view the token information recorded in each account, authorization status, and other detailed information.
On Solana, each transaction includes the following key information:
Instructions: One or more instructions that define the operations in the transaction, such as transfers, program interactions, token transfers, etc.
Blockhash: Contains the latest blockhash value, used to ensure that the transaction is executed on the correct block.
Signatures: One or more signatures representing the authorization of the transaction. Each signature corresponds to a signature account in the transaction, ensuring that only authorized accounts can execute the transaction.
A transaction on Solana can contain multiple instructions, which means that multiple different operations can be executed in the same transaction. For example, a user can bundle multiple transfer instructions into the same transaction, and these instructions will be executed in order. If any instruction in the transaction fails, the entire transaction will fail.
The transaction records on Solana are slightly different from Ethereum. Let’s see how to read transaction records on Solana effectively.
For transaction records on Solana, we take SOLSCAN browser as an example and pay attention to the following main information:
Signature: Similar to transaction hash, the first signature of the transaction serves as the index of the transaction in the transaction records.
Result: The execution result of the transaction, indicating whether the transaction is successful.
Signer: The account address that executed the transaction, i.e., the signer’s address.
Main Actions: The main operational instructions included in the transaction, which can be transfers, program calls, etc.
Instruction Details: The specific operational instructions executed in the transaction.
In Main Actions, we can see the account addresses of both parties in the transfer.
In Instruction Details, we can see that the main instruction for SOL transfer transactions is SOL Transfer, which is used for transferring SOL. By examining the details of this instruction, we can obtain information about the program called by this instruction and the account addresses involved in the transfer.
The following transaction is a USDT transfer, similar to the SOL transaction.
In the Instruction Details section, token transactions usually start by calling the Create Associated Account instruction to create a token account for the recipient (if the recipient does not have a corresponding account yet) to store the USDT balance and other data.
Then, the Token Transfer instruction is executed to complete the USDT transfer. It is worth noting that unlike the SOL Transfer instruction, the Source and Destination in the Token Transfer instruction do not represent the direct account addresses of the transfer parties but their token accounts (PDA accounts). This point needs special attention.
Here is a Swap transaction where the user exchanges USDT for USDC.
In Solana transactions that contain multiple instructions, there are multiple operations involving SOL transfer, swap transactions, and token transfers.
Even with multiple instructions, we can still view the detailed instructions executed in the transaction through Instruction Details and understand the specific operations of each step.
As the saying goes, “Know yourself, know your enemy, and you will not be defeated in a hundred battles.” We have gained a preliminary understanding of Solana accounts, tokens, and transactions. To avoid the risk of asset theft, we need to have a deep understanding of the risks that may be faced when using Solana wallets.
According to SlowMist Blockchain Security’s hacker database statistics, security incidents caused by private key leakage have led to losses of up to $84.75 million from 2023 to September. In the theft cases handled by the SlowMist AML team, incidents where assets were stolen due to private key and mnemonic leakage accounted for a considerable proportion. Therefore, to ensure the security of assets on Solana wallets, the most important thing is to manage the private keys and mnemonics of wallets securely.
In the process of using wallets, signature is one of the security risks that need the most attention, especially when signing information related to interactions with projects on Solana.
Furthermore, Solana allows bundling multiple transfers into a single transaction, which means that only one signature is required to transfer all assets in the wallet at once.
Let’s look at a real case:
A victim accidentally clicked on a confirmation on a phishing website, resulting in all assets in the wallet being transferred at once. What operation allowed the hacker to transfer all assets with just one signature?
Yes, the hacker exploited the mechanism and a feature of the wallet mentioned above:
The victim used the Phantom Wallet, which can bundle multiple transfer instructions into a transaction, completing the entire process with just one signature. It is precisely this feature that became the breakthrough exploited by the hacker, causing the victim to lose all assets with one signature. When using wallets, users must carefully confirm each signature operation to avoid losses.
This critical feature is also clearly introduced in the official documentation of the Phantom Wallet:
In this issue of Solana educational articles, we first understood the basic knowledge of Solana accounts; then delved into the basic concepts of Solana Tokens; and then discussed the relevant content of transactions on Solana. In terms of ensuring wallet asset security, we emphasize the secure storage of private keys and mnemonics and recommend that users read the “Blockchain Dark Forest Self-Rescue Manual” produced by SlowMist to obtain more security advice. When using wallets, it is crucial for users to carefully confirm each signature operation and remain vigilant at all times, which is the key to ensuring asset security.
Related Reports:
What is the Solana protocol Analysoor? Creating a “Fair Trading” Platform for NFTs and Ordinals
Understanding Solana Consensus Mechanisms: Delegated Proof of Stake (DPoS) and Proof of History (PoH)
What are the Real Advantages of Solana as an “Ethereum Killer”?