Program ID AnalysisComing Soon

Program ID analysis allows you to analyze Solana programs that are already deployed to the blockchain. This method is useful for security analysis of live programs or verifying the security of contracts you interact with.

When using Program ID analysis, Believe Security fetches the program's bytecode directly from the Solana blockchain and performs analysis on the executable data.

To analyze a program using its Program ID, you need:

• A valid Solana Program ID (public key of the deployed program)
• The program must be deployed to Mainnet or Devnet
• The program must not be too large (over 500KB may cause timeout issues)

Key limitations of Program ID analysis include:

• Less Detailed Findings: Without source code, we can't provide line-specific information or detailed code explanations.
• No Function Names: Function and variable names are not preserved in bytecode, making findings harder to contextualize.
• Limited Remediation Guidance: We can identify issues but can't provide exact code examples for fixes.
• Some Vulnerabilities May Be Missed: Certain types of vulnerabilities are harder to detect from bytecode alone.

Step 1: Select Program ID as Your Source

From the Dashboard, click on "New Analysis" and select "Program ID" as your analysis source.

Step 2: Enter Program Details

Enter the following information:

• Program ID: The public key of the deployed Solana program (e.g., 7Y8VDzehoewALqJpgGrKdEQssmJpbxBRJooaK6ZYxFqt)
• Network: Select the network where the program is deployed (Mainnet or Devnet)

Step 3: Start Analysis

Click "Start Analysis" to begin. Believe Security will:

1. 1
   Connect to the Solana blockchain and fetch the program's bytecode
2. 2
   Perform bytecode-level analysis to identify potential vulnerabilities
3. 3
   Generate a security report based on the bytecode analysis

If you don't know the Program ID you want to analyze, you can find it in several ways:

Method 1: Using Solana Explorer

1. 1
   Visit Solana Explorer
2. 2
   Use the search function to find the program or project you're interested in
3. 3
   Navigate to the program's page
4. 4
   The Program ID is displayed at the top of the page (labeled as "Address")

Method 2: Using Project Documentation

Most Solana projects document their Program IDs in their:

• GitHub repository
• Official documentation
• Developer guides
• Project website

Method 3: Using Blockchain APIs

You can query the Solana blockchain programmatically to find Program IDs:

// Using the Solana Web3.js library
const connection = new Connection("https://api.mainnet-beta.solana.com");
const programAccounts = await connection.getProgramAccounts(
  new PublicKey("TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA")
);
                  

Analysis Depth

You can customize the depth of bytecode analysis:

• Quick Analysis: Focuses on common vulnerabilities and is faster to complete
• Standard Analysis: Balanced approach that covers most vulnerabilities
• Deep Analysis: Most thorough analysis, but takes longer to complete

Custom RPC Endpoint

If you're analyzing programs on congested networks or need faster response times, you can specify a custom RPC endpoint:

1. 1
   In the Program ID analysis form, toggle "Use Custom RPC"
2. 2
   Enter your RPC endpoint URL (e.g., from QuickNode, Alchemy, or your own infrastructure)

Program ID analysis is particularly useful in these scenarios:

• Third-Party Integration Verification: Before integrating with a third-party program, verify its security.
• Closed-Source Program Analysis: Analyze programs where source code isn't available.
• Post-Deployment Verification: Verify that a deployed program matches expectations and doesn't contain unexpected vulnerabilities.
• Competitive Analysis: Understand the security posture of similar programs in the ecosystem.
• Educational Purposes: Learn about common vulnerabilities in deployed Solana programs.