Built for Solana Blitz v4 — Agentic + Ephemeral Rollups

SHADOW
FUZZER

A private sandbox where an AI security agent fuzzes Solana programs without leaking exploits to MEV bots.

→ View on GitHub Try it locally How it works
MagicBlock Ephemeral Rollups Anchor 0.31.1 TypeScript Agent
shadow-fuzz — agent session
RUNNING
step 0 / 5
Input Mainnet program
Helius State snapshot
MagicBlock ER Private sandbox
Agent AI fuzzes 1000s of txs
Output Signed report
Base layer Commit clean state
01 — The problem

You can't safely test a real bug on Solana mainnet.

Smart contracts are live and public. The moment you submit a candidate exploit transaction, the race is already lost.

⬡ Mempool exposure

Every transaction is visible in the public mempool before it executes. There is no private staging area.

⬡ MEV front-running

MEV bots scan pending txs continuously. If your exploit looks profitable, they copy and front-run it before your tx lands.

⬡ Stale local forks

Testing on a local validator misses real mainnet conditions — oracle prices, account states, CPI targets.

⬡ Lost bounties

Researchers confirm the bug but lose the funds to a bot. The vulnerability gets exploited anyway, unfixed.

02 — The insight

A private rollup the network can't observe.

A Private Ephemeral Rollup is a high-speed validator no external node can watch. Move the program's state into one for a fuzz session — run thousands of adversarial transactions inside — then commit the final state back once the developer has been warned.

Private ER — invisible to mainnet
  • fuzz_withdraw_01REFUTED
  • fuzz_withdraw_02REFUTED
  • fuzz_withdraw_03CONFIRMED ✓
03 — Agent brain

Five autonomous steps from IDL to signed finding.

No test files. No hints. The agent reads the program interface and works it out.

01 ——

Read the IDL

Ingests the program's Interface Definition Language. No test files or human hints required.

static_analyzer.ts
02 ——

Flag suspicious shapes

Identifies accounts named owner that are neither signers nor has_one-verified, but referenced by sibling PDA seeds. High-precision, low false-positive.

MISSING_SIGNER rule
03 ——

Synthesize a legitimate scenario

Sets up mint, vault, and victim with a real deposit inside the private sandbox. Realistic conditions, not toy data.

state.ts
04 ——

Construct an adversarial transaction

Builds a concrete attack: passes victim as owner, signs with an attacker keypair. Submits it. Confirms or refutes the candidate.

exploit.ts
05 ——

Emit a structured finding

Only reports if the adversarial tx lands AND post-state shows funds moved. Includes on-chain evidence tx hash and a concrete fix recommendation.

report-*.md
04 — Sample output

A real finding, in ~5 seconds.

The agent autonomously rediscovered the planted bug. This is the actual report it emitted.

reports/report-20260427-143201.md
# Shadow Fuzzer report - target: CbdZT6zkBvgfaWCPUooeTkCZDuRz8Rfwmnhw2Nu6ZooC - sandbox: surfpool - findings: 1 ## MISSING_SIGNER-withdraw-01 ## withdraw: position drained without owner signature - invariant: INV-3 - severity: critical - evidence: 2ycWV5ARip6ji…mf648a Instruction `withdraw` reads `owner` as the privileged role but `owner` is neither marked as a signer nor verified through a `has_one` / `relations` constraint. Any caller can pass an arbitrary pubkey here. Confirmed exploit. Attacker drained 1,000,000 base units. Fix: add `#[account(has_one = owner)]` on the `position` account, or change `owner: UncheckedAccount` → `owner: Signer<'info>`.
05 — Try it

Running in 90 seconds.

Prerequisites: Node 20+, pnpm, Rust, Solana CLI, Anchor via avm.

# clone & install $ git clone https://github.com/notcodesid/shadow-fuzzer.git $ cd shadow-fuzzer && pnpm install # run the demo — zero config, finds the bug in ~5 seconds $ pnpm demo # or run the full test suite $ anchor build && anchor test # read the report $ cat reports/report-*.md
Expected output: 1 finding — MISSING_SIGNER-withdraw-01 [critical]
View source on GitHub
06 — Stack

The full layer cake.

On-chain framework
Anchor 0.31.1
Type-safe Solana program framework with IDL generation
Private execution
MagicBlock Ephemeral Rollups
ephemeral-rollups-sdk 0.11.x — private high-speed validator
State snapshot
Helius
Mainnet account state forked into the sandbox RPC
Agent brain
TypeScript + SendAI
Solana Agent Kit — autonomous discovery loop
Identity (planned)
Metaplex + SNS
NFT badge per confirmed bug — agent reputation layer
Built at
Solana Blitz v4
Agentic + Ephemeral Rollups categories — solana.new
07 — Roadmap

What's done vs. what's next.

Area Today Vision
Targets ✓ done Vault-shaped Anchor programs Any Solana program
Bug classes ✓ done Missing signer / has_one Overflow, oracle manip, CPI abuse, account confusion…
Exploit synthesis ✓ done Hardcoded for withdraw shape LLM-driven, IDL-walking
Sandbox ~ partial Surfpool end-to-end ✓. MagicBlock provisions cleanly; router lifecycle has gaps MagicBlock end-to-end
Narrative ✓ done Templates with on-chain evidence LLM-generated, business-impact-aware
Identity planned Not started NFT badge per confirmed bug (Metaplex + SNS)
Get started

Try it yourself.

Clone the repo, run one command, watch the agent find a real vulnerability in 5 seconds. Program also deployed on devnet at CbdZT6…ZooC.

→ GitHub Repository Solana Explorer ↗ Solana Blitz v4 ↗