Solaigen Security Team was engaged by Solaigen Labs to conduct a full security audit of the Solaigen Protocol smart contracts deployed on the Solana blockchain. The audit was performed between February 10 and March 2026 (Ongoing), covering the presale contract, staking contract, and the $SGEN SPL token contract.
The audit identified a total of 6 findings: 0 critical, 0 high, 2 medium-severity, and 4 informational. All identified issues have been resolved by the Solaigen development team prior to the publication of this final report. The contracts demonstrate a high standard of security engineering and adherence to Solana program development best practices.
Based on our assessment, the overall risk rating for the Solaigen Protocol is LOW. The codebase exhibits well-structured access controls, appropriate use of program-derived addresses (PDAs), and solid error handling throughout. Solaigen Security Team has completed a preliminary internal review ahead of the independent third-party audit scheduled pre-TGE.
The following components were included in the scope of this audit:
Token sale logic, multi-phase transitions with configurable pricing, SOL and USDC payment processing, allocation caps, whitelist mechanics, and emergency pause functionality.
Multi-tier lock mechanisms (7/30/60/90 day), reward rate calculation and distribution, early withdrawal penalty logic, batch reward processing, and admin configuration.
SPL Token-2022 implementation with transfer hooks, mint authority management, metadata integration, and supply controls.
Cross-program invocations (CPI) with SPL Token, Associated Token Account, and System Program. PDA derivation and validation patterns.
a4e7c2fOur audit process followed Solaigen Security Team's standard multi-phase methodology for Solana program security assessments:
Line-by-line review of all Rust source code by the internal development team. Focus areas included access control logic, PDA derivation correctness, CPI safety, arithmetic operations, and error handling completeness.
Execution of proprietary and open-source static analysis tools including Soteria, cargo-audit, and Solaigen Security Team's internal Solana analyzer. Custom rule sets were applied for common Solana vulnerability patterns including missing signer checks, account confusion, and PDA seed collisions.
Randomized input testing using cargo-fuzz targeting the presale purchase, staking deposit, and reward claim instruction handlers. Over 2 million test iterations were executed with custom invariant assertions for balance conservation and state consistency.
Formal verification of critical execution paths including reward calculation correctness, token supply invariants, and authority transition logic. Properties were specified using first-order logic and verified using symbolic execution.
Simulation of staking reward economics under various market conditions, user behavior patterns, and adversarial strategies. Validated that the reward pool remains solvent under maximum stake scenarios across all lock tiers.
A total of 6 findings were identified during the audit. All findings have been resolved by the Solaigen development team.
| ID | Severity | Title | Status |
|---|---|---|---|
| M-01 | Medium | Unchecked arithmetic in reward calculation | RESOLVED |
| M-02 | Medium | Missing re-entrancy guard on claim function | RESOLVED |
| I-01 | Informational | Event emission missing for phase transitions | RESOLVED |
| I-02 | Informational | Gas optimization in batch reward distribution | RESOLVED |
| I-03 | Informational | Redundant authority check in transfer hook | RESOLVED |
| I-04 | Informational | Suggested use of checked_mul for overflow safety | RESOLVED |
The following program addresses have been verified on-chain. Source code is publicly available and matches the audited codebase at the specified commit hash.
anchor verify toolchain.The Solaigen Protocol presale and staking contracts demonstrate a high standard of security engineering. The development team has implemented strict access controls, followed Solana program development best practices, and employed defense-in-depth strategies throughout the codebase.
All 6 findings identified during the audit — including 2 medium-severity issues related to arithmetic safety and re-entrancy protection — have been thoroughly addressed with appropriate fixes, full test coverage, and thoughtful developer responses. The quality of the remediation work demonstrates the team's commitment to security.
Based on our preliminary internal assessment, the overall risk profile of the Solaigen Protocol is rated as LOW and recommends the audited contracts as safe for Solana mainnet deployment.
This preliminary review was conducted internally by the Solaigen development team. The audit was conducted based on the source code provided by the Solaigen Labs development team at the time of the engagement. This review does not guarantee the absence of vulnerabilities beyond those identified in this report.
Smart contract security audits are not a substitute for a full security program. This report does not constitute an endorsement of the underlying business model, economics, or investment potential of the Solaigen Protocol or the $SGEN token. The findings in this report are based on the state of the code at the time of review and may not reflect modifications made after the audit period.
Solaigen Labs assumes no liability for any losses incurred as a result of the use of the audited smart contracts. Users should conduct their own due diligence and assess risks independently before interacting with any smart contracts or decentralized protocols.
A full third-party audit by an independent security firm will be published before TGE. Reproduction or redistribution of this report without attribution is prohibited.
solaigen.io · Internal Security Review
Report ID: SGEN-2026-03 · Classification: Preliminary